Home Nimbus Administration Role Based Access Concept

Role-based Access Concept (RBAC)

How Nimbus manages service user roles in context of MS Teams

This page explains the access concept of Nimbus. In the first part we explain how user rights are synched between Nimbus and MS Teams and where Nimbus acts with standalone concepts. The second part covers Roles available in Nimbus and their detailed permissions.

Teams, Users and Organization Units

Nimbus has a user roles and permissions system that grants permissions based on a Organization Units hierarchical structure. By using this concept, access to configuration entities of Nimbus can be granted on a very granular level. To understand this permission system we need to explain a few related concepts in the following.

Concept	Details	Diagram
User roles and sync between MS Teams	Nimbus syncs users from your tenant's user directory. Each user can then added in a Nimbus role, e.g. as Admin, Owner or Member/ Agent of a service. The role determines, what a user can do within Nimbus. 🔍You can find detailed permissions behind each role explained in the "Role Permission Matrix" table below. Depending on what Nimbus Service types are being provisioned on your Tenant, Nimbus distinguishes the user role sync by their User assignment types. 🔍 More details on the assignment type and individual user roles are explained in the Role Permission Matrix chapter below.
Access to data entities within an Organization Unit scope	As more users on your Tenant get roles assigned, it's important to distinguish where users can act this role. This is where the Organization Unit concept comes into place: To understand Organization Units, it is important to know their relationship in the RBAC model. OU STRUCTURES AND RBAC Each configurable element in Nimbus is called a data entity. Organization Units provide a structure to all data entities, e.g. by mirroring a company's organization levels and departments. RBAC - Role Based Access Control restricts and grants access within any Organization Unit, e.g. by assigning functions to users according to their role in the organization.	💡 Organization Units determine where a configurable data entity is placed. Each data entity must belong to exactly one Organization Unit. This includes all Nimbus users, as their OUs determines from which "point of view" they can act in their role. 💡 RBAC determines which actions (Create, Read, Update, Delete) are possible on configurable entities. 💡User roles define a set of permissions on such entities granted within one or multiple Organzation Units.

User Role Permission Matrix

The following tabs are taken from the following pages:

User Role (RBAC) Matrix

These tables contain details on the Role Based Access Concept (RBAC) concept behind all Nimbus Features . Roles are primarily distinguished by Frontend (Portal, UIs and App) and Backend (Admin/Integrations) .

When using the Nimbus Power Automate Connector or Power BI, additional user roles may be required. Permissions are structured by the CRUDE (Create, Read, Update, Delete, Execute) principle.

Admin User Permissions

Admin Roles

NOTES

Admin roles described on this page have access to the Nimbus Admin (Backend) Portal.

Show Admin URLs…

Nimbus Admin URLs

Switzerland 01	https://admin.ch-01.luware.cloud/
Switzerland 02	https://admin.ch-02.luware.cloud/
Germany 01	https://admin.dewe-01.luware.cloud/
Germany 02	https://admin.dewe-02.luware.cloud/
United Kingdom 01	https://admin.ukso-01.luware.cloud/
Australia 01	https://admin.aue-01.luware.cloud/
West Europe 01	https://admin.euwe-01.luware.cloud/
East United States 01	https://admin.use-01.luware.cloud/

Nimbus Admin Panel URL

✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.

✅ Admin roles are granted by Luware Support or selected Service Partners. Details will be discussed during your Onboarding and first Nimbus Installation.

🔎The table below lists all detail permissions. In a nutshell, Admin user roles can do the following:

Tenant Administrator	Can perform all necessary activities to set up services. Has full access to the OData Interface for historical tracking (except User States tracking) → See Supervisor role . Can perform License Management tasks for both services and users. Can check Operations to monitor and remove (stuck) tasks.
Organization Unit (OU) Administrator	Are delegates with similar privileges as the Tenant Administrator. However their scope is limited to the configuration, service and user entities within their Organization Units. Can perform License Management tasks for users.
Workflow (WF) Admin Limited	Can read, update Opening Hour and Workflows in Service Settings. May only read other settings. Can manage Resources and Playlists. Can manage service users "Active" state.

Admin user roles overview

Table: Nimbus Admin Portal Roles and Permissions

_🔎Legend:_C_reate,_R_ead,_U_pdate,_D_elete,_E_xecute.

