This page explains the access concept of Nimbus. In the first part we explain how user rights are synched between Nimbus and MS Teams and where Nimbus acts with standalone concepts. The second part covers Roles available in Nimbus and their detailed permissions.
Teams, Users and Organization Units
Nimbus has a user roles and permissions system that grants permissions based on a Organization Units hierarchical structure. By using this concept, access to configuration entities of Nimbus can be granted on a very granular level. To understand this permission system we need to explain a few related concepts in the following.
Concept | Details | Diagram |
---|---|---|
User roles and sync between MS Teams | Nimbus syncs users from your tenant's user directory. Each user can then added in a Nimbus role, e.g. as Admin, Owner or Member/ Agent of a service. The role determines, what a user can do within Nimbus.
🔍You can find detailed permissions behind each role explained in the "Role Permission Matrix" table below.
Depending on what Nimbus Service types are being provisioned on your Tenant, Nimbus distinguishes the user role sync by their User assignment types.
🔍 More details on the assignment type and individual user roles are explained in the Role Permission Matrix chapter below. |
|
Access to data entities within an Organization Unit scope | As more users on your Tenant get roles assigned, it's important to distinguish where users can act this role. This is where the Organization Unit concept comes into place:
To understand Organization Units, it is important to know their relationship in the RBAC model. OU STRUCTURES AND RBACEach configurable element in Nimbus is called a data entity.
Organization Units provide a structure to all data entities, e.g. by mirroring a company's organization levels and departments.
RBAC - Role Based Access Control restricts and grants access within any Organization Unit, e.g. by assigning functions to users according to their role in the organization.
|
💡 Organization Units determine where a configurable data entity is placed. Each data entity must belong to exactly one Organization Unit. This includes all Nimbus users, as their OUs determines from which "point of view" they can act in their role.
💡 RBAC determines which actions (Create, Read, Update, Delete) are possible on configurable entities.
💡User roles define a set of permissions on such entities granted within one or multiple Organzation Units. |
User Role Permission Matrix
The following tabs are taken from the following pages:
User Role (RBAC) Matrix
These tables contain the Role Based Access Concept (RBAC) listed by Nimbus Features distinguished by → Frontend (Portal) and → Backend (Admin) interface. User permissions are structured by the CRUD (Create, Read, Update, Delete) principle. For functionality that can be interacted with, there is an Execute right.
Admin User Permissions
Admin Roles
NOTES
These roles have access to the Nimbus admin backend panel using the following links:
Nimbus Admin URLs
Switzerland 01 | https://admin.ch-01.luware.cloud/ |
---|---|
Switzerland 02 | https://admin.ch-02.luware.cloud/ |
Germany 01 | https://admin.dewe-01.luware.cloud/ |
Germany 02 | https://admin.dewe-02.luware.cloud/ |
United Kingdom 01 | https://admin.ukso-01.luware.cloud/ |
✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.
🔍 These roles are granted by Luware Support or selected Service Partners. Details will be discussed during your Onboarding and first Nimbus Installation.
Tenant Administrator |
|
---|---|
Organization Unit Administrator |
|
Workflow Administrator |
|
Table: Administrator detail Permissions
Portal User Permissions
Portal Roles
NOTES
These roles have access to the Nimbus portal using the following links:
Nimbus Portal URLs
Switzerland 01 | https://portal.ch-01.luware.cloud/ |
---|---|
Switzerland 02 | https://portal.ch-02.luware.cloud/ |
Germany 01 | https://portal.dewe-01.luware.cloud/ |
Germany 02 | https://portal.dewe-02.luware.cloud/ |
United Kingdom 01 | https://portal.ukso-01.luware.cloud/ |
✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.
🔍 Roles are granted depending on Service type, as each scenario mandates a certain method of User Assignment.
User | All Nimbus user accounts are synched from the Customer Tenant's user directory. Users log into Nimbus using O365 credentials, but only see Nimbus services and data when they become Team members or Service Agents respectively. |
---|---|
Team Members | For Auto-Synced to MS Teams Channel roles. No manual assignment needed. |
Team Owners | Auto-Synced to MS Teams Channel roles. Automatically granted rights to fully manage the respective Nimbus service. No manual assignment needed. |
Skill-based users |
Contact Center Requires a Contact Center license on the user. Skills are granted via User Administration > "Skills" Tab per user. Skill-based users get tasks distributed via Distribution Policies, based on their Skills and Responsibilities, distributed in pools of users with similar skills assigned. Interaction with Service pages of the Nimbus UI or an associated MS Teams channel is not necessarily required. |
Service Agents |
Contact Center Requires a Contact Center license on the user . Role is granted via Service Administration > "Permissions " Tab per service. Compared to Skill-based users, Agents have access to additional Service Portal UI elements. An associated Microsoft Teams channel is not required. |
Service Owner |
Contact Center Requires a Contact Center license on the user. Manually granted via Service Administration > "Permissions " Tab. An associated Microsoft Teams channel is not required. |
Supervisor |
Contact Center Requires a Contact Center license on the user. An addition to an Owner-type role, manually granted via User Administration > Roles Tab. Can access Power BI OData interface to access extended User State reporting.
