Home Nimbus Administration Role Based Access Concept

User Role (RBAC) Matrix

These tables contain the Role Based Access Concept (RBAC) listed by Nimbus Features distinguished by → Frontend (Portal) and → Backend (Admin) interface. User permissions are structured by the CRUD (Create, Read, Update, Delete) principle. For functionality that can be interacted with, there is an Execute right.

Admin User Permissions

Admin Roles

NOTES

These roles have access to the Nimbus admin backend panel using the following links:

Nimbus Admin URLs

Switzerland 01	https://admin.ch-01.luware.cloud/
Switzerland 02	https://admin.ch-02.luware.cloud/
Germany 01	https://admin.dewe-01.luware.cloud/
Germany 02	https://admin.dewe-02.luware.cloud/
United Kingdom 01	https://admin.ukso-01.luware.cloud/

Nimbus Admin Panel URL

✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.

🔍 These roles are granted by Luware Support or selected Service Partners. Details will be discussed during your Onboarding and first Nimbus Installation.

Tenant Administrator	Can perform all necessary activities to set up services. Has full access to the OData Interface for historical tracking (except User States tracking) → See Supervisor role . Can perform License Management tasks for both services and users. Can check Operations to monitor and remove (stuck) tasks.
Organization Unit Administrator	Are delegates with similar privileges as the Tenant Administrator. However their scope is limited to the configuration, service and user entities within their Organization Units. Can perform License Management tasks for users.
Workflow Administrator	Can read, update Opening Hour and Workflows in the Service Settings. May only read all other settings. Can manage Resources and Playlists. Can manage service users "Active" state. No access to Reporting data.

