User Role (RBAC) Matrix

These tables contain the Role Based Access Concept (RBAC) listed by Nimbus Features distinguished by → Frontend (Portal) and → Backend (Admin) interface. User permissions are structured by the CRUD (Create, Read, Update, Delete) principle. For functionality that can be interacted with, there is an Execute right.

 

Admin User Permissions

Admin Roles

NOTES

These roles have access to the Nimbus admin backend panel using the following links:

Nimbus Admin URLs

Switzerland 01 https://admin.luware.cloud/
Germany 01 https://admin.dewe-01.luware.cloud/
Germany 02 https://admin.dewe-02.luware.cloud/
UK 01 https://admin.ukso-01.luware.cloud/
Nimbus Admin Panel URL

✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.

🔍 These roles are granted by Luware Support or selected Service Partners. Details will be discussed during your Onboarding and first Nimbus Installation.

Tenant Administrator
  • Can perform all necessary activities to set up services.
  • Has full access to the OData Interface for  historical tracking (except User States tracking) → See Supervisor role .
  • Can perform License Management tasks for both services and users.
  • Can check Operations to monitor and remove (stuck) tasks.
Organization Unit Administrator
  • Are delegates with similar privileges as the Tenant Administrator. However their scope is limited to the configuration, service and user entities within their Organization Units.
  • Can perform License Management tasks for users.
Workflow Administrator
Admin user roles overview
 