Tenant

Tab	Section	Property	Tenant Admin
General	-	Name	R
		O365 Domain	R
		O365 Name	R
		Tenant Id	R
		Billing Address	RU
Contact	-	Name	RU
		Email	RU
		Phone Number	RU
		SIP Address	RU
Data Privacy	-	Allow Partner to see User Identifiers	RU
		Allow Partner to see Customer Identifiers	RU
		Allow Partner to see Change History	RU
		Persist User States in Reporting	RU
		Data Retention Time (in Months)	R
		Show user Time in State	RU
		Allow to share User Identifiers in clear text	R
Provisioning	-	Default OU for MS Teams creation	RU
		Allow service provisioning via MS Teams	RU
		Enable Multihoming	R
		Default Team Owner Role	RU
		Enable Provisioning API	R
		Application Permissions	CRUD
Extensions	Outbound	Directly Invite PSTN for Outbound Calls	R
		Directly Invite UPN for Outbound Calls	R
		Max Scheduled Outbound Tasks per Service	R
	Interact	Interact enabled	RU
		ACS connection string	RU
		O365 UserId	RU
		Widget Key	RE
		Session Recovery Timeout in Seconds	RU
		Authorization	RU
	Assistant	Use your own ACS instance	RU
	Attendant Console	Global Contact Search MS Graph Filter	RU
	Attendant Console	Team Visibility	RU
	Presence Tracking	Track Presence over Guest Accounts	RU
		Grant Permission	E
		Primary Account	R
		Test UPN (primary)	RU
		Secondary Account	R
		Test UPN (secondary)	RU
Modalities	Audio / Video	Leave Nimbus on Blind transfer	RU
	Instant Messaging	Inactivity Timeout	R
		Primary Account	R
		Test UPN (primary)	RU
		Secondary Account	R
		Test UPN (secondary)	RU
		Max concurrent IM Tasks per service	R
		Use your own ACS instance	RU
		ACS connection string	RU
		ACS resource ID	RU
		Max concurrent External Tasks per Service	R
	Email Tasks	Max concurrent Email Tasks per Service	R
Licenses	-	Tenant State	R
	Service	Advanced	R
		Enterprise	R
		Contact Center Service	R
		Interact	R
	User	Attendant Console	R
		Contact Center User	R
		Interact User	R
		Assistant	R
		Modalities - Instant Message Modality	R
		Modalities - External Task Modality	R
		Modalities - Email Modality	R

Services

Tab	Section	Property	Tenant Admin	OU Admin	WF Admin Limited
Grid¹	UI / View Access	Services	CRUD	CRUD	RU
		Tasks	E	E
		Download PowerShell Script	E	E	E
	Tasks	Tasks List	RD	RD
		Download Traces	E	E
		Copy Trace Link
Settings	General	Name	RU	RU	R
		Service Display Name	RU	RU	R
		Service UPN	RU	RU	R
		Application ID	R	R	R
		Organization Unit	RU	RU	R
		PSTN Active	RU	RU	R
		PSTN E.164 Number	RU	RU	R
		Primary Opening Hours	RU	RU	R
		Secondary Opening Hours	RU	RU	R
		SLA Hangup	RU	RU	R
		SLA Acceptance	RU	RU	R
		Short Abandons Threshold in Seconds	RU	RU	R
		Hide User Statistics from Reporting	RU	RU	R
		Show on Historical Session Page	RU	RU	R
		Licenses	RU	R	R
		Addons	RU	R	R
	Modalities	Audio Video checkbox	RU	RU	R
		Instant Messaging checkbox	RU	RU	R
		External Task checkbox	RU	RU	R
		Email checkbox	RU	RU	R
		Audio Video - Inbound Conversations toggle	RU	RU	R
		Audio Video - Outbound Conversations toggle	RU	RU	R
		Audio Video - Audio Video Workflow dropdown	RU	RU	R
		Audio Video - Voice Message Channel	RU	RU	R
		Instant Messaging - Instant Messaging Workflow dropdown	RU	RU	R
		Instant Messaging - Service System Messages	RU	RU	R
		External Task - External Task Workflow dropdown	RU	RU	R
		Email - Email Workflow dropdown	RU	RU	R
		Email - Mailbox dropdown	RU	RU	R
	Distribution	User Assignment Type	RU	RU	R
		Distribution Policy	RU	RU	R
		Users Immediately Active	RU	RU	R
		Conversation Distribution - Available	R	RU	R
		Conversation Distribution - Dnd	R	RU	R
		Conversation Distribution - Offline	R	RU	R
		Conversation Distribution - Busy	RU	RU	R
		Conversation Distribution - Away	RU	RU	R
		Task Priority	RU	RU	R
		ACW	RU	RU	R
		Persistent RONA	RU	RU	R
		Auto Redirect in Emergency Case	RU	RU	R
		Redirect Destination	RU	RU	R
	Extensions	Codes - Primary Codes	RU	RU	R
		Codes - Secondary Codes	RU	RU	R
		Assistant - Assistant Conversation Context	RU	RU	R
		Assistant - Service Call Templates	RU	RU	R
		Attendant Console - Conversation Context	RU	RU	R
		My Sessions - Conversation Context	RU	RU	R
		My Sessions - Store Conversation Context Data toggle	RU	RU	R
		My Sessions - Keep Context On Transfer - To Service	R	R	R
		My Sessions - Keep Context On Transfer - To User	RU	RU	R
		My Sessions - Widgets - Codes & Tags toggle	RU	RU	R
		My Sessions - Widgets - Embedded Context toggle	RU	RU	R
		My Sessions - Widgets - Embedded Context dropdown	RU	RU	R
		My Sessions - Widgets - Live Caption toggle	RU	RU	R
		My Sessions - Widgets - Transcript toggle	RU	RU	R
		My Sessions - Widgets - Session Details toggle	RU	RU	R
		My Sessions - Widgets - Map toggle	RU	RU	R
		My Sessions - Widgets - Session Parameters	RU	RU	R
	Permissions	Service Agents List	RU	RU	R
		Service Agents Levels and Profiles
		Service Owners List	RU	RU	R
		Service Owners Levels and Profiles
	Users	Default Team Owner Role	RU	RU	R
Team member can change active state		RU	RU	RU
Users - list		R	R	R
Users - Role - Member		R	R	R
Users - Role - Owner / Limited Team Owner		RU	RU	R
Users - Active toggle		RU	RU	RU
Interact	Interact - Active Toggle (general)	RU	RU	R
	Interact - Allowed Modalities - Audio&Video Toggle	RU	RU	R
	Interact - Allowed Modalities - Instant Message Toggle	RU	RU	R
	Interact - Restriction - Restrict Access Toggle	RU	RU	R
	Interact - Restriction - Domain Templates Dropdown	RU	RU	R
	Interact - Integration	RU	RU	R
Virtual Assistant	Virtual User Assistant - Voice Transcription toggle	RU	RU	R
	Virtual User Assistant - Live Captioning toggle	RU	RU	R
	Virtual User Assistant - Speech Recognizer dropdown	RU	RU	R

