Roles and Permissions
This page explains the access concept of Nimbus. In the first part we explain how user rights are synched between Nimbus and MS Teams and where Nimbus acts with standalone concepts. The second part covers Roles available in Nimbus and their detailed permissions.
Introduction
Nimbus has a user roles and permissions system that grants permissions based on a Organization Units hierarchical structure. By using this concept, access to configuration entities of Nimbus can be granted on a very granular level. To understand this permission system we need to explain a few related concepts in the following.
Concept | Details | Diagram | |||
---|---|---|---|---|---|
User roles and sync between MS Teams | Nimbus syncs users from your tenant's user directory. Each user can then added in a Nimbus role, e.g. as Admin, Owner or Member/ Agent of a service. The role determines, what a user can do within Nimbus. Depending on what Nimbus Service types are being provisioned on your Tenant, the user synchronization and role assignments are handled slightly different. Nimbus distinguishes by the following User assignment types:
Examples of user assignment
|
| |||
Access to data entities within an Organization Unit scope | As established previously, Users on your Tenant get roles assigned in order to perform various tasks within Nimbus. Now it's important to determine where users can act in their role. This is where the Organization Unit concept comes into place: OU structures and RBAC permissions To understand Organization Units, it is important to know their relationship with Roles and Permissions:
|
|
Role Permission Matrix
Nimbus Role | Access to Backend Admin UI | Access to Frontend Portal UI and Live Call Data | Access to Reporting (BI) OData Interface | Permissions Scope (within the assigned Organization Unit) | Notes |
---|---|---|---|---|---|
Partner Administrator |
| Granted by Luware Support for selected Service Partners. | |||
Tenant Administrator TENANT ADMIN |
| Granted by Luware Support or selected Service Partners. | |||
Organization Unit (OU) Administrator OU ADMIN |
| Manually delegated role by a Tenant Admin via User Administration > Roles. OU Admins can perform most administrative configuration tasks | |||
Team/Service Owner TEAM OWNER |
| Granted and named depending on Service type:
| |||
Service Supervisor SERVICE SUPERVISOR | See |
| Manually granted by a Tenant Admin via User Administration > Roles. Contact Center Requires a Contact Center license on the user. | ||
User Supervisor USER SUPERVISOR | See |
| Manually granted by a Tenant Admin via User Administration > Roles. Contact Center Requires a Contact Center license on the user.
KNOWN LIMITATION If a user has only Supervisor and not a Team Owner / Service Admin role, only the "UserStates" datasets in the report will be shown: UserStates, StateTypes, ResponsibilityProfile, OU, Users. Other tabs and queries in the BI Report may appear blank. → This is intended by design to prevent exposure of individual Service/User/Session data to the wrong audiences. To see a full dataset, the same user also needs a "Service/Team Owner" role assigned.
| ||
User (Team Member, Service Agent) TEAM MEMBERS |
Note: Once added to Nimbus, any user can have multiple roles, e.g.
You can review these roles via User Administration > Roles tab and review the roles of a user. | This role is granted based on Service Type:
|