Table: Administrator detail Permissions

Permissions Administrator Level
Tenant Organization Unit Workflow
Overview Services and Calls KPIs R
Total Services R
Service Settings icon E
Calls R
Active Users R
Tenants Tenants
General Name R
O365 Domain R
O365 Name R
Tentant Id R
Tenant Administration Security Group R
Tenant Administration Security Group Information E
Billing Address RU
Contact Name RU
Email RU
Phone Number RU
SIP Address RU
Data Privacy Support - Allow Partner to see User Identifiers R
Support - Allow Partner to see Customer Identifiers R
Track User States RU
Provisioning Default OU for MS Teams creation RU
Allow service provisioning via MS Teams RU
Default Team Owner Role RU
Extensions Outbound Max Scheduled Outbound Tasks per Service R
Interact Interact enabled RU
ACS connection string RU
O365 UserId RU
Widget Key RE
Session Recovery Timeout in Seconds RU
Authorization RU
Assistant Use your own ACS instance RU
Attendant Console Global Contact Search MS Graph Filter RU
Team Visibility RU
Presence Tracking Track Presence over Guest Accounts RU
Grant Permission E
Primary Account R
Test UPN (primary) RU
Secondary Account R
Test UPN (secondary) RU
Modalities Instant Messaging Use your own ACS instance RU
ACS connection string RU
ACS resource ID RU
External Tasks Max concurrent External Tasks per Service R
Licenses Tenant State R
Service Advanced R
Enterprise R
Contact Center Service R
Interact R
User Attendant Console R
Contact Center User R
Interact R
Assistant R
Instant Message Modality R
External Task Modality R
Service Grid Services CRUD CRUD RU
Tasks E E
Download Powershell Script E E E
Tasks Tasks List RD RD
Download Traces E E
Copy Trace Link E
Settings General Name RU RU R
Service Display Name RU RU R
Service UPN RU RU R
Application ID R R R
Organization Unit RU RU R
PSTN Active RU RU R
PSTN E.164 Number RU RU R
Primary Opening Hours RU RU R
Secondary Opening Hours RU RU R
SLA Hangup RU RU R
SLA Acceptance RU RU R
Short Abandons Threshold in Seconds RU RU R
Hide User Statistics from Reporting RU RU R
Show on Historical Session Page RU RU R
Licences RU R R
Modalities RU R R
Modalities Audio Video - Inbound Conversations toggle RU RU R
Audio Video - Audio Video Workflow dropdown RU RU R
Audio Video - Voice Message Channel RU RU R
Audio Video - Outbound Conversations toggle RU RU R
Instant Messaging - Inbound Conversations toggle RU RU R
Instant Messaging - Instant Messaging Workflow dropdown RU RU R
External Task - Active toggle RU RU R
External Task - External Task Workflow dropdown RU RU R
Distribution User Assignement Type RU RU R
Distribution Policy RU RU R
Users Immediatly Active RU RU R
Conversation Distribution - Available R RU R
Conversation Distribution - Dnd R RU R
Conversation Distribution - Offline R RU R
Conversation Distribution - Busy RU RU R
Conversation Distribution - Away RU RU R
Task Priority RU RU R
ACW RU RU R
Persistent RONA RU RU R
Extensions Codes - Primary Codes RU RU R
Codes - Secondary Codes RU RU R
Assistant - Assistanct Conversation Context RU RU R
Assistant - Service Call Templates RU RU R
My Sessions - Conversation Context RU RU R
Store Conversation Context Data toggle RU RU R
My Sessions Widgets - Codes & Tags toggle RU RU R
My Sessions Widgets - Contacts toggle RU RU R
My Sessions Widgets - Embedded Context toggle RU RU R
My Sessions Widgets - Embedded Context dropdown RU RU R
My Sessions Widgets - Session Details toggle RU RU R
My Sessions Widgets - Map toggle RU RU R
My Sessions Widget - Live Transcription toggle RU RU R
My Sessions Widget - Post Call Transcription toggle RU RU R
My Sessions Widgets - Session Parameters RU RU R
Permissions Service Agents List RU RU R
Service Agents Levels and Profiles
Service Owners List RU RU R
Service Owners Levels and Profiles
Users Default Team Owner Role RU RU R
Team member can change active state RU RU RU
Users - list R R R
Users - Role - Member R R R
Users - Role - Owner / Limited Team Owner RU RU R
Users - Active toggle RU RU RU
Virtual Assistant Task Assistant - Audio Transcription toggle RU RU R
Task Assistant - Live Transcription toggle RU RU R
Task Assistant - Speech Recognizer RU RU R
Interact Interact Service Settings RU RU R
Users Users CRUD CRUD
General Display Name R R
Organization Unit RU RU
First Name R R
Last Name R R
UPN R R
O365 ID R R
Licences RU RU
Services Services (user belongs to) R R
Roles Teams-based roles R R
Not Teams-based roles RU RU
Skills Skills and levels RU RU
Profiles Profiles RU RU
N/A Reasons Not Available Reasons toggle RU RU
Not Available Reasons RU RU
Interact User active RU RU
Restrict Access
Domain Template
Integration R R
Assistant Direct Call Templates RU RU
Licensing Tenants Widget
Tenant State Widget R
Service Licenses Widget R
User Licenses Widget R
Level 1 (Tenants List)
Level 2 (Licenses List) R
Level 3 (Edit Popup) RU
Configuration Tenant Organization Units Organization Units CRUD
Name RU
Parent R
Description RU
Workflows Resources Resources CRUD CRUD CRUD
Name RU RU RU
Organization Unit RU RU RU
Audio File RU RU RU
Playlists Play List CRUD CRUD CRUD
Name RU RU RU
Organization Unit RU RU RU
Play List RU RU RU
Workflows Workflow Instances CRUD CRUD RU
Name RU RU R
Organization Unit RU RU R
Template Type R R R
Workflow Template R R R
Workflow RU RU RU
Workflow Templates Workflow Templates CRUD CRUD
Name RU RU
Organization Unit RU RU
Template Type R R
Workflow Template R R
Workflow RU RU
Codes Primary Codes Primary Codes CRUD CRUD
Name RU RU
Organization Unit RU RU
Description RU RU
Secondary Codes Secondary Codes CRUD CRUD
Name RU RU
Organization Unit RU RU
Description RU RU
User Not Available Reasons Not Available Reasons CRUD CRUD
Name RU RU
Organization Unit RU RU
Service Conversation Context Conversation Context CRUD CRUD
Name RU RU
Organization Unit RU RU
URL RU RU
Parameters Parameters CRUD CRUD
Name RU RU
Organization Unit RU RU
Default Value RU RU
ID R RU
Opening Hours Opening Hours CRUD CRUD RU
Name RU RU R
Organization Unit RU RU R
Default RU RU R
Periods CRUD CRUD CRUD
Distribution Skills Skills CRUD CRUD
Name RU RU
Organization Unit RU RU
Skill Categories R
Skill Categories Skill Categories CRUD CRUD
Name RU RU
Organization Unit RU RU
Skill Levels RU RU
Responsibility Levels RU RU
Distribution Policies Distribution Policies CRUD CRUD
Name RU CRUD
Organization Unit RU CRUD
Order RU RU
Preferred User Routing RU RU
Waiting Time toggle RU RU
Waiting Time editbox RU RU
Last User Routing toggle RU RU
Last User Routing Treshold editbox RU RU
Distribution Levels RU RU
Responsibility Profiles Responsibility Profiles CRUD CRUD
Name RU RU
Organization Unit RU RU
Duty toggle R R
Dashboard Non Personal Dashboards Non Personal Dashboards CRUD CRUD
Name RU RU
Organization Unit RU RU
Description RU RU
Color RU RU
Picture RU RU
Dashboard Properties (widgets) RU RU
Attendant Console Address Books Address Books CRUD CRUD
Name RU RU
Organization Unit RU CRUD
Image RU CRUD
Interact Domain Templates (CORS) Domain Templates (CORS) CRUD CRUD
Name RU RU
Organization Unit RU RU
Domain RU RU
Nimbus Assistant Direct Call Templates Direct Call Templates CRUD CRUD
Name RU RU
Organization Unit RU RU
Description RU RU
Trigger Event RU RU
Call Type R R
Actions RU RU
Inbound Internal Teams Calls RU RU
Inbound PSTN Calls RU RU
Inbound External Teams Calls RU RU
Service Call Templates Service Call Templates CRUD CRUD
Name RU RU
Organization Unit RU RU
Description RU RU
Trigger Event RU RU
Call Type R R
Actions RU RU
Inbound Internal Teams Calls RU RU
Inbound PSTN Calls RU RU
Inbound External Teams Calls RU RU
Outbound Service Calls RU RU
Virtual Assistant Speech Recognizer Speech Recognizer CRUD CRUD
Name RU RU
Organization Unit RU RU
Type RU RU
Language (MSFT) RU RU
Region (MSFT) RU RU
Key RU RU
Operations Service Tenant dropdown R
Service dropdown RU
Tasks doughnut R
Tasks list RD
Last Interaction R
Interactions R
Last Updated RE
History R
Download Traces E
Copy Trace Link
Customer Tenant dropdown R
Customer dropdown RU
Last Interaction R
Interactions R
History R
Download Traces E
Copy Trace Link
 
