Role Access Concept
This page explains the access concept of Nimbus. In the first part we explain how user rights are synched between Nimbus and MS Teams and where Nimbus acts with standalone concepts. The second part covers Roles available in Nimbus and their detailed permissions.
Introduction
Nimbus has a user roles and permissions system that grants permissions based on a Organization Units hierarchical structure. By using this concept, access to configuration entities of Nimbus can be granted on a very granular level. To understand this permission system we need to explain a few related concepts in the following.
Concept | Details | Diagram | |||
---|---|---|---|---|---|
User roles and sync between MS Teams | Nimbus syncs users from your tenant's user directory. Each user can then added in a Nimbus role, e.g. as Admin, Owner or Member/ Agent of a service. The role determines, what a user can do within Nimbus. Depending on what Nimbus Service types are being provisioned on your Tenant, the user synchronization and role assignments are handled slightly different. Nimbus distinguishes by User assignment types. Examples of user assignment
|
| |||
Access to data entities within an Organization Unit scope | As established previously, Users on your Tenant get roles assigned in order to perform various tasks within Nimbus. Now it's important to determine where users can act in their role. This is where the Organization Unit concept comes into place: OU structures and RBAC permissions To understand Organization Units, it is important to know their relationship with Roles and Permissions:
|
|
User Role Permission Matrix
These tables contain the Role Based Access Concept (RBAC) listed by Nimbus Features distinguished by Frontend (Portal) and Backend (Admin). User permissions are structured by the CRUD (Create, Read, Update, Delete) principle. For functionality that is just interacted with, there is an Execute right.
Portal
Frontend Portal Permissions (Create, Read, Update, Delete) | SUPERVISOR | USER | TEAM / SERVICE OWNER | |||||||
---|---|---|---|---|---|---|---|---|---|---|
User | Service | Team Member | Skill-Based | Agent | Owner | Owner Limited | ||||
My Services | My Services | R | R | R | R | R | ||||
Access Service Settings | E | E | E | |||||||
Call on Behalf | E | - | E | E | E | |||||
Users - Self-Active Toggle | N/A | RU | N/A | RU | RU | |||||
Users - Other-Active Toggle | RU | R | N/A | RU | RU | |||||
Pickup | E | N/A | E | E | ||||||
Service | Dashboard | Dashboard | R | R | R | R | R | |||
Users List | R | R | R | R | R | |||||
Users - Self-Active Toggle | N/A | RU | N/A | RU | RU | |||||
Users - Other-Active Toggle | RU | R | N/A | RU | RU | |||||
Pickup | E | N/A | E | E | ||||||
Today's Reporting KPIs | R | R | R | R | R | |||||
Reporting | Reporting | R | R | R | R | R | ||||
Users Statistics | R | R | R | R | R | |||||
Tasks Heatmap | R | R | R | R | R | |||||
Settings | General | Name | R | RU | R | |||||
Service Display Name | R | RU | R | |||||||
Service UPN | R | RU | R | |||||||
Application ID | R | R | R | |||||||
Organization Unit | R | RU | R | |||||||
PSTN Active | R | RU | R | |||||||
PSTN E.164 Number | R | RU | R | |||||||
Opening Hours | RU | RU | RU | |||||||
Reporting - SLA | RU | RU | RU | |||||||
Reporting - User Statistics | R | R | R | |||||||
Workflow | Active Workflow | R | RU | R | ||||||
Voice Message Channel | R | RU | R | |||||||
Distribution | User Assignement Type | R | RU | R | ||||||
Distribution Policy | R | RU | R | |||||||
Users Immediatly Active | R | RU | R | |||||||
Conversation Distribution (Busy, Away) | R | RU | R | |||||||
Conversation Distribution (Available, DND, Offline) | R | R | R | |||||||
Task Priority | R | RU | R | |||||||
After Call Work (ACW) | R | RU | R | |||||||
RONA | R | RU | R | |||||||
Outbound | R | RU | R | |||||||
Context | Portal & Assistant Context | R | RU | R | ||||||
Codes (Primary, Secondary) | R | RU | R | |||||||
Extensions | My Sessions Dashboard | R | RU | R | ||||||
Agents | Service Agents List | R | R | R | ||||||
Service Agents Levels and Profiles | RU | |||||||||
Service Owners List | R | R | R | |||||||
Service Owners Levels and Profiles | RU | |||||||||
Frontend Configuration Permissions (Create, Read, Update, Delete) | SUPERVISOR | USER | TEAM / SERVICE OWNER | |||||||
User | Service | Team Member | Skill-Based | Agent | Owner | Owner Limited | ||||
Configuration | Workflows | Resources (Audio Files) | CRUD | CRUD | ||||||
Playlists | CRUD | CRUD | ||||||||
Workflows (Instances) | CRUD | CRUD | ||||||||
Codes | Primary Codes | CRUD | ||||||||
Secondary Codes | CRUD | |||||||||
Service | Conversation Context | CRUD | ||||||||
Parameters | CRUD | |||||||||
