Role-based Access Concept (RBAC)

How Nimbus manages service user roles in context of MS Teams

This page explains the access concept of Nimbus. In the first part we explain how user rights are synched between Nimbus and MS Teams and where Nimbus acts with standalone concepts. The second part covers Roles available in Nimbus and their detailed permissions.

Teams, Users and Organization Units

Nimbus has a user roles and permissions system that grants permissions based on a Organization Units hierarchical structure. By using this concept, access to configuration entities of Nimbus can be granted on a very granular level. To understand this permission system we need to explain a few related concepts in the following.

Concept Details Diagram
User roles and sync between MS Teams

Nimbus syncs users from your tenant's user directory. Each user can then added in a Nimbus role, e.g. as Admin, Owner or Member/ Agent of a service. The role determines, what a user can do within Nimbus

 

🔍You can find detailed permissions behind each role explained in the "Role Permission Matrix" table below. 

 

Depending on what Nimbus Service types are being provisioned on your Tenant, Nimbus distinguishes the user role sync by their User assignment types.

 

🔍 More details on the assignment type and individual user roles are explained in the Role Permission Matrix chapter below.

Access to data entities within an Organization Unit scope

As more users on your Tenant get roles assigned, it's important to distinguish where users can act this role. This is where the Organization Unit concept comes into place:

 

To understand Organization Units, it is important to know their relationship in the RBAC model.

OU STRUCTURES AND RBAC 

Each configurable element in Nimbus is called a data entity.

 

Organization Units provide a structure to all data entities, e.g. by mirroring a company's organization levels and departments.

 

RBAC - Role Based Access Control restricts and grants access within any Organization Unit, e.g. by assigning functions to users according to their role in the organization.

 

 

💡 Organization Units determine where a configurable data entity is placed. Each data entity must belong to exactly one Organization Unit. This includes all Nimbus users, as their OUs determines from which "point of view" they can act in their role.

 

💡 RBAC determines which actions (Create, Read, Update, Delete) are possible on configurable entities. 

 

💡User roles define a set of permissions on such entities granted within one or multiple Organzation Units.

User Role Permission Matrix

The following tabs are taken from the following pages:

User Role (RBAC) Matrix

These tables contain details on the Role Based Access Concept (RBAC) concept behind all Nimbus Features. Roles are primarily distinguished by Frontend (Portal, UIs and App) and Backend (Admin/Integrations) . 

When using the Nimbus Power Automate Connector or Power BI, additional user roles may be required. Permissions are structured by the CRUDE (Create, Read, Update, Delete, Execute) principle.

 

Admin User Permissions

Admin Roles

NOTES

Admin roles described on this page have access to the Nimbus Admin (Backend) Portal.

Show Admin URLs…

Nimbus Admin URLs

Switzerland 01 https://admin.ch-01.luware.cloud/
Switzerland 02 https://admin.ch-02.luware.cloud/
Germany 01 https://admin.dewe-01.luware.cloud/
Germany 02 https://admin.dewe-02.luware.cloud/
United Kingdom 01 https://admin.ukso-01.luware.cloud/
Australia 01 https://admin.aue-01.luware.cloud/
West Europe 01 https://admin.euwe-01.luware.cloud/
East United States 01 https://admin.use-01.luware.cloud/
Nimbus Admin Panel URL

✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.

 
 

✅ Admin roles are granted by Luware Support or selected Service Partners. Details will be discussed during your Onboarding and first Nimbus Installation

🔎The table below lists all detail permissions. In a nutshell, Admin user roles can do the following:

Tenant Administrator
  • Can perform all necessary activities to set up services.
  • Has full access to the OData Interface for  historical tracking (except User States tracking) → See Supervisor role .
  • Can perform License Management tasks for both services and users.
  • Can check Operations to monitor and remove (stuck) tasks.
Organization Unit (OU) Administrator
  • Are delegates with similar privileges as the Tenant Administrator. However their scope is limited to the configuration, service and user entities within their Organization Units.
  • Can perform License Management tasks for users.
Workflow (WF) Administrator
Admin user roles overview
 

Table: Nimbus Admin Portal Roles and Permissions

🔎Legend: Create, Read, Update, Delete, Execute. The term “grid” describes a permission to list (and potentially manipulate) already existing entries of the same type.