Admin user roles overview

Table: Administrator detail Permissions

Permissions				Administrator Level
Permissions				Administrator Level			Tenant	Organization Unit	Workflow
Overview			Services and Calls KPIs	R
			Total Services	R
			Service Settings icon	E
			Calls	R
			Active Users	R
Tenants			Tenants
	General		Name	R
			O365 Domain	R
			O365 Name	R
			Tentant Id	R
			Tenant Administration Security Group	R
			Tenant Administration Security Group Information	E
			Billing Address	RU
	Contact		Name	RU
			Email	RU
			Phone Number	RU
			SIP Address	RU
	Data Privacy		Support - Allow Partner to see User Identifiers	R
			Support - Allow Partner to see Customer Identifiers	R
			Track User States	RU
	Provisioning		Default OU for MS Teams creation	RU
			Allow service provisioning via MS Teams	RU
			Default Team Owner Role	RU
	Extensions	Outbound	Max Scheduled Outbound Tasks per Service	R
		Interact	Interact enabled	RU
			ACS connection string	RU
			O365 UserId	RU
			Widget Key	RE
			Session Recovery Timeout in Seconds	RU
			Authorization	RU
		Assistant	Use your own ACS instance	RU
		Attendant Console	Global Contact Search MS Graph Filter	RU
			Team Visibility	RU
		Presence Tracking	Track Presence over Guest Accounts	RU
			Grant Permission	E
			Primary Account	R
			Test UPN (primary)	RU
			Secondary Account	R
			Test UPN (secondary)	RU
	Modalities	Instant Messaging	Use your own ACS instance	RU
			ACS connection string	RU
			ACS resource ID	RU
		External Tasks	Max concurrent External Tasks per Service	R
	Licenses		Tenant State	R
		Service	Advanced	R
			Enterprise	R
			Contact Center Service	R
			Interact	R
		User	Attendant Console	R
			Contact Center User	R
			Interact	R
			Assistant	R
			Instant Message Modality	R
			External Task Modality	R
Service	Grid		Services	CRUD	CRUD	RU
			Tasks	E	E
			Download Powershell Script	E	E	E
		Tasks	Tasks List	RD	RD
			Download Traces	E	E
			Copy Trace Link	E
	Settings	General	Name	RU	RU	R
			Service Display Name	RU	RU	R
			Service UPN	RU	RU	R
			Application ID	R	R	R
			Organization Unit	RU	RU	R
			PSTN Active	RU	RU	R
			PSTN E.164 Number	RU	RU	R
			Primary Opening Hours	RU	RU	R
			Secondary Opening Hours	RU	RU	R
			SLA Hangup	RU	RU	R
			SLA Acceptance	RU	RU	R
			Short Abandons Threshold in Seconds	RU	RU	R
			Hide User Statistics from Reporting	RU	RU	R
			Show on Historical Session Page	RU	RU	R
			Licences	RU	R	R
			Modalities	RU	R	R
		Modalities	Audio Video - Inbound Conversations toggle	RU	RU	R
			Audio Video - Audio Video Workflow dropdown	RU	RU	R
			Audio Video - Voice Message Channel	RU	RU	R
			Audio Video - Outbound Conversations toggle	RU	RU	R
			Instant Messaging - Inbound Conversations toggle	RU	RU	R
			Instant Messaging - Instant Messaging Workflow dropdown	RU	RU	R
			External Task - Active toggle	RU	RU	R
			External Task - External Task Workflow dropdown	RU	RU	R
		Distribution	User Assignement Type	RU	RU	R
			Distribution Policy	RU	RU	R
			Users Immediatly Active	RU	RU	R
			Conversation Distribution - Available	R	RU	R
			Conversation Distribution - Dnd	R	RU	R
			Conversation Distribution - Offline	R	RU	R
			Conversation Distribution - Busy	RU	RU	R
			Conversation Distribution - Away	RU	RU	R
			Task Priority	RU	RU	R
			ACW	RU	RU	R
			Persistent RONA	RU	RU	R
		Extensions	Codes - Primary Codes	RU	RU	R
			Codes - Secondary Codes	RU	RU	R
			Assistant - Assistanct Conversation Context	RU	RU	R
			Assistant - Service Call Templates	RU	RU	R
			My Sessions - Conversation Context	RU	RU	R
			Store Conversation Context Data toggle	RU	RU	R
			My Sessions Widgets - Codes & Tags toggle	RU	RU	R
			My Sessions Widgets - Contacts toggle	RU	RU	R
			My Sessions Widgets - Embedded Context toggle	RU	RU	R
			My Sessions Widgets - Embedded Context dropdown	RU	RU	R
			My Sessions Widgets - Session Details toggle	RU	RU	R
			My Sessions Widgets - Map toggle	RU	RU	R
			My Sessions Widget - Live Transcription toggle	RU	RU	R
			My Sessions Widget - Post Call Transcription toggle	RU	RU	R
			My Sessions Widgets - Session Parameters	RU	RU	R
		Permissions	Service Agents List	RU	RU	R
			Service Agents Levels and Profiles
			Service Owners List	RU	RU	R
			Service Owners Levels and Profiles
		Users	Default Team Owner Role	RU	RU	R
			Team member can change active state	RU	RU	RU
			Users - list	R	R	R
			Users - Role - Member	R	R	R
			Users - Role - Owner / Limited Team Owner	RU	RU	R
			Users - Active toggle	RU	RU	RU
		Virtual Assistant	Task Assistant - Audio Transcription toggle	RU	RU	R