LIMITATION BY DESIGN If a user has only Supervisor and not a Team Owner / Service Admin role, only the "UserStates" dataset in the report will be shown, consisting of: UserStates, StateTypes, ResponsibilityProfile, OU, Users. Other tabs and queries in the BI Report may appear blank. |
Frontend Portal Permissions (Create, Read, Update, Delete, Execute) | Supervisor | User | Team / Service Owner | |||||||
---|---|---|---|---|---|---|---|---|---|---|
User | Service | Team Member | Skill-Based | Agent | Owner | Owner Limited | ||||
My Services | My Services | R | R | R | R | R | ||||
Access Service Settings | E | E | E | |||||||
Call on Behalf | E | - | E | E | E | |||||
Users - Self-Active Toggle | N/A | RU | N/A | RU | RU | |||||
Users - Other-Active Toggle | RU | R | N/A | RU | RU | |||||
Pickup | E | N/A | E | E | ||||||
Service | Dashboard | Dashboard | R | R | R | R | R | |||
Users List | R | R | R | R | R | |||||
Users - Self-Active Toggle | N/A | RU | N/A | RU | RU | |||||
Users - Other-Active Toggle | RU | R | N/A | RU | RU | |||||
Pickup | E | N/A | E | E | ||||||
Today's Reporting KPIs | R | R | R | R | R | |||||
Reporting | Reporting | R | R | R | R | R | ||||
Users Statistics | R | R | R | R | R | |||||
Tasks Heatmap | R | R | R | R | R | |||||
Historical Sessions | Sessions (Results, Types) | R | R | R | ||||||
Settings | General | Name | R | RU | R | |||||
Service Display Name | R | RU | R | |||||||
Service UPN | R | RU | R | |||||||
Application ID | R | R | R | |||||||
Organization Unit | R | RU | R | |||||||
PSTN Active | R | RU | R | |||||||
PSTN E.164 Number | R | RU | R | |||||||
Opening Hours | RU | RU | RU | |||||||
Reporting - SLA | RU | RU | RU | |||||||
Reporting - Hide User Statistics | R | R | R | |||||||
Reporting - Show on Historical Sessions | R | R | R | |||||||
Modalities | Inbound Conversations | R | RU | R | ||||||
Voice Message Channel | R | RU | R | |||||||
Outbound Conversations | R | RU | R | |||||||
Instant Messaging | R | RU | R | |||||||
Service System Messages | R | RU | R | |||||||
External Tasks | R | RU | R | |||||||
Distribution | User Assignement Type | R | RU | R | ||||||
Distribution Policy | R | RU | R | |||||||
Users Immediatly Active | R | RU | R | |||||||
Conversation Distribution (Busy, Away) | R | RU | R | |||||||
Conversation Distribution (Available, DND, Offline) | R | R | R | |||||||
Task Priority | R | RU | R | |||||||
After Call Work (ACW) | R | RU | R | |||||||
RONA | R | RU | R | |||||||
Extensions | Codes (Primary, Secondary) | R | RU | R | ||||||
Assistant Context and Templates | R | RU | R | |||||||
Store Context Data toggle | R | RU | R | |||||||
My Sessions Context | R | RU | R | |||||||
Widgets - Codes & Tags | R | RU | R | |||||||
Widgets - Contacts | R | RU | R | |||||||
Widgets - Embedded Context | R | RU | R | |||||||
Widgets - Session Details | R | RU | R | |||||||
Widgets - Map | R | RU | R | |||||||
Users (MS Teams Based Services) | Default Team Owner Role | R | R | R | ||||||
Team member can change active state | R | RU | R | |||||||
Active Toggle | RU | RU | RU | |||||||
Team Owner Roles | R | R | R | |||||||
Agents (Skill Based services | Service Agents List | R | R | R | ||||||
Service Agents Levels and Profiles | RU | |||||||||
Service Owners List | R | R | R | |||||||
Service Owners Levels and Profiles | RU | |||||||||
Interact | Active Toggle | RU | ||||||||
AV Modality | RU | |||||||||
IM Modality | RU | |||||||||
Restrict Access | R | |||||||||
Integration Template | R | |||||||||
Frontend Configuration Permissions (Create, Read, Update, Delete, Execute) | Supervisor | User | Team / Service Owner | |||||||