Tenant

Tab Section Property Tenant Admin OU Admin WF Admin
General - Name R    
O365 Domain R    
O365 Name R    
Tenant Id R    
Billing Address RU    
Contact - Name RU    
Email RU    
Phone Number RU    
SIP Address RU    
Data Privacy - Allow Partner to see User Identifiers R    
Allow Partner to see Customer Identifiers R    
Persist User States in Reporting RU    
Data Retention Time (in Months) R    
Show user Time in State RU    
Provisioning - Default OU for MS Teams creation RU    
Allow service provisioning via MS Teams RU    
Enable Multihoming R    
Default Team Owner Role RU    
Extensions Outbound Directly Invite PSTN for Outbound Calls R    
Directly Invite UPN for Outbound Calls R    
Max Scheduled Outbound Tasks per Service R    
Interact Interact enabled RU    
ACS connection string RU    
O365 UserId RU    
Widget Key RE    
Session Recovery Timeout in Seconds RU    
Authorization RU    
Assistant Use your own ACS instance RU    
Attendant Console Global Contact Search MS Graph Filter RU    
Team Visibility RU    
Presence Tracking Track Presence over Guest Accounts RU    
Grant Permission E    
Primary Account R    
Test UPN (primary) RU    
Secondary Account R    
Test UPN (secondary) RU    
Modalities Instant Messaging Inactivity Timeout R    
Primary Account R    
Test UPN (primary) RU    
Secondary Account R    
Test UPN (secondary) RU    
Max concurrent IM Tasks per service R    
Use your own ACS instance RU    
ACS connection string RU    
ACS resource ID RU    
External Tasks Max concurrent External Tasks per Service R    
Email Tasks Max concurrent Email Tasks per Service R    
Licenses - Tenant State R    
Service Advanced R    
Enterprise R    
Contact Center Service R    
Interact R    
User  Attendant Console R    
Contact Center User R    
Interact User R    
Assistant R    
Modalities - Instant Message Modality R    
Modalities - External Task Modality R    
Modalities - Email Modality R    
 
 

Services

Tab Section Property Tenant Admin OU Admin WF Admin
Grid   Services CRUD CRUD RU
Tasks E E  
Download Powershell Script E E E
Tasks Tasks List RD RD  
Download Traces E E  
Copy Trace Link      
Settings General Name RU RU R
Service Display Name RU RU R
Service UPN RU RU R
Application ID R R R
Organization Unit RU RU R
PSTN Active RU RU R
PSTN E.164 Number RU RU R
Primary Opening Hours RU RU R
Secondary Opening Hours RU RU R
SLA Hangup RU RU R
SLA Acceptance RU RU R
Short Abandons Threshold in Seconds RU RU R
Hide User Statistics from Reporting RU RU R
Show on Historical Session Page RU RU R
Licences RU R R
Addons RU R R
Modalities Audio Video checkbox RU RU R
Instant Messaging checkbox RU RU R
External Task checkbox RU RU R
Email checkbox RU RU R
Audio Video - Inbound Conversations toggle RU RU R
Audio Video - Outbound Conversations toggle RU RU R
Audio Video - Audio Video Workflow dropdown RU RU R
Audio Video - Voice Message Channel RU RU R
Instant Messaging - Instant Messaging Workflow dropdown RU RU R
Instant Messaging - Service System Messages RU RU R
External Task - External Task Workflow dropdown RU RU R
Email - Email Workflow dropdown RU RU R
Email - Mailbox dropdown RU RU R
Distribution User Assignment Type RU RU R
Distribution Policy RU RU R
Users Immediately Active RU RU R
Conversation Distribution - Available R RU R
Conversation Distribution - Dnd R RU R
Conversation Distribution - Offline R RU R
Conversation Distribution - Busy RU RU R
Conversation Distribution - Away RU RU R
Task Priority RU RU R
ACW RU RU R
Persistent RONA RU RU R
Auto Redirect in Emergency Case RU RU R
Redirect Destination RU RU R
Extensions Codes - Primary Codes RU RU R
Codes - Secondary Codes RU RU R
Assistant - Assistant Conversation Context RU RU R
Assistant - Service Call Templates RU RU R
My Sessions - Conversation Context RU RU R
My Sessions - Store Conversation Context Data toggle RU RU R
My Sessions - Widgets - Codes & Tags toggle RU RU R
My Sessions - Widgets - Contacts toggle RU RU R
My Sessions - Widgets - Embedded Context toggle RU RU R
My Sessions - Widgets - Embedded Context dropdown RU RU R
My Sessions - Widgets - Live Caption toggle RU RU R
My Sessions - Widgets - Transcript toggle RU RU R
My Sessions - Widgets - Session Details toggle RU RU R
My Sessions - Widgets - Map toggle RU RU R
My Sessions - Widgets - Session Parameters RU RU R
Permissions Service Agents List RU RU R
Service Agents Levels and Profiles      
Service Owners List RU RU R
Service Owners Levels and Profiles      
Users Default Team Owner Role RU RU R
Team member can change active state RU RU RU
Users - list R R R
Users - Role - Member R R R
Users - Role - Owner / Limited Team Owner RU RU R
Users - Active toggle RU RU RU
Virtual Assistant Virtual User Assistant - Voice Transcription toggle RU RU R
Virtual User Assistant - Live Captioning toggle RU RU R
Virtual User Assistant - Speech Recognizer dropdown RU RU R
Interact Interact - Active Toggle (general) RU RU R
Interact - Allowed Modalities - Audio&Video Toggle RU RU R
Interact - Allowed Modalities - Instant Message Toggle RU RU R
Interact - Restriction - Restrict Access Toggle RU RU R
Interact - Restriction - Domain Templates Dropdown RU RU R
Interact - Integration RU RU R
 