Users

Tab	Section	Property	Tenant Admin	OU Admin
Users	List / View	Users	CRUD	CRUD
	General	Display Name	R	R
		Organization Unit	RU	RU
		First Name	R	R
		Last Name	R	R
		UPN	R	R
		O365 ID	R	R
		Licenses	RU	RU
		Modalities	RU	RU
	Services	Services (user belongs to)	R	R
	Roles	Teams-based roles	R	R
	Roles	Not Teams-based roles	RU	RU
	Skills	Skills and levels	RU	RU
	Profiles	Profiles	RU	RU
	N/A Reasons	Not Available Reasons toggle	RU	RU
	N/A Reasons	Not Available Reasons	RU	RU
	Interact	User active	RU	RU
		Restrict Access	R	R
		Domain Template	R	R
		Integration	R	R
	Assistant	Direct Call Templates	RU	RU

Licensing

Tab	Section	Property	Tenant Admin
Licensing	-	Tenants Widget
		Tenant State Widget	R
		Service Licenses Widget	R
		User Licenses Widget	R
		Level 1 (Tenants List)
		Level 2 (Licenses List)	R
		Edit licences icon	E
		Level 3 (Edit Popup)	RU

Configuration

Group	Section	Property	Tenant Admin	OU Admin	WF Admin Limited
Tenant	Organization Units	Organization Units	CRUD
		Name	RU
		Parent	R
		Description	RU
Workflows	Resources	Resources	CRUD	CRUD	CRUD
		Name	RU	RU	RU
		Organization Unit	RU	RU	RU
		Audio File	RU	RU	RU
	Playlists	Playlists	CRUD	CRUD	CRUD
		Name	RU	RU	RU
		Organization Unit	RU	RU	RU
		Playlist Entries	RU	RU	RU
	Workflows	Workflow Instances	CRUD	CRUD	RU
		Name	RU	RU	R
		Organization Unit	RU	RU	R
		Template Type	R	R	R
		Workflow Template	R	R	R
		Workflow (Editor)	RU	RU	RU
	Workflow Templates	Workflow Templates	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Template Type	R	R
		Workflow Template (Selection)	R	R
		Workflow Template (Editor)	RU	RU
Codes	Primary Codes	Primary Codes	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Description	RU	RU
	Secondary Codes	Secondary Codes	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Description	RU	RU
User	Not Available Reasons	Not Available Reasons	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
Service	Conversation Context	Conversation Context	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		URL	RU	RU
	Mailboxes	Name	CRUD	CRUD
		Organization Unit	RU	RU
		Email Address	RU	RU
	Parameters	Parameters	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Default Value	RU	RU
		ID	R	RU
	Opening Hours	Opening Hours	CRUD	CRUD	RU
		Name	RU	RU	R
		Organization Unit	RU	RU	R
		Default	RU	RU	R
		Periods	CRUD	CRUD	CRUD
Virtual Assistant	Speech Recognizer	Speech Recognizer	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Type	RU	RU
		Language (MSFT)	RU	RU
		Region (MSFT)	RU	RU
		Key	RU	RU
Distribution	Skills	Skills	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Skill Categories	R
	Skill Categories	Skill Categories	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Skill Levels	RU	RU
		Responsibility Levels	RU	RU
	Distribution Policies	Distribution Policies	CRUD	CRUD
		Name	RU	CRUD
		Organization Unit	RU	CRUD
		Order	RU	RU
		Preferred User Routing	RU	RU
		Waiting Time toggle	RU	RU
		Waiting Time editbox	RU	RU
		Last User Routing toggle	RU	RU
		Last User Routing Treshold editbox	RU	RU
		Distribution Levels	RU	RU
	Responsibility Profiles	Responsibility Profiles	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Duty toggle	R	R