			Task Assistant - Live Transcription toggle	RU	RU	R
			Task Assistant - Speech Recognizer	RU	RU	R
		Interact	Interact Service Settings	RU	RU	R
Users			Users	CRUD	CRUD
		General	Display Name	R	R
			Organization Unit	RU	RU
			First Name	R	R
			Last Name	R	R
			UPN	R	R
			O365 ID	R	R
			Licences	RU	RU
		Services	Services (user belongs to)	R	R
		Roles	Teams-based roles	R	R
			Not Teams-based roles	RU	RU
		Skills	Skills and levels	RU	RU
		Profiles	Profiles	RU	RU
		N/A Reasons	Not Available Reasons toggle	RU	RU
			Not Available Reasons	RU	RU
		Interact	User active	RU	RU
			Restrict Access
			Domain Template
			Integration	R	R
		Assistant	Direct Call Templates	RU	RU
Licensing			Tenants Widget
			Tenant State Widget	R
			Service Licenses Widget	R
			User Licenses Widget	R
			Level 1 (Tenants List)
			Level 2 (Licenses List)	R
			Level 3 (Edit Popup)	RU
Configuration	Tenant	Organization Units	Organization Units	CRUD
			Name	RU
			Parent	R
			Description	RU
	Workflows	Resources	Resources	CRUD	CRUD	CRUD
			Name	RU	RU	RU
			Organization Unit	RU	RU	RU
			Audio File	RU	RU	RU
		Playlists	Play List	CRUD	CRUD	CRUD
			Name	RU	RU	RU
			Organization Unit	RU	RU	RU
			Play List	RU	RU	RU
		Workflows	Workflow Instances	CRUD	CRUD	RU
			Name	RU	RU	R
			Organization Unit	RU	RU	R
			Template Type	R	R	R
			Workflow Template	R	R	R
			Workflow	RU	RU	RU
		Workflow Templates	Workflow Templates	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Template Type	R	R
			Workflow Template	R	R
			Workflow	RU	RU
	Codes	Primary Codes	Primary Codes	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Description	RU	RU
		Secondary Codes	Secondary Codes	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Description	RU	RU
	User	Not Available Reasons	Not Available Reasons	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
	Service	Conversation Context	Conversation Context	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			URL	RU	RU
		Parameters	Parameters	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Default Value	RU	RU
			ID	R	RU
		Opening Hours	Opening Hours	CRUD	CRUD	RU
			Name	RU	RU	R
			Organization Unit	RU	RU	R
			Default	RU	RU	R
			Periods	CRUD	CRUD	CRUD
	Distribution	Skills	Skills	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Skill Categories	R
		Skill Categories	Skill Categories	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Skill Levels	RU	RU
			Responsibility Levels	RU	RU
		Distribution Policies	Distribution Policies	CRUD	CRUD
			Name	RU	CRUD
			Organization Unit	RU	CRUD
			Order	RU	RU
			Preferred User Routing	RU	RU
			Waiting Time toggle	RU	RU
			Waiting Time editbox	RU	RU
			Last User Routing toggle	RU	RU
			Last User Routing Treshold editbox	RU	RU
			Distribution Levels	RU	RU
		Responsibility Profiles	Responsibility Profiles	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Duty toggle	R	R
	Dashboard	Non Personal Dashboards	Non Personal Dashboards	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Description	RU	RU
			Color	RU	RU
			Picture	RU	RU
			Dashboard Properties (widgets)	RU	RU
	Attendant Console	Address Books	Address Books	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	CRUD
			Image	RU	CRUD
	Interact	Domain Templates (CORS)	Domain Templates (CORS)	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Domain	RU	RU
	Nimbus Assistant	Direct Call Templates	Direct Call Templates	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Description	RU	RU
			Trigger Event	RU	RU
			Call Type	R	R
			Actions	RU	RU
			Inbound Internal Teams Calls	RU	RU
			Inbound PSTN Calls	RU	RU
			Inbound External Teams Calls	RU	RU
		Service Call Templates	Service Call Templates	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Description	RU	RU
			Trigger Event	RU	RU
			Call Type	R	R
			Actions	RU	RU
			Inbound Internal Teams Calls	RU	RU
			Inbound PSTN Calls	RU	RU
			Inbound External Teams Calls	RU	RU
			Outbound Service Calls	RU	RU
	Virtual Assistant	Speech Recognizer	Speech Recognizer	CRUD	CRUD
			Name	RU	RU
			Organization Unit	RU	RU
			Type	RU	RU
			Language (MSFT)	RU	RU
			Region (MSFT)	RU	RU
			Key	RU	RU
Operations		Service	Tenant dropdown	R
			Service dropdown	RU
			Tasks doughnut	R
			Tasks list	RD
			Last Interaction	R
			Interactions	R
			Last Updated	RE
			History	R
			Download Traces	E
			Copy Trace Link
		Customer	Tenant dropdown	R
			Customer dropdown	RU
			Last Interaction	R
			Interactions	R
			History	R
			Download Traces	E
			Copy Trace Link