 

Portal User Permissions

Portal Roles

NOTES

These roles have access to the Nimbus portal using the following links:

Nimbus Portal URLs

Switzerland 01 https://portal.luware.cloud/
Germany 01 https://portal.dewe-01.luware.cloud/
Germany 02 https://portal.dewe-02.luware.cloud/
UK 01 https://portal.ukso-01.luware.cloud/
Nimbus Portal URLs

✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.

🔍 Roles are granted depending on Service type, as each scenario mandates a certain method of User Assignment.

User All Nimbus user accounts are synched from the Customer Tenant's user directory. Users log into Nimbus using O365 credentials, but only see Nimbus services and data when they become Team members or Service Agents respectively.
Team Members For Auto-Synced to MS Teams Channel roles. No manual assignment needed.
Team Owners Auto-Synced to MS Teams Channel roles. Automatically granted rights to fully manage the respective Nimbus service.  No manual assignment needed.
Skill-based users

Contact Center Requires a Contact Center license on the user. Skills are granted via User Administration > "Skills"  Tab per user. Skill-based users get tasks distributed via Distribution Policies, based on their Skills and Responsibilities, distributed in pools of users with similar skills assigned.

Interaction with Service pages of the Nimbus UI  or an associated MS Teams channel is not necessarily required.

Service Agents

Contact Center Requires a Contact Center license on the user . Role is granted via Service Administration > "Permissions " Tab per service. Compared to Skill-based users, Agents have access to additional Service Portal UI elements.

An associated Microsoft Teams channel is not required.

Service Owner

Contact Center Requires a Contact Center license on the user. Manually granted via Service Administration > "Permissions " Tab.

An associated Microsoft Teams channel is not required.

Supervisor

Contact Center Requires a Contact Center license on the user. An addition to an Owner-type role, manually granted via User Administration > Roles Tab. Can access Power BI OData interface to access extended User State reporting.

 

LIMITATION BY DESIGN If a user has only Supervisor and not a Team Owner / Service Admin role, only the "UserStates" dataset in the report will be shown, consisting of: UserStates, StateTypes, ResponsibilityProfile, OU, Users. Other tabs and queries in the BI Report may appear blank. 
→ This is intended by design to prevent exposure of individual Service/User/Session data to the wrong audiences. To see a full dataset, the same user also needs a "Service/Team Owner" role assigned.