 

Users

Tab Section Property Tenant Admin OU Admin WF Admin
Users   Users CRUD CRUD  
General Display Name R R  
Organization Unit RU RU  
First Name R R  
Last Name R R  
UPN R R  
O365 ID R R  
Licences RU RU  
Modalities RU RU  
Services Services (user belongs to) R R  
Roles Teams-based roles R R  
Not Teams-based roles RU RU  
Skills Skills and levels RU RU  
Profiles Profiles RU RU  
N/A Reasons Not Available Reasons toggle RU RU  
Not Available Reasons RU RU  
Interact User active RU RU  
Restrict Access R R  
Domain Template R R  
Integration R R  
Assistant Direct Call Templates RU RU  
 
 

Licensing

Tab Section Property Tenant Admin OU Admin WF Admin
Licensing - Tenants Widget      
Tenant State Widget R    
Service Licenses Widget R    
User Licenses Widget R    
Level 1 (Tenants List)      
Level 2 (Licenses List) R    
Edit licences icon E    
Level 3 (Edit Popup) RU    
 
 

Configuration

Group Section Property Tenant Admin OU Admin WF Admin
Tenant Organization Units Organization Units CRUD    
Name RU    
Parent R    
Description RU    
Workflows Resources Resources CRUD CRUD CRUD
Name RU RU RU
Organization Unit RU RU RU
Audio File RU RU RU
Playlists Playlists CRUD CRUD CRUD
Name RU RU RU
Organization Unit RU RU RU
Playlist Entries RU RU RU
Workflows Workflow Instances CRUD CRUD RU
Name RU RU R
Organization Unit RU RU R
Template Type R R R
Workflow Template R R R
Workflow (Editor) RU RU RU
Workflow Templates Workflow Templates CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Template Type R R  
Workflow Template (Selection) R R  
Workflow Template (Editor) RU RU  
Codes Primary Codes Primary Codes CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Description RU RU  
Secondary Codes Secondary Codes CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Description RU RU  
User Not Available Reasons Not Available Reasons CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Service Conversation Context Conversation Context CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
URL RU RU  
Mailboxes Name CRUD CRUD  
Organization Unit RU RU  
Email Address RU RU  
Parameters Parameters CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Default Value RU RU  
ID R RU  
Opening Hours Opening Hours CRUD CRUD RU
Name RU RU R
Organization Unit RU RU R
Default RU RU R
Periods CRUD CRUD CRUD
Distribution Skills Skills CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Skill Categories R    
Skill Categories Skill Categories CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Skill Levels RU RU  
Responsibility Levels RU RU  
Distribution Policies Distribution Policies CRUD CRUD  
Name RU CRUD  
Organization Unit RU CRUD  
Order RU RU  
Preferred User Routing RU RU  
Waiting Time toggle RU RU  
Waiting Time editbox RU RU  
Last User Routing toggle RU RU  
Last User Routing Treshold editbox RU RU  
Distribution Levels RU RU  
Responsibility Profiles Responsibility Profiles CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Duty toggle R R  
Instant Messaging Direct System Messages Direct System Messages grid CRUD CRUD  
General - Name RU RU  
General - Organization Unit RU RU  
General - Description RU RU  
General - User RU RU  
General - Custom Usert Display Name RU RU  
Messages to User - "Acccept" Adaptive Card RU RU  
Messages to User - "Terminate" Adaptive Card RU RU  
Messages to User - Session Embed RU RU  
Messages to Customer - Session Connected RU RU  
Messages to Customer - Session Ended by User RU RU  
Messages to Customer - Session Declined by User RU RU  
Service System Messages Service System Messages grid CRUD CRUD  
General - Name RU RU  
General - Organization Unit RU RU  
General - Description RU RU  
General - User RU RU  
General - Custom Usert Display Name RU RU  
Messages to User - "Acccept" Adaptive Card RU RU  
Messages to User - "Terminate" Adaptive Card RU RU  
Messages to User - Session Embed RU RU  
Messages to Customer - Session Connected RU RU  
Messages to Customer - Session Ended by User RU RU  
Attendant Console Address Books Address Books CRUD CRUD  
Name RU RU  
Organization Unit RU CRUD  
Image RU CRUD  
Interact Domain Templates (CORS) Domain Templates (CORS) CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Domain RU RU  
Nimbus Assistant Direct Call Templates Direct Call Templates CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Description RU RU  
Trigger Event RU RU  
Call Type R R  
Actions RU RU  
Inbound Internal Teams Calls RU RU  
Inbound PSTN Calls RU RU  
Inbound External Teams Calls RU RU  
Service Call Templates Service Call Templates CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Description RU RU  
Trigger Event RU RU  
Call Type R R  
Actions RU RU  
Inbound Internal Teams Calls RU RU  
Inbound PSTN Calls RU RU  
Inbound External Teams Calls RU RU  
Outbound Service Calls RU RU  
Virtual Assistant Speech Recognizer Speech Recognizer CRUD CRUD  
Name RU RU  
Organization Unit RU RU  
Type RU RU  
Language (MSFT) RU RU  
Region (MSFT) RU RU  
Key RU RU  
 