Instant Messaging	Direct System Messages	Direct System Messages grid¹	CRUD	CRUD
		General - Name	RU	RU
		General - Organization Unit	RU	RU
		General - Description	RU	RU
		General - User	RU	RU
		General - Custom Usert Display Name	RU	RU
		Messages to User - "Acccept" Adaptive Card	RU	RU
		Messages to User - "Terminate" Adaptive Card	RU	RU
		Messages to User - Session Embed	RU	RU
		Messages to Customer - Session Connected	RU	RU
		Messages to Customer - Session Ended by User	RU	RU
		Messages to Customer - Session Declined by User	RU	RU
	Service System Messages	Service System Messages grid¹	CRUD	CRUD
		General - Name	RU	RU
		General - Organization Unit	RU	RU
		General - Description	RU	RU
		General - User	RU	RU
		General - Custom Usert Display Name	RU	RU
		Messages to User - "Acccept" Adaptive Card	RU	RU
		Messages to User - "Terminate" Adaptive Card	RU	RU
		Messages to User - Session Embed	RU	RU
		Messages to Customer - Session Connected	RU	RU
		Messages to Customer - Session Ended by User	RU	RU
Attendant Console	Address Books	Address Books	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	CRUD
		Image	RU	CRUD
Interact	Domain Templates (CORS)	Domain Templates (CORS)	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Domain	RU	RU
Nimbus Assistant	Direct Call Templates	Direct Call Templates	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Description	RU	RU
		Trigger Event	RU	RU
		Call Type	R	R
		Actions	RU	RU
		Inbound Internal Teams Calls	RU	RU
		Inbound PSTN Calls	RU	RU
		Inbound External Teams Calls	RU	RU
	Service Call Templates	Service Call Templates	CRUD	CRUD
		Name	RU	RU
		Organization Unit	RU	RU
		Description	RU	RU
		Trigger Event	RU	RU
		Call Type	R	R
		Actions	RU	RU
		Inbound Internal Teams Calls	RU	RU
		Inbound PSTN Calls	RU	RU
		Inbound External Teams Calls	RU	RU
		Outbound Service Calls	RU	RU

Operations

Tab	Section	Property	Tenant Admin
Service	Widgets	Tenant dropdown	R
		Service dropdown	RU
		Tasks doughnut	R
		Tasks list	RD
		Last Interaction	R
		Interactions	R
		Last Updated	RE
		History	R
		Download Traces	E
		Copy Trace Link
Customer	Widgets	Tenant dropdown	R
		Customer dropdown	RU
		Last Interaction	R
		Interactions	R
		History	R
		Download Traces	E
		Copy Trace Link
Change History	Widgets	Tenant dropdown	RU
		Last Updated	RE
		Change History	R
		Details view	R

_¹_{The term “grid” describes a permission to list (and potentially manipulate) already existing entries of the same type.}

Portal User Permissions

Portal Roles

NOTES

Roles described on this page have access to the Nimbus (Frontend) Portal.

Show Portal URLs…

Nimbus Portal URLs

Switzerland 01	https://portal.ch-01.luware.cloud/
Switzerland 02	https://portal.ch-02.luware.cloud/
Germany 01	https://portal.dewe-01.luware.cloud/
Germany 02	https://portal.dewe-02.luware.cloud/
United Kingdom 01	https://portal.ukso-01.luware.cloud/
Australia 01	https://portal.aue-01.luware.cloud/
West Europe 01	https://portal.euwe-01.luware.cloud/
East United States 01	https://portal.use-01.luware.cloud/

Nimbus Portal URLs

✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.