Portal User Permissions

Portal Roles

NOTES

These roles have access to the Nimbus portal using the following links:

Nimbus Portal URLs

Switzerland 01	https://portal.ch-01.luware.cloud/
Switzerland 02	https://portal.ch-02.luware.cloud/
Germany 01	https://portal.dewe-01.luware.cloud/
Germany 02	https://portal.dewe-02.luware.cloud/
United Kingdom 01	https://portal.ukso-01.luware.cloud/

Nimbus Portal URLs

✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.

🔍 Roles are granted depending on Service type, as each scenario mandates a certain method of User Assignment.

User	All Nimbus user accounts are synched from the Customer Tenant's user directory. Users log into Nimbus using O365 credentials, but only see Nimbus services and data when they become Team members or Service Agents respectively.
Team Members	For Auto-Synced to MS Teams Channel roles. No manual assignment needed.
Team Owners	Auto-Synced to MS Teams Channel roles. Automatically granted rights to fully manage the respective Nimbus service. No manual assignment needed.
Skill-based users	Contact Center Requires a Contact Center license on the user. Skills are granted via User Administration > "Skills" Tab per user. Skill-based users get tasks distributed via Distribution Policies, based on their Skills and Responsibilities, distributed in pools of users with similar skills assigned. Interaction with Service pages of the Nimbus UI or an associated MS Teams channel is not necessarily required.
Service Agents	Contact Center Requires a Contact Center license on the user . Role is granted via Service Administration > "Permissions " Tab per service. Compared to Skill-based users, Agents have access to additional Service Portal UI elements. An associated Microsoft Teams channel is not required.
Service Owner	Contact Center Requires a Contact Center license on the user. Manually granted via Service Administration > "Permissions " Tab. An associated Microsoft Teams channel is not required.
Supervisor	Contact Center Requires a Contact Center license on the user. An addition to an Owner-type role, manually granted via User Administration > Roles Tab. Can access Power BI OData interface to access extended User State reporting. LIMITATION BY DESIGN If a user has only Supervisor and not a Team Owner / Service Admin role, only the "UserStates" dataset in the report will be shown, consisting of: UserStates, StateTypes, ResponsibilityProfile, OU, Users. Other tabs and queries in the BI Report may appear blank. → This is intended by design to prevent exposure of individual Service/User/Session data to the wrong audiences. To see a full dataset, the same user also needs a "Service/Team Owner" role assigned.

Frontend Portal Permissions (Create, Read, Update, Delete, Execute)				Supervisor		User			Team / Service Owner
				User	Service	Team Member	Skill-Based	Agent	Owner	Owner Limited
My Services			My Services		R	R		R	R	R
			Access Service Settings		E				E	E
			Call on Behalf			E	-	E	E	E
			Users - Self-Active Toggle		N/A	RU		N/A	RU	RU
			Users - Other-Active Toggle		RU	R		N/A	RU	RU
			Pickup			E		N/A	E	E
Service	Dashboard		Dashboard		R	R		R	R	R
			Users List		R	R		R	R	R
			Users - Self-Active Toggle		N/A	RU		N/A	RU	RU
			Users - Other-Active Toggle		RU	R		N/A	RU	RU
			Pickup			E		N/A	E	E
			Today's Reporting KPIs		R	R		R	R	R
	Reporting		Reporting		R	R		R	R	R
			Users Statistics		R	R		R	R	R
			Tasks Heatmap		R	R		R	R	R
	Historical Sessions		Sessions (Results, Types)		R				R	R
	Settings	General	Name		R				RU	R
			Service Display Name		R				RU	R
			Service UPN		R				RU	R
			Application ID		R				R	R
			Organization Unit		R				RU	R
			PSTN Active		R				RU	R
			PSTN E.164 Number		R				RU	R
			Opening Hours		RU				RU	RU
			Reporting - SLA		RU				RU	RU
			Reporting - Hide User Statistics		R				R	R
			Reporting - Show on Historical Sessions		R				R	R
		Modalities	Inbound Conversations		R				RU	R
			Voice Message Channel		R				RU	R
			Outbound Conversations		R				RU	R
			Instant Messaging		R				RU	R
			Service System Messages		R				RU	R
			External Tasks		R				RU	R
		Distribution	User Assignement Type		R				RU	R
			Distribution Policy		R				RU	R
			Users Immediatly Active		R				RU	R
			Conversation Distribution (Busy, Away)		R				RU	R
			Conversation Distribution (Available, DND, Offline)		R				R	R
			Task Priority		R				RU	R
			After Call Work (ACW)		R				RU	R
			RONA		R				RU	R
		Extensions	Codes (Primary, Secondary)		R				RU	R
			Assistant Context and Templates		R				RU	R
			Store Context Data toggle		R				RU	R
			My Sessions Context		R				RU	R
			Widgets - Codes & Tags		R				RU	R
			Widgets - Contacts		R				RU	R
			Widgets - Embedded Context		R				RU	R
			Widgets - Session Details		R				RU	R
			Widgets - Map		R				RU	R
		Users (MS Teams Based Services)	Default Team Owner Role		R				R	R
			Team member can change active state		R				RU	R
			Active Toggle		RU				RU	RU
			Team Owner Roles		R				R	R
		Agents (Skill Based services	Service Agents List		R				R	R
			Service Agents Levels and Profiles						RU
			Service Owners List		R				R	R
			Service Owners Levels and Profiles						RU
		Interact	Active Toggle						RU
			AV Modality						RU
			IM Modality						RU
			Restrict Access						R
			Integration Template						R
Frontend Configuration Permissions (Create, Read, Update, Delete, Execute)				Supervisor		User			Team / Service Owner
				User	Service	Team Member	Skill-Based	Agent	Owner	Owner Limited
Configuration	Workflows		Resources (Audio Files)						CRUD	CRUD
			Playlists						CRUD	CRUD
			Workflows (Instances)						CRUD	CRUD
	Codes		Primary Codes						CRUD
	Codes		Secondary Codes						CRUD
	Service		Conversation Context						CRUD
			Parameters						CRUD
			Opening Hours		CRUD				CRUD	CRUD
Dashboard and Reporting Permissions (Create, Read, Update, Delete, Execute)				Supervisor		User			Team / Service Owner
				User	Service	Team Member	Skill-Based	Agent	Owner	Owner Limited
Personal Dashboard			Personal Dashboards			RU		RU	RU	RU
Non Personal Dashboards			Non Personal Dashboards	R	R			R
Non Personal Dashboards			Service Supervision	R	R
Dashboard Widgets	Service		Service KPI Tile		R			R	R	R
			Service KPI Tabular		R			R	R	R
			Service KPI Chart		R			R	R	R
			Service KPI Comparison Chart		R			R	R	R
			Service KPI Graph		R			R	R	R
			Service Queue Tabular		R			R	R	R
			Live Service Tasks Tabular		R			R	R	R
			Service Outbound Tasks Tabular		R / E			R	R / E	R
			Service External Tasks Tabular		R / E			R	R / E	R
			Service Heatmap		R			R	R	R
	Supervision		Service Supervision / Controls		R / E				R	R
	User		User State Tabular	R
			User Supervisor Tabular / Controls	R / E
			User State Chart	R
			User Tile	R				R	R
	Common Widgets		Markdown	R	R	R	R	R	R	R
			Date & Time	R	R	R	R	R	R	R
			Embedded Website	R	R	R	R	R	R	R
Reporting (OData)	Service		Sessions		R				R	R
	User		Sessions		R				R	R
	User		States	R

