The WebConfigurator Role Based Access Control (RBAC) allows you assign permissions to users that have been added to LUCS. It is worth noting that LUCS uses the term "Agents" as a subgroup of users, however it is the role assigned in RBAC that enables a user to perform more tasks within LUCS front- and backend.
LUCS distinguishes by the following roles:
- A System Administrator is a user with full privileges. Usually performs the basic system Installation and Upgrades as well as first Topology Settings.
System Administrators are not controlled by LUCS but by granting them Admin Group Permissions on Application Machines
- An Administrator is a LUCS user with administrative rights within the application itself. Admins are capable of creating Organizational structures and (commonly-used) LUCS data entities as Workflows, Resources and templates. Admins also define visibility of those entities to other users via Role Based Access.
- A Supervisor manages basic settings in the for services in the backend configuration. Has access to Frontend reporting features according to his permissions. He mostly works from the LUCS Web FrontEnd and occasionally configures Workflows for his service.
- An Agent works mostly on the LUCS Web FrontEnd or Agent Assistant to handle calls and tasks. He has basic viewing permissions.
Important notes about Roles
- By default new users added via Webconfigurator do not have assigned roles and permissions. Only the System Administrator may access the system at this point.
- RBAC permissions are given to individual agents when editing individual Agent Roles.
- All RBAC permissions are granted with Organization Units (OU) structure acting as framework for inheritance. Child Organization Units inherit all the permissions contained in an upper (parent) OU.
- A "System" level OU is defined in LUCS as a default, which cannot be superseded by any OU. System privileges will always inherit down to any OU, even if added later. This will ensure that a System level administrator is never locked out of the System.
- The table below lists available roles & permissions independent of OU structures. You can basically define any organizational structure you want first and then grant rights as you see fit.
In context of this manual the term "Administrator" ADMINISTRATOR will be used, generally referring to to any admin role mentioned below with according permissions.
Role-Mixtures are possible. The roles mentioned in this table can be mixed and matched to have LUCS users perform multiple functions. A "System Administrator" will always have all privileges mentioned below.
Needs to have Admin Group Permissions on Application Machines
|UserReadOnly||Same as User Administrator but only with read access on user details and settings.|
Same as Agent Administrator but only with read access on agent traits, profiles and configuration settings
Full rights for defining Workflows including all dependent entities and resources
|Topology||Full access to Topology Settings for configuration of endpoints, mailboxes, tenants, API tokens, trusted applications|
|DataPrivacy||May execute Data Privacy related actions in the backend (customer data anonymization)|
This user can freely assign roles and elevate users, up to system level! Assign this role sparingly and only to people you know
In context of this manual the term "Supervisor" SUPERVISOR will be used, generally referring to to any role mentioned below with according permissions.
|Web Reporting Portal||Agent||Currently unused.|
|Customer||Access to the Customer Journey Page|
|Service||Access to the Reporting Overview Page and Service Overview Page|
(Excel / Power BI SSRS database exports)
|Agent||Access to Agent-Related SSRS Reports as well as related facts and dimensions |
→ See: Historic Reporting
|Customer||Access to Customer the corresponding Service-Related SSRS Reports as well as related facts and dimensions → See: Historic Reporting|
|Service||Access to all Service-Related facts and dimensions, KPI → See: Historic Reporting|
In context of this manual the term "Agent" AGENT will be used, generally referring to to any role mentioned below with according permissions.