Opening Hours | CRUD | CRUD | CRUD | |||||||
Dashboard and Reporting Permissions (Create, Read, Update, Delete) | SUPERVISOR | USER | TEAM / SERVICE OWNER | |||||||
User | Service | Team Member | Skill-Based | Agent | Owner | Owner Limited | ||||
Personal Dashboard | Personal Dashboards | RU | RU | RU | RU | |||||
Non Personal Dashboards | Non Personal Dashboards | R | R | R | ||||||
Service Supervision | R | R | ||||||||
Dashboard Widgets | Service | Service KPI | R | R | R | R | ||||
Service KPI Tabular | R | R | R | R | ||||||
Service KPI Comparison Chart | R | R | R | R | ||||||
Service Queue Tabular | R | R | R | R | ||||||
Live Service Tasks Tabular | R | R | R | R | ||||||
Service Outbound Tasks Tabular | R | R | R | R | ||||||
Supervision | Service Supervision | R | R | R | ||||||
Supervision Controls | E | |||||||||
User | User State Tabular | R | ||||||||
User State Chart | R | |||||||||
User Tile | R | |||||||||
Common Widgets | Markdown | R | R | R | R | R | R | R | ||
Date & Time | R | R | R | R | R | R | R | |||
Embedded Website | R | R | R | R | R | R | R | |||
Reporting (OData) | Service | Sessions | R | R | R | |||||
User | Sessions | R | R | R | ||||||
States | R |
Notes
These roles have access to the Nimbus portal using the following links:
- Switzerland: https://portal.luware.cloud/
- Germany: https://portal.dewe-01.luware.cloud/
- UK: https://portal.ukso-01.luware.cloud/
These roles are granted depending on Service type, as each scenario defines a certain method of User assignment:
User | All Nimbus user accounts are synched from the Customer Tenant's user directory. Users log into Nimbus using O365 credentials, but only see Nimbus services and data when they become Team members or Service Agents respectively. |
---|---|
Team Members | For Auto-Synced to MS Teams Channel roles. No manual assignment needed. |
Team Owners | Auto-Synced to MS Teams Channel roles. Automatically granted rights to fully manage the respective Nimbus service. No manual assignment needed. |
Skill-Based Users | Contact Center Requires a Contact Center license on the user. Skills are granted via User Administration > "Skills" Tab per user. Skill-based users get tasks distributed via Distribution Policies, based on their Skills and Responsibilities, distributed in pools of users with similar skills assigned. Interaction with Service pages of the Nimbus UI or an associated MS Teams channel is not necessarily required. |
Service Agents | Contact Center Requires a Contact Center license on the user . Role is granted via Service Administration > "Permissions " Tab per service. Compared to Skill-based users, Agents have access to additional Service Portal UI elements. An associated Microsoft Teams channel is not required. |
Service Owner | Contact Center Requires a Contact Center license on the user. Manually granted via Service Administration > "Permissions " Tab. An associated Microsoft Teams channel is not required. |
Supervisor | Contact Center Requires a Contact Center license on the user. An addition to an Owner-type role, manually granted via User Administration > Roles Tab. Can access Power BI OData interface to access extended User State reporting.
LIMITATION BY DESIGN If a user has only Supervisor and not a Team Owner / Service Admin role, only the "UserStates" datasets in the report will be shown: UserStates, StateTypes, ResponsibilityProfile, OU, Users. Other tabs and queries in the BI Report may appear blank. → This is intended by design to prevent exposure of individual Service/User/Session data to the wrong audiences. To see a full dataset, the same user also needs a "Service/Team Owner" role assigned.
|
Admin
Individual Setting Permissions (Create, Read, Update, Delete) | ADMINISTRATOR | ||||
---|---|---|---|---|---|
Tenant | Organization | ||||
Overview | Total Services | R | |||
Call Volume | R | ||||
Total Users | R | ||||
Tenant | General | Tenant & Billing Information | Name | R | |
O365 Domain | R | ||||
O365 Name | R | ||||
Tentant Id | R | ||||
Tenant Administration Security Group | R | ||||
Tenant Administration Security Group Information | E | ||||
CRM Id | |||||
Partner | R | ||||
Partner Administration Security Group | |||||
Partner Administration Security Group Information | |||||
Billing Address | RU | ||||
Contact | Technical Contact Information | Name | RU | ||
RU | |||||
Phone Number | RU | ||||
SIP Address | RU | ||||
Data Privacy | Data Privacy Settings | User Identifiers | R | ||
Customer Identifiers | R | ||||
Track User States | RU | ||||
Provisioning | Provisioning Defaults | Default OU for MS Teams creation | RU | ||
Allow service provisioning via MS Teams | RU | ||||
Default Team Owner Role | RU | ||||
Extensions | Outbound | Max Scheduled Outbound Tasks per Service | R | ||