Power Automate User Permissions

Power Automate Roles

Revoked Role Limitation

If a User configures a Power Automate Flow for a service, but then loses permissions to configure such a flow (e.g. removed as Service Owner), the previously configured Power Automate Flows will still be triggered.

✅When changing service ownership we recommend you to check for leftover flows or use a global administrator to manage all your flow needs in a centralized fashion.

Power Automate Permissions (E = Execute)				Admin		Supervisor		User			Team / Service Owner
		Certified Connector	Custom Connector	Tenant	OU	User	Service	Team Member	Skill-Based	Agent	Owner	Owner Limited
Conversation	Triggers	-	GetOnNewTasks	E							E
	Triggers	When a task changes state	GetOnUpdatedTasks	E							E
	Actions	Update task	UpdateTask	E							E
		Add a new external task	AddExternalTask	E							E
		Remove an external task	RemoveExternalTask	E							E
Address Books	Actions	Add a contact to an address book	AddOrUpdateContact	E	E
		Update a contact in an address book	-	E	E
		Empty an address book	ClearContacts	E	E
		Get contact(s) from ana address book	GetContacts	E	E
		Remove contact(s) from an address book	RemoveContacts	E	E
Outbound Service Calls	Triggers	When a scheduler entry changes state	GetOnUpdated OutboundTask	E							E	E
	Actions	Schedule a new outbound call	AddOrUpdate OutboundTask	E							E	E
		Get all scheduler entries	GetOutboundTasks	E							E	E
		Update a scheduler entry	-	E							E	E
		Remove a scheduler entry	Remove OutboundTask	E							E	E

Nimbus user roles with Power Automate access

Luware Knowledge

Nimbus

Recording

Resource Library

User Role (RBAC) Matrix

Admin User Permissions

Admin Roles

NOTES

Nimbus Admin URLs

Table: Administrator detail Permissions

Portal User Permissions

Portal Roles

NOTES

Nimbus Portal URLs

Power Automate User Permissions

Power Automate Roles

Revoked Role Limitation

Luware Knowledge

Nimbus

Recording

Resource Library

Admin User Permissions

Admin Roles

NOTES

Nimbus Admin URLs

Table: Administrator detail Permissions

Portal User Permissions

Portal Roles

NOTES

Nimbus Portal URLs

Power Automate User Permissions

Power Automate Roles

Revoked Role Limitation

Related Articles