✅ Portal Roles are granted depending on Service type, as Services can be provisioned with different User Assignment Types:

Learn more about User Assignment…

INC User Assignment Types

Each Nimbus service can be of a different user assignment type that determines how users are associated to this service:

MS Teams-based: Directly tied to your MS Teams "Teams" as determined during Service Provisioning. Users get automatically added and synced to a Nimbus service.
Skill-based: Applies for manually created services via Service Administration. Requires skill-assignment from users you assign to the service from within your tenant directory.
None: Has no users, but can be configured by any administrator. Used for IVR or first-level redirection services.

☝ Important to know: The user assignment type is fixated when a service was either provisioned via MS Teams or manually created via Service Administration, e.g. for IVR or skill-based distribution purposes. A switch between MS Teams-based and Skill-based services is not possible due to how individual users are configured and how Nimbus Features operate.

🔎The table below lists all detail permissions. In a nutshell, Portal user roles can do the following:

Tenant Administrator	Cannot access service data unless the user is also part of a service.
Organization Unit (OU) Administrator	Same as Tenant Admin, however, their scope is limited to the configuration entities (available in Portal) and services within their assigned Organization Units .
Workflow (WF) Admin Limited	Can read, update Opening Hour and Workflows in the Service Settings. Can manage Resources and Playlists. Limited access to user-related settings (e.g. default "Active" state) May only read other settings.
User Supervisor⁽¹⁾	Contact Center Requires a Contact Center license on the user. An addition to an Owner-type role, manually granted via User Administration. Can access to “User State / Performance" related Dashboard Widgets in Personal Dashboards. Can access the Power BI OData Feed to retrieve User States tracking data.
Service Supervisor⁽¹⁾	Contact Center Requires a Contact Center license on the user. An addition to an Owner-type role, manually granted via User Administration. Can access to “Service KPI / Task " related Dashboard Widgets in Personal Dashboards. Can access the Power BI OData Feed to retrieve service and user session data. Can supervise inbound and outbound calls.
Contact Center (CC) User	Contact Center Requires a Contact Center (CC) license on the General User Settings. An additional license that grants grants access to Personal Dashboards and other Nimbus Features. Enables Skills and Responsibilities for the user, allowing to distinguish task distribution via Distribution Policies.
Service Owner	Contact Center Requires a Contact Center (CC) license on the General User Settings. Manually assigned as “Owners” via the Service Settings > “Permissions” tab. Once assigned: Can adjust Skills and Responsibilities via Agent Service Settings for all service users. Can fully manage the respective Nimbus Service Settings and access historical session data via the Sessions List.
Service Agent	Contact Center Requires a Contact Center (CC) license on the General User Settings. An associated Microsoft Teams channel is not required anymore, so the user can act as “standalone” specialist for dedicated tasks. Manually assigned as “Agents” via the Service Settings > “Permissions” tab. Once assigned: Can access Contact Center service data such as the Live View and Statistics. Can take scheduled Outbound Calls and make Calls On Behalf from this service. Can have (Owner-assigned) Skills and Responsibilities which are used in one or multiple Service Distribution Policies and for Preferred User Routing.
Team Owner	Default role granted during Service Provisioning via MS Teams. Role synched to MS Teams Channel “Owner” role.⁽²⁾ Can fully manage the respective Nimbus Service Settings.
Team Owner Limited	A reduced role that can be granted during Service Provisioning via MS Teams. Manually assigned as “Team Owner Limited” via the Service Settings > “Users” tab. Role synched to MS Teams Channel “Owner” role.⁽²⁾ Can manage a limited set of Service Settings (SLA, Opening Hours, Resources, Playlists, Workflows).
Team Member	A Nimbus user synched from the Tenant's user directory. Synced with the Team Members of the associated “team” in MS Teams.⁽²⁾ Can access Nimbus services and data⁽³⁾ via the Portal and Nimbus Teams Tab once being a member of a service team.

Portal user roles overview

⁽¹⁾GDPR General Data Access limitation: If a user has a Supervisor but not a Team Owner / Service Admin role within a service, only limited datasets in the historical BI Template will be shown. Other tabs and queries in the Power BI Report may appear blank.
☝ This is intended by design. To see a full dataset (including live Reporting data on the portal), the same user also needs a "Service/Team Owner" role assigned for the respective service(s).