 
Frontend Portal Permissions (Create, Read, Update, Delete, Execute) Supervisor User Team / Service Owner
  User Service Team Member Skill-Based Agent Owner Owner Limited
My Services My Services   R R   R R R
Access Service Settings   E       E E
Call on Behalf     E - E E E
Users - Self-Active Toggle   N/A RU   N/A RU RU
Users - Other-Active Toggle   RU R   N/A RU RU
Pickup     E   N/A E E
Service Dashboard Dashboard   R R   R R R
Users List   R R   R R R
Users - Self-Active Toggle   N/A RU   N/A RU RU
Users - Other-Active Toggle   RU R   N/A RU RU
Pickup     E   N/A E E
Today's Reporting KPIs   R R   R R R
Reporting Reporting   R R   R R R
Users Statistics   R R   R R R
Tasks Heatmap   R R   R R R
Historical Sessions Sessions (Results, Types)   R       R R
Settings General Name   R       RU R
Service Display Name   R       RU R
Service UPN   R       RU R
Application ID   R       R R
Organization Unit   R       RU R
PSTN Active   R       RU R
PSTN E.164 Number   R       RU R
Opening Hours   RU       RU RU
Reporting - SLA   RU       RU RU
Reporting - Hide User Statistics   R       R R
Reporting - Show on Historical Sessions   R       R R
Modalities Inbound Conversations    R       RU R
Voice Message Channel   R       RU R
Outbound Conversations   R       RU R
Instant Messaging   R       RU R
Service System Messages   R       RU R
External Tasks   R       RU R
Distribution User Assignement Type   R       RU R
Distribution Policy   R       RU R
Users Immediatly Active   R       RU R
Conversation Distribution (Busy, Away)   R       RU R
Conversation Distribution (Available, DND, Offline)   R       R R
Task Priority    R       RU R
After Call Work (ACW)   R       RU R
RONA   R       RU R
Extensions Codes (Primary, Secondary)   R       RU R
Assistant Context and Templates   R       RU R
Store Context Data toggle   R       RU R
My Sessions Context   R       RU R
Widgets - Codes & Tags   R       RU R
Widgets - Contacts   R       RU R
Widgets - Embedded Context   R       RU R
Widgets - Session Details   R       RU R
Widgets - Map   R       RU R
Users (MS Teams Based Services) Default Team Owner Role   R       R R
Team member can change active state   R       RU R
Active Toggle   RU       RU RU
Team Owner Roles   R       R R
Agents (Skill Based services Service Agents List   R       R R
Service Agents Levels and Profiles           RU  
Service Owners List   R       R R
Service Owners Levels and Profiles           RU  
Interact Active Toggle           RU  
AV Modality           RU  
IM Modality           RU  
Restrict Access           R  
Integration Template           R  
Frontend Configuration Permissions (Create, Read, Update, Delete, Execute) Supervisor User Team / Service Owner
  User Service Team Member Skill-Based Agent Owner Owner Limited
Configuration Workflows Resources (Audio Files)           CRUD CRUD
Playlists           CRUD CRUD
Workflows (Instances)           CRUD CRUD
Codes Primary Codes           CRUD  
Secondary Codes           CRUD  
Service Conversation Context           CRUD  
Parameters           CRUD  
Opening Hours   CRUD       CRUD CRUD
Dashboard and Reporting Permissions (Create, Read, Update, Delete, Execute) Supervisor User Team / Service Owner
  User Service Team Member Skill-Based Agent Owner Owner Limited
Personal Dashboard Personal Dashboards     RU   RU RU RU
Non Personal Dashboards Non Personal Dashboards R R     R    
Service Supervision R R          
Dashboard Widgets Service Service KPI Tile   R     R R R
Service KPI Tabular   R     R R R
Service KPI Chart   R     R R R
Service KPI Comparison Chart   R     R R R
Service KPI Graph   R     R R R
Service Queue Tabular   R     R R R
Live Service Tasks Tabular   R     R R R
Service Outbound Tasks Tabular   R / E     R R / E R
Service External Tasks Tabular   R / E     R R / E R
Service Heatmap   R     R R R
Supervision Service Supervision / Controls   R / E       R R
User User State Tabular R            
User Supervisor Tabular / Controls R / E            
User State Chart R            
User Tile R       R R  
Common Widgets Markdown R R R R R R R
Date & Time R R R R R R R
Embedded Website R R R R R R R
Reporting (OData) Service  Sessions   R       R R
User Sessions   R       R R
States R            

 

 

 
 

Power Automate User Permissions

Power Automate Roles

Revoked Role Limitation

If a User configures a Power Automate Flow for a service, but then loses permissions to configure such a flow (e.g. removed as Service Owner), the previously configured Power Automate Flows will still be triggered.

✅When changing service ownership we recommend you to check for leftover flows or use a global administrator to manage all your flow needs in a centralized fashion.

 
Power Automate Permissions   
(E = Execute)

Admin

Supervisor

User

Team / Service Owner

    Certified Connector Custom Connector Tenant OU User Service Team Member Skill-Based

Agent

 

Owner Owner Limited
Conversation Triggers - GetOnNewTasks E             E  
When a task changes state GetOnUpdatedTasks E             E  
Actions Update task UpdateTask E             E  
Add a new external task AddExternalTask E             E  
Remove an external task RemoveExternalTask E             E  
Address Books Actions Add a contact to an address book AddOrUpdateContact E E              
Update a contact in an address book - E E              
Empty an address book ClearContacts E E              
Get contact(s) from ana address book GetContacts E E              
Remove contact(s) from an address book RemoveContacts E E              
Outbound Service Calls Triggers When a scheduler entry changes state GetOnUpdated   
OutboundTask
E             E E
Actions Schedule a new outbound call AddOrUpdate   
OutboundTask
E             E E
Get all scheduler entries GetOutboundTasks E             E E
Update a scheduler entry - E             E E
Remove a scheduler entry Remove   
OutboundTask
E             E E
Nimbus user roles with Power Automate access

 

 
 

Table of Contents