Interact | Interact enabled | RU | |||
ACS connection string | RU | ||||
O365 UserId | RU | ||||
Widget Key | RE | ||||
Session Recovery Timeout in Seconds | RU | ||||
Authorization | RU | ||||
Assistant | Use Own ACS Instance | RU | |||
Attendant Console | Global Contact Search MS Graph Filter | RU | |||
Team Visibility | RU | ||||
Presence Tracking | Track Presence over Guest Accounts | RU | |||
Grant Permission | E | ||||
Primary Account | R | ||||
Test UPN (primary) | RU | ||||
Secondary Account | R | ||||
Test UPN (secondary) | RU | ||||
Services | Overview | Services | Manage Services | CRUD | CRUD |
Tasks | Task List | RD | RD | ||
Download Traces | E | E | |||
Copy Trace Link | E | E | |||
Provisioning Script | Download Powershell Script | E | E | ||
Settings | General | Name | RU | RU | |
Display Name | RU | RU | |||
UPN | RU | RU | |||
Application ID | R | R | |||
Organization Unit | RU | RU | |||
PSTN Active | RU | RU | |||
E.164 Number | RU | RU | |||
Primary Opening Hours Box | RU | RU | |||
Secondary Opening Hours Box | RU | RU | |||
SLA Acceptance Time | RU | RU | |||
SLA Hangup Time | RU | RU | |||
User Statistics | RU | RU | |||
License - Service Type | RU | R | |||
Workflow | Active Workflow | RU | RU | ||
Voice Message Channel | RU | RU | |||
Distribution | User Assignement Type | RU | RU | ||
Distribution Policy | RU | RU | |||
New Users Immediatly Active | RU | RU | |||
Conversation Distribution | RU | RU | |||
Task Priority | RU | RU | |||
ACW | RU | RU | |||
RONA | RU | RU | |||
Outbound Service Call | RU | RU | |||
Context | Portal Conversation Context | RU | RU | ||
Assistant Context and Templates | RU | RU | |||
Primary Codes | RU | RU | |||
Secondary Codes | RU | RU | |||
Extensions | My Session Widgets | RU | RU | ||
Permissions (Skill-Based Services) | Service Agents | RU | RU | ||
Service Owners | RU | RU | |||
Users (MS Teams Based Services) | Default Team Owner Role | RU | RU | ||
Active Toggle | RU | RU | |||
Team Owner Roles | RU | RU | |||
Interact | Interact Features | Interact Active | RU | RU | |
Restrict Access | RU | RU | |||
Domain Template | RU | RU | |||
Integration (Service Snippet) | R | R | |||
Users | Overview | Users | CRUD | CRUD | |
Settings | General | Display Name | R | R | |
Organization Unit | RU | RU | |||
First/Last Name | R | R | |||
UPN | R | R | |||
O365 ID | R | R | |||
License Change | RU | RU | |||
Services | Membership | R | R | ||
Roles | Roles List | R | R | ||
Role Assignment | RU | RU | |||
Skills | Skill Management | RU | RU | ||
Profiles | Profile Management | RU | RU | ||
N/A Reasons | N/A Feature Toggle | RU | RU | ||
Manage N/A Reasons | RU | RU | |||
Interact | Interact Active | RU | RU | ||
Allowed Modalities | RU | RU | |||
Restrict Access | RU | RU | |||
Domain Template | RU | RU | |||
Integration (User Snippet) | R | R | |||
Assistant | Direct Call Templates | CRUD | CRUD | ||
Shared Configuration Permissions (Create, Read, Update, Delete) | ADMINISTRATOR | ||||
Tenant | Organization | ||||
Configuration | Resources | Resources (Audio File) | CRUD | CRUD | |
Playlist | Play List | CRUD | CRUD | ||
Workflow | Workflow Instances | CRUD | CRUD | ||
Workflow Templates | Workflow Templates | CRUD | CRUD | ||
Primary Codes | Primary Codes | CRUD | CRUD | ||
Secondary Codes | Secondary Codes | CRUD | CRUD | ||
Not Available Reasons | Not Available Reasons | CRUD | CRUD | ||
Conversation Context | Conversation Context | CRUD | CRUD | ||
Parameters | Parameters | CRUD | CRUD | ||
Opening Hours | Opening Hours | CRUD | CRUD | ||
Skills | Skills | CRUD | CRUD | ||
Skill Categories | Skill Categories | CRUD | CRUD | ||
Distribution Profiles | Distribution Profiles | CRUD | CRUD | ||
Responsibility Profiles | Responsibility Profiles | CRUD | CRUD | ||
Non Personal Dashboards | Non Personal Dashboards | CRUD | CRUD | ||
Address Books | Name | CRUD | CRUD | ||
Automation Flow Actions | RU | RU | |||
Domain Templates (CORS) | Domain Templates (CORS) | CRUD | CRUD | ||
Direct Call Templates | Assistant Direct Call Templates | CRUD | CRUD | ||
Service Call Templates | Assistant Service Call Templates | CRUD | CRUD | ||
Operations | Service | Call History | R | ||
Download Trace Files | R | ||||
Customer | Call History | R | |||
Download Trace Files | R |
Notes
These roles have access to the Nimbus admin backend panel using the following links:
- Switzerland: https://admin.luware.cloud/
- Germany: https://admin.dewe-01.luware.cloud/
- UK: https://admin.ukso-01.luware.cloud/
These roles are granted by Luware Support or selected Service Partners. Details will be discussed during your Onboarding and first Nimbus Installation .
Tenant Administrator |
|
---|---|
Organization Unit Administrator |
|