⁽²⁾ Nimbus “Team” roles are only referenced to limit access to Nimbus-related functionality. Vice-versa, MS Teams roles are not affected by Nimbus role assignment. Even in a “limited” Nimbus role - Team Owners can continue to act with all their non-Nimbus related privileges within MS Teams.
⁽³⁾☝Data visibility consideration: Note that MS Teams “Guests” may also get “indirect” access to Nimbus service data, e.g. by seeing call context posted in Adaptive Cards in generally available chat channels. → We recommend to review your MS Teams user privileges regularly to prevent data leaks.

Table: Nimbus Frontend Portal Roles and Permissions

_🔎Legend:_C_reate,_R_ead,_U_pdate,_D_elete,_E_xecute.

Services Overview

Section	Service Supervisor	CC User	Team Member	Service Agent	Team / Service Owner	Team Owner Limited
Services Overview	R		R	R	R	R
Service Settings icon	E				E	E
Call On Behalf			E	E	E	E
Users - Own Active Toggle		N/A	RU	N/A	RU	RU
Users - Active Toggle	R	N/A	R	N/A	RU	RU
Users - Presence icon	R		R	R	R	R
Pickup		N/A	E	N/A	E	E

Service Details

Tab		Section	OU Admin	WF Admin Limited	Service Supervisor	CC User	Team Member	Service Agent	Team / Service Owner	Team Owner Limited
Dashboard		Dashboard			R		R	R	R	R
		Users List			R		R	R	R	R
		Users - Own Active Toggle			N/A	N/A	RU	N/A	RU	RU
		Users - Active Toggle			RU	N/A	R	N/A	RU	RU
		Pickup				N/A	E	N/A	E	E
		Today's Reporting KPIs			R		R	R	R	R
Reporting		Service Statistics			R		R	R	R	R
		Tasks Heatmap			R		R	R	R	R
		Users Statistics			R		R	R	R	R
Historical Sessions		Session Results			R				R	R
		Sessions			R				R	R
		Session Types			R				R	R
		Session Directions			R				R	R
		Historical Sessions - Service Sessions			R				R	R
		Historical Sessions - User Sessions			R				R	R
		Session Details Popup			R				R	R
Settings	General	Name	RU	R	R				RU	R
		Service Display Name	RU	R	R				RU	R
		Service UPN	RU	R	R				RU	R
		Application ID	R	R	R				R	R
		Organization Unit	RU	R	R				RU	R
		PSTN Active	RU	R	R				RU	R
		PSTN E.164 Number	RU	R	R				RU	R
		Primary Opening Hours	RU	R	RU				RU	RU
		Secondary Opening Hours	RU	R	RU				RU	RU
		SLA Hangup	RU	R	RU				RU	RU
		SLA Acceptance	RU	R	RU				RU	RU
		Short Abandons Threshold in Seconds	RU	R	RU				RU	RU
		Show on Historical Session Page	RU	R	R				R	R
		Hide User Statistics from Reporting	RU	R	R				R	R
		Show on Historical Sessions Page	RU	R	R				R	R
	Modalities	Audio Video checkbox	RU	R	R				RU	R
		Instant Messaging checkbox	RU	R	R				RU	R
		External Task checkbox	RU	R	R				RU	R
		Email checkbox	RU	R	R				RU	R
		Audio Video - Inbound Conversations toggle	RU	R	R				RU	R
		Audio Video - Outbound Conversations toggle	RU	R	R				RU	R
		Audio Video - Audio Video Workflow dropdown	RU	R	R				RU	R
		Audio Video - Voice Message Channel	RU	R	R				RU	R
		Instant Messaging - Instant Messaging Workflow dropdown	RU	R	R				RU	R
		External Task - External Task Workflow dropdown	RU	R	R				RU	R
		Email - Email Workflow dropdown	RU	R	R				RU	R
		Email - Mailbox dropdown	RU	R	R				RU	R
	Distribution	User Assignment Type	RU	R	R				RU	R
		Distribution Policy	RU	R	R				RU	R
		Users Immediately Active	RU	R	R				RU	R
		Conversation Distribution - Available	R	R	R				R	R
		Conversation Distribution - Dnd	R	R	R				R	R
		Conversation Distribution - Offline	R	R	R				R	R
		Conversation Distribution - Busy	RU	R	R				RU	R
		Conversation Distribution - Away	RU	R	R				RU	R
		Task Priority	RU	R	R				RU	R
		ACW	RU	R	R				RU	R
		Auto Redirect in Emergency Case	RU	R	R				R	R
		Redirect Destination	RU	R	R				R	R
		RONA	RU	R	R				RU	R
	Extensions	Codes - Primary Codes	RU	R	R				RU	R
		Codes - Secondary Codes	RU	R	R				RU	R
		Assistant - Assistant Conversation Context	RU	R	R				RU	R
		Assistant - Service Call Templates	RU	R	R				RU	R
		Attendant Console - Conversation Context	RU	R	R				RU	R
		My Sessions - Conversation Context	RU	R	R				RU	R
		My Sessions - Store Conversation Context Data toggle	RU	R	R				RU	R
		My Sessions - Keep Context On Transfer - To Service	RU	R	R				R	R
		My Sessions - Keep Context On Transfer - To User	RU	R	R				RU	RU
		My Sessions - Widgets - Codes & Tags toggle	RU	R	R				RU	R
		My Sessions - Widgets - Embedded Context toggle	RU	R	R				RU	R
		My Sessions - Widgets - Embedded Context dropdown	RU	R	R				RU	R
		My Sessions - Widgets - Live Caption toggle	RU	R	R				RU	R
		My Sessions - Widgets - Transcript toggle	RU	R	R				RU	R
		My Sessions - Widgets - Session Details toggle	RU	R	R				RU	R
		My Sessions - Widgets - Map toggle	RU	R	R				RU	R
		My Sessions - Widgets - Session Parameters	RU	R	R				RU	R
	Agents	Service Agents List	R	R	R				R	R
		Service Agents Levels and Profiles	RU						RU
		Service Owners List	R	R	R				R	R
		Service Owners Levels and Profiles	RU						RU
	Users	Default Team Owner Role	RU	R					R	R
		Team member can change active state	RU	RU					RU	R
		Users - list	R	R					R	R
Users - Role - Member		R	R					R	R
Users - Role - Owner / Limited Team Owner		RU	R					R	R
Active toggle		RU	RU					RU	RU

