Role Based Access - RBAC
The WebConfigurator Role Based Access Control (RBAC) allows you assign permissions to users that have been added to LUCS. It is worth noting that LUCS uses the term "Agents" as a subgroup of users, however it is the role assigned in RBAC that enables a user to perform more tasks within LUCS front- and backend.
LUCS distinguishes by the following roles:
- A System Administrator is a user with full privileges. Usually performs the basic system Installation and Upgrades as well as first Essential Topology Settings.
System Administrators are not controlled by LUCS but by granting them Admin Group Permissions on Application Machines. Changing their permissions within the LUCS RBAC UI will have no effects.
- An Administrator is a LUCS user with administrative rights within the application itself. Admins are capable of creating Organizational structures and (commonly-used) LUCS data entities as Workflows, Resources and templates. Admins also define visibility of those entities to other users via Role Based Access.
- A Supervisor manages basic settings in the for services in the backend configuration. Has access to Frontend reporting features according to his permissions. He mostly works from the LUCS Web FrontEnd and occasionally configures Workflows for his service.
- An Agent works mostly on the LUCS Web FrontEnd or Agent Assistant to handle calls and tasks. He has basic viewing permissions.
Important notes about Roles
- By default new users added via Webconfigurator do not have assigned roles and permissions. Only the System Administrator may access the system at this point.
- RBAC permissions are given to individual agents when editing individual Agent Roles.
- All RBAC permissions are granted with Organization Units (OU) structure acting as framework for inheritance. Child Organization Units inherit all the permissions contained in an upper (parent) OU.
- A "System" level OU is defined in LUCS as a default, which cannot be superseded by any OU. System privileges will always inherit down to any OU, even if added later. This will ensure that a System level administrator is never locked out of the System.
- The table below lists available roles & permissions independent of OU structures. You can basically define any organizational structure you want first and then grant rights as you see fit.
Role and OU mixtures are possible. The roles mentioned in this table can be mixed and matched to have LUCS users perform multiple functions depending on which OU they are in.
- Further API-based roles and rights are described on the LUCS API pages.
In context of this manual the term "Administrator" ADMINISTRATOR will be used, generally referring to to any admin role mentioned below with according permissions.
Role-Mixtures are possible. The roles mentioned in this table can be mixed and matched to have LUCS users perform multiple functions. A "System Administrator" will always have all privileges mentioned below.
Prerequirement: Needs to have Admin Group Permissions on Application Machines Admin Permissions.
This user can freely assign roles and elevate users, up to system level! Assign this role sparingly and only to trusted parties.
In context of this manual the term "Supervisor" SUPERVISOR will be used, generally referring to to any role mentioned below with according permissions.
|Web Reporting Portal||Agent||Currently unused.|
|Customer||Access to the Customer Journey Page|
|Service||Access to the Reporting Overview Page and Service Overview Page|
Requires Power-BI Pro account for the accessing user. Refer to Managing BI User and Data access.
Excel / Power BI templates using SSRS database exports. See → Historic Reporting section
|Agent||Access to Agent-Related SSRS Reports as well as related facts and dimensions|
|Customer||Access to Customer the corresponding Service-Related SSRS Reports as well as related facts and dimensions|
|Service||Access to all Service-Related facts and dimensions, KPI|
In context of this manual the term "Agent" AGENT will be used, generally referring to to any role mentioned below with according permissions.