The WebConfigurator Role Based Access Control (RBAC) allows you assign permissions to users that have been added to LUCS. It is worth noting that LUCS uses the term "Agents" as a subgroup of users, however it is the role assigned in RBAC that enables a user to perform more tasks within LUCS front- and backend.

LUCS distinguishes by the following roles:

Important notes about Roles

  • By default new users added via Webconfigurator do not have assigned roles and permissions. Only the System Administrator may access the system at this point.
  • RBAC permissions are given to individual agents when editing individual Agent Roles.
  • All RBAC permissions are granted with Organization Units (OU) structure acting as framework for inheritance. Child Organization Units inherit all the permissions contained in an upper (parent) OU.
    • A "System" level OU is defined in LUCS as a default, which cannot be superseded by any OU. System privileges will always inherit down to any OU, even if added later. This will ensure that a System level administrator is never locked out of the System. 
    • The table below lists available roles & permissions independent of OU structures. You can basically define any organizational structure you want first and then grant rights as you see fit.

Administrator Roles

(info) In context of this manual the term "Administrator" ADMINISTRATOR will be used, generally referring to to any admin role mentioned below with according permissions.

(lightbulb) Role-Mixtures are possible. The roles mentioned in this table can be mixed and matched to have LUCS users perform multiple functions.  A "System Administrator" will always have all privileges mentioned below.

RolePrivileges
System 

(tick) Needs to have Admin Group Permissions on Application Machines

  • Has full privileges (any of the below roles)
  • Can log in to both front and backend
  • Can access Configuration and create all basic entities in LUCS (Traits, Users, Profiles, Organization Units)
  • Adds further users as agents and assigns roles to them in RBAC
User
  • Can create users
  • Performs all Agent Management related tasks in Backend (Webconfigurator)
UserReadOnlySame as User Administrator but only with read access on user details and settings.
Service
Agent
AgentReadOnly

Same as Agent Administrator but only with read access on agent traits, profiles and configuration settings

Workflow

Full rights for defining Workflows including all dependent entities and resources

TopologyFull access to Topology Settings for configuration of endpoints, mailboxes, tenants, API tokens, trusted applications
Web
DataPrivacyMay execute Data Privacy related actions in the backend (customer data anonymization)
Roles

This user can freely assign roles and elevate users, up to system level! Assign this role sparingly and only to people you know 

Supervisor Roles

(info) In context of this manual the term "Supervisor" SUPERVISOR will be used, generally referring to to any role mentioned below with according permissions.

AreaRolePrivileges
Web FrontendAgent
Service
Supervision
Web Reporting PortalAgentCurrently unused.
CustomerAccess to the Customer Journey Page
ServiceAccess to the Reporting Overview Page and Service Overview Page

Historic Reporting

(Excel / Power BI SSRS database exports)

AgentAccess to Agent-Related SSRS Reports as well as related facts and dimensions 
→ See: Historic Reporting
CustomerAccess to Customer the corresponding Service-Related SSRS Reports as well as related facts and dimensions → See: Historic Reporting
ServiceAccess to all Service-Related facts and dimensions, KPI → See: Historic Reporting

Agent Roles

(info) In context of this manual the term "Agent" AGENT will be used, generally referring to to any role mentioned below with according permissions.

AreaRolePrivileges
Web FrontendAgent

Service