Configuration

Tab		Section	OU Admin	WF Admin	User Supervisor	Team / Service Owner	Team Owner Limited
Workflows	Resources	Resources grid¹	CRUD	CRUD		CRUD	CRUD
		Name	RU	RU		RU	RU
		Organization Unit	RU	RU		R	R
		Audio File	RU	RU		RU	RU
	Playlists	Play List grid¹	CRUD	CRUD		CRUD	CRUD
		Name	RU	RU		RU	RU
		Organization Unit	RU	RU		R	R
		Play List	RU	RU		RU	RU
	Workflows	Workflow grid¹	CRUD	RU		CRUD	CRUD
		Name	RU	R		RU	RU
		Organization Unit	RU	R		R	R
		Template Type	R	R		R	R
		Workflow Template	R	R		R	R
		Workflow	RU	RU		RU	RU
Codes	Primary Codes	Primary Codes grid¹	CRUD			CRUD
		Name	RU			RU
		Organization Unit	RU			R
		Description	RU			RU
	Secondary Codes	Secondary Codes grid¹	CRUD			CRUD
		Name	RU			RU
		Organization Unit	RU			R
		Description	RU			RU
Service	Conversation Context	Conversation Context grid¹	CRUD			CRUD
		Name	RU			RU
		Organization Unit	RU			R
		URL	RU			RU
	Parameters	Parameters grid¹	CRUD			CRUD
		Name	RU			RU
		Organization Unit	RU			R
		Default Value	RU			RU
		ID	RU			R
	Opening Hours	Opening Hours grid¹	CRUD	RU	CRUD	CRUD	CRUD
		Name	RU	R	RU	RU	RU
		Organization Unit	RU	R	RU	R	R
		Default	RU	R	RU	RU	RU
		Periods	CRUD	CRUD	CRUD	CRUD	CRUD

Flexible Dashboards

Contact Center - Non-Personal Dashboards and Personal Dashboards require a Contact Center license on the user to become accessible. Each Dashboard can be customized with Dashboard Widgets.

🔎 W = Widget access. A user needs a Contact Center license to see Dashboards, and can add Dashboard Widgets. However, seeing data (Services / Users / OUs) inside those widgets requires an additional R permission (e.g. Team Member, Agent role) within the service / team.

Tab	Section		User Supervisor	Service Supervisor	CC User	Team Member	Service Agent	Team / Service Owner
Dashboards		Personal Dashboards			CRUD
Dashboards		Non-Personal Dashboards			R
Dashboard Widgets	Service	Service KPI Tile		R	W	R	R	R
		Service KPI Tabular		R	W	R	R	R
		Service KPI Chart		R	W	R	R	R
		Service KPI Comparison Chart		R	W	R	R	R
		Service KPI Graph		R	W	R	R	R
		Service Queue Tabular		R	W	R	R	R
		Live Service Tasks Tabular		R	W	R	R	R
		Service Outbound Tasks Tabular		RE	W	R	R	RE
		Service External Tasks Tabular		RE	W	R	R	RE
		Service Heatmap		R	W	R	R	R
		Service Supervision		WRE	W
	User	User Performance Tabular	R		W
		User State Tabular	R		W			R
		User Supervisor Tabular	RE		W
		User State Chart	R		W			R
		User Tile	R		W			R
	Common	Markdown			WR
		Date & Time			WR
		Embedded Website			WR

