Roles and Permissions

Nimbus uses a roles and permissions system that allows Luware partners to distribute administrative permissions further. This level of delegation is possible down to a (single) service administrator level or simple login and use-permissions.

By combining these roles with our Organization Unit concept a very detailed access on data entities and UI view permissions can be configured. Both concepts are explained on this page.

Nimbus Role	Permissions	Description
Partner Administrator	Access to: Tenant Administration, Services and User Administration. Manages Resources to be available to all services under the respective tenant(s).	Granted by Luware Support for selected Service Partners. Learn more under: https://luware.com/partners
Tenant Administrator TENANT ADMIN	Access to: Services and User Administration. Manages Resources to be available to all services under the respective tenant.	Granted by Luware Support or Service Partners during first Nimbus Installation.
Service Administrator TEAM OWNER	Access to respective Service Settings and Configuration items of their respective service(s). Manage or add resource items (as part of configuration). Resources are also provided by an Administrator via tenant level Organization Unit assignment. Evaluate Historical Reporting Data directly from the database, via Power BI OData Interface. Can perform all "User" duties	Service administration rights can be granted in multiple ways, depending on Service type. "Team Owners" (Default) are automatically synced from the respective Microsoft Teams channel. They are automatically assigned a dministrator rights for the respective Nimbus service. "Service Owners" are manually synched via the Service Administration - can manage skill-based Contact Center services. A Microsoft Teams channel is not required.
User TEAM MEMBERS	Focus on daily Usage of Nimbus. Can handle incoming calls and make Outbound Service Calls Can access live Reporting in viewer role. Can adjust User Settings (e.g. to configure language, permissions)	Nimbus users accounts are added from your Tenant's user directory. All users may log into Nimbus using their credentials, but only see services when they become Team members or Service Agents. "Team Members" (Default) are automatically synced from the respective Microsoft Teams channel - are Nimbus users acting as part of a service team. "Service Agents" are manually synched via the Service Administration - can manage skill-based Contact Center services. A Microsoft Teams channel is not required. Note: Once added to Nimbus any User can have multiple roles, e.g. participate as Agent Team A and own Team B.

Data and User access control concept

To better understand the user access control of Nimbus we need to explain a few related concepts:

Each configurable element in Nimbus is called a data entity. Most entities are assigned to one Organization Unit (OU).
Users are also considered data entities and thus assigned to one OU. Their roles are defined by the access permissions granted within that OU.
The final access concept combines combines OU and Role, answering the following questions:
- OU = Where does a user have access / what can be seen by that user?
- Role = What can the user do on visible entities (create | read | update | delete)?

Learning: Depending on OU and role assignment Nimbus users can see and do different things within their respective service teams.