User | Service | Team Member | Skill-Based | Agent | Owner | Owner Limited | ||||
Configuration | Workflows | Resources (Audio Files) | CRUD | CRUD | ||||||
Playlists | CRUD | CRUD | ||||||||
Workflows (Instances) | CRUD | CRUD | ||||||||
Codes | Primary Codes | CRUD | ||||||||
Secondary Codes | CRUD | |||||||||
Service | Conversation Context | CRUD | ||||||||
Parameters | CRUD | |||||||||
Opening Hours | CRUD | CRUD | CRUD | |||||||
Dashboard and Reporting Permissions (Create, Read, Update, Delete, Execute) | Supervisor | User | Team / Service Owner | |||||||
User | Service | Team Member | Skill-Based | Agent | Owner | Owner Limited | ||||
Personal Dashboard | Personal Dashboards | RU | RU | RU | RU | |||||
Non Personal Dashboards | Non Personal Dashboards | R | R | R | ||||||
Service Supervision | R | R | ||||||||
Dashboard Widgets | Service | Service KPI Tile | R | R | R | R | ||||
Service KPI Tabular | R | R | R | R | ||||||
Service KPI Chart | R | R | R | R | ||||||
Service KPI Comparison Chart | R | R | R | R | ||||||
Service KPI Graph | R | R | R | R | ||||||
Service Queue Tabular | R | R | R | R | ||||||
Live Service Tasks Tabular | R | R | R | R | ||||||
Service Outbound Tasks Tabular | R / E | R | R / E | R | ||||||
Service External Tasks Tabular | R / E | R | R / E | R | ||||||
Service Heatmap | R | R | R | R | ||||||
Supervision | Service Supervision / Controls | R / E | R | R | ||||||
User | User State Tabular | R | ||||||||
User Supervisor Tabular / Controls | R / E | |||||||||
User State Chart | R | |||||||||
User Tile | R | R | R | |||||||
Common Widgets | Markdown | R | R | R | R | R | R | R | ||
Date & Time | R | R | R | R | R | R | R | |||
Embedded Website | R | R | R | R | R | R | R | |||
Reporting (OData) | Service | Sessions | R | R | R | |||||
User | Sessions | R | R | R | ||||||
States | R |
Power Automate User Permissions
Power Automate Roles
Revoked Role Limitation
If a User configures a Power Automate Flow for a service, but then loses permissions to configure such a flow (e.g. removed as Service Owner), the previously configured Power Automate Flows will still be triggered.
✅When changing service ownership we recommend you to check for leftover flows or use a global administrator to manage all your flow needs in a centralized fashion.
Power Automate Permissions (E = Execute) |
Admin |
Supervisor |
User |
Team / Service Owner |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Certified Connector | Custom Connector | Tenant | OU | User | Service | Team Member | Skill-Based |
Agent
|
Owner | Owner Limited | ||
Conversation | Triggers | - | GetOnNewTasks | E | E | |||||||
When a task changes state | GetOnUpdatedTasks | E | E | |||||||||
Actions | Update task | UpdateTask | E | E | ||||||||
Add a new external task | AddExternalTask | E | E | |||||||||
Remove an external task | RemoveExternalTask | E | E | |||||||||
Address Books | Actions | Add a contact to an address book | AddOrUpdateContact | E | E | |||||||
Update a contact in an address book | - | E | E | |||||||||
Empty an address book | ClearContacts | E | E | |||||||||
Get contact(s) from ana address book | GetContacts | E | E | |||||||||
Remove contact(s) from an address book | RemoveContacts | E | E | |||||||||
Outbound Service Calls | Triggers | When a scheduler entry changes state | GetOnUpdated OutboundTask |
E | E | E | ||||||
Actions | Schedule a new outbound call | AddOrUpdate OutboundTask |
E | E | E | |||||||
Get all scheduler entries | GetOutboundTasks | E | E | E | ||||||||
Update a scheduler entry | - | E | E | E | ||||||||
Remove a scheduler entry | Remove OutboundTask |
E | E | E |