_{¹ Note: The term “grid” describes a permission to list (and potentially manipulate) already existing entries of the same type.}

Power Automate User Permissions

Power Automate Roles

Certified and Custom Connector differences

🔎 All Roles listed in the table below have access to the Nimbus Power Automate Connector, however with varying Execution rights. Note that your installed Legacy & Custom Connectors may still work using these roles, but will not receive access to new features, e.g. new Triggers and Actions.

✅Consider a Connector Migration to the certified connector as soon as possible and check the Flow-executing user role to ensure a smooth transition.

Revoked Role Limitation

☝If a User configures a Power Automate Flow for a service, but then loses permissions to configure such a flow (e.g. removed as Service Owner), the previously configured Power Automate Flows will still be triggered.

✅When changing service ownership we recommend you to check for leftover flows executed by that user OR use a global administrator to manage all your flow needs in a centralized fashion.

Table: Nimbus Power Automate Permissions

_🔎Legend:_C_reate,_R_ead,_U_pdate,_D_elete,_E_xecute

		Certified Connector	Custom Connector	Tenant Admin	OU Admin	Team/Service Owner
Conversations	Triggers	-	GetOnNewTasks	E		E
		When a task changes state	GetOnUpdatedTasks	E		E
		When the virtual task assistant has an update		E		E
	Actions	Update task	UpdateTask	E		E
		Add a new external task	AddExternalTask	E		E
		Remove an external task	RemoveExternalTask	E		E
		Get Data from Virtual Task Assistant		E		E
Address Books	Actions	Add a contact to an address book	AddOrUpdateContact	E	E
		Update a contact in an address book	-	E	E
		Empty an address book	ClearContacts	E	E
		Get contact(s) from ana address book	GetContacts	E	E
		Remove contact(s) from an address book	RemoveContacts	E	E
Outbound Service Calls	Triggers	When a scheduler entry changes state	GetOnUpdatedOutboundTask	E		E
	Actions	Schedule a new outbound call	AddOrUpdateOutboundTask	E		E
		Get all scheduler entries	GetOutboundTasks	E		E
		Update a scheduler entry	-	E		E
		Remove a scheduler entry	RemoveOutboundTask	E		E

Reporting User Permissions

Reporting Roles

NOTES

🔎Roles described in the table below have access to Historical Sessions summarized in a Nimbus Power BI Report Template.

✅ When Setting Up Power BI and connecting to the OData Feed (e.g. via the Report Template or other means), any of the user roles below are required. The Organization Unit of the connecting user account determines, which service and user data will become available in the data query.

_🔎Legend:_C_reate,_R_ead,_U_pdate,_D_elete,_E_xecute

Historical Session & User Data⁽¹⁾	Tenant Administrator	User Supervisor	Service Supervisor	Team / Service Owner	Team Owner Limited
Unified Sessions⁽²⁾	R		R	R	R
Service Sessions⁽²⁾	R		R	R	R
User Sessions⁽²⁾	R		R	R	R
Transfer Sessions⁽²⁾	R		R	R	R
User States		R
Service Session Aggregates⁽³⁾	R		R	R	R
User Session Aggregates⁽³⁾	R		R	R	R
User State Aggregates⁽³⁾		R

⁽¹⁾All data is built from the Nimbus Reporting Model.
⁽²⁾Refer to Nimbus Reporting for an overview of available Session Types.
⁽³⁾Refer to Data Aggregation.

Luware Knowledge

Nimbus

Recording

Resource Library

Teams, Users and Organization Units

OU STRUCTURES AND RBAC

User Role Permission Matrix

User Role (RBAC) Matrix

Admin User Permissions

Admin Roles

NOTES

Show Admin URLs…

Nimbus Admin URLs

Table: Nimbus Admin Portal Roles and Permissions

Tenant

Services

Users

Licensing

Configuration

Operations

Portal User Permissions

Portal Roles

NOTES

Show Portal URLs…

Nimbus Portal URLs

Learn more about User Assignment…

INC User Assignment Types

Table: Nimbus Frontend Portal Roles and Permissions

Services Overview

Service Details

Configuration

Flexible Dashboards

Power Automate User Permissions

Power Automate Roles

Certified and Custom Connector differences

Revoked Role Limitation

Table: Nimbus Power Automate Permissions

Reporting User Permissions

Reporting Roles

NOTES

Related Articles