The WebConfigurator Role Based Access Control (RBAC) allows you assign permissions to users that have been added to LUCS. It is worth noting that LUCS uses the term "Agents" as a subgroup of users, however it is the role assigned in RBAC that enables a user to perform more tasks within LUCS front- and backend.

LUCS distinguishes by the following roles:

Important notes about Roles

  • By default new users added via Webconfigurator do not have assigned roles and permissions. Only the System Administrator may access the system at this point.
  • RBAC permissions are given to individual agents when editing individual Agent Roles.
  • All RBAC permissions are granted with Organization Units (OU) structure acting as framework for inheritance. Child Organization Units inherit all the permissions contained in an upper (parent) OU.
    • A "System" level OU is defined in LUCS as a default, which cannot be superseded by any OU. System privileges will always inherit down to any OU, even if added later. This will ensure that a System level administrator is never locked out of the System. 
    • The table below lists available roles & permissions independent of OU structures. You can basically define any organizational structure you want first and then grant rights as you see fit.

  • (lightbulb) Role and OU mixtures are possible. The roles mentioned in this table can be mixed and matched to have LUCS users perform multiple functions depending on which OU they are in.
  • (info) Further API-based roles and rights are described on the LUCS API pages.

Administrator Roles

(info) In context of this manual the term "Administrator" ADMINISTRATOR will be used, generally referring to to any admin role mentioned below with according permissions.

(lightbulb) Role-Mixtures are possible. The roles mentioned in this table can be mixed and matched to have LUCS users perform multiple functions.  A "System Administrator" will always have all privileges mentioned below.

Administrator Permissions table. C = Create, R = Read, U = Update, D = Delete


RolePrivileges
System 

(tick) Prerequirement: Needs to have Admin Group Permissions on Application Machines Admin Permissions.

  • Has full privileges (any of the below roles)
  • Can log in to both front and backend
  • Can access Configuration and create all basic entities in LUCS (Traits, Users, Profiles, Organization Units)
  • Adds further users as agents and assigns roles to them in RBAC
Organization Units 
  • Can manage Organization Units (CRUD)
Distribution
  • Can manage Distribution Policies and Traits (CRUD)
User
  • Can manage users (CRUD)
  • Performs all Agent Management related tasks in Backend (Webconfigurator)
  • Manages user dependent entities such as: Traits and Duty Profiles, Common Settings (First Name, Last Name, Email, SIP URI), Assign Agent/Supervisor Roles
UserReadOnly
  • Similar to the User Administrator but only with read access on user details and part of the settings.
Service
Service Extended
  • CANNOT manage Services (CRUD)
  • Can Manage Opening Hours Calendars
  • Can read a subset of service dependent entities Name, Organization Unit, Common Settings (SIP URI, Display Name, Telephone URI, TelSipURI)
  • Can manage a subset of service dependent entities (CRUD) such as: Placeholders, Workflows, Completion Codes
Agent
Agent Extended
  • Similar to Agent Administrator but with some limitations such as:
    • CANNOT read Skype for Business relevant settings like Line Uri, Private Line Uri, LYNC POOL REGISTRAR
    • CANNOT read and update settings like Busy on Busy in a call enabled, Can login to Recording manager
AgentReadOnly
  • Same as Agent Administrator but only with read access on agent traits, profiles and configuration settings
Workflow
  • Manage (CRUD) Workflows including all dependent entities and resources
Topology
  • Manage (CRUD) Topology Settings for configuration of endpoints, mailboxes, tenants, API tokens, trusted applications
Web
DataPrivacy
  • Execute Data Privacy related actions in the backend (customer data anonymization)
Roles

This user can freely assign roles and elevate users, up to system level! Assign this role sparingly and only to people you know 

Supervisor Roles

(info) In context of this manual the term "Supervisor" SUPERVISOR will be used, generally referring to to any role mentioned below with according permissions.

Supervisor Permissions


AreaRolePrivileges
Web FrontendAgent
Service
Supervision
Web Reporting PortalAgentCurrently unused.
CustomerAccess to the Customer Journey Page
ServiceAccess to the Reporting Overview Page and Service Overview Page

Historic Reporting

(Excel / Power BI SSRS database exports)

AgentAccess to Agent-Related SSRS Reports as well as related facts and dimensions 
→ See: Historic Reporting
CustomerAccess to Customer the corresponding Service-Related SSRS Reports as well as related facts and dimensions → See: Historic Reporting
ServiceAccess to all Service-Related facts and dimensions, KPI → See: Historic Reporting

Agent Roles

(info) In context of this manual the term "Agent" AGENT will be used, generally referring to to any role mentioned below with according permissions.


AreaRolePrivileges
Web FrontendAgent

Service
Agent Permissions