 

Operations

Tab Section Property Tenant Admin OU Admin WF Admin
Service Widgets Tenant dropdown R    
Service dropdown RU    
Tasks doughnut R    
Tasks list RD    
Last Interaction R    
Interactions R    
Last Updated RE    
History R    
Download Traces E    
Copy Trace Link      
Customer Widgets Tenant dropdown R    
Customer dropdown RU    
Last Interaction R    
Interactions R    
History R    
Download Traces E    
Copy Trace Link      
 
 
 
 

Portal User Permissions

Portal Roles

NOTES

Roles described on this page have access to the Nimbus (Frontend) Portal.

Show Portal URLs…

Nimbus Portal URLs

Switzerland 01 https://portal.ch-01.luware.cloud/
Switzerland 02 https://portal.ch-02.luware.cloud/
Germany 01 https://portal.dewe-01.luware.cloud/
Germany 02 https://portal.dewe-02.luware.cloud/
United Kingdom 01 https://portal.ukso-01.luware.cloud/
Australia 01 https://portal.aue-01.luware.cloud/
West Europe 01 https://portal.euwe-01.luware.cloud/
East United States 01 https://portal.use-01.luware.cloud/
Nimbus Portal URLs

✅ Make sure to configure your web proxies to allow access to these domains or whitelist the complete *.luware.cloud domain.

 
 

✅  Portal Roles are granted depending on Service type, as Services can be provisioned with different User Assignment Types:

Learn more about User Assignment…

INC User Assignment Types

Each Nimbus service can be of a different user assignment type that determines how users are associated to this service:

  • MS Teams-based: Directly tied to your MS Teams "Teams" as determined during Service Provisioning. Users get automatically added and synced to a Nimbus service.
  • Skill-based: Applies for manually created services via Service Administration. Requires skill-assignment from users you assign to the service from within your tenant directory.
  • None: Has no users, but can be configured by any administrator. Used for IVR or first-level redirection services. 

☝ Important to know: The user assignment type is fixated when a service was either provisioned via MS Teams or manually created via Service Administration, e.g. for IVR or skill-based distribution purposes. A switch between MS Teams-based and Skill-based services is not possible due to how individual users are configured and how Nimbus Features operate.

 

 

 
 

🔎The table below lists all detail permissions. In a nutshell, Portal user roles can do the following:

Tenant Administrator
  • Cannot access service data unless the user is also part of a service.
Organization Unit (OU) Administrator
  • Same as Tenant Admin, however, their scope is limited to the configuration entities (available in Portal) and services within their assigned Organization Units.
Workflow (WF) Administrator
User Supervisor(1)

Contact Center Requires a Contact Center license on the user. An addition to an Owner-type role, manually granted via User Administration.

Service Supervisor(1)

Contact Center Requires a Contact Center license on the user. An addition to an Owner-type role, manually granted via User Administration.

Contact Center (CC) User 

Contact Center Requires a Contact Center (CC) license on the General User Settings

Service Owner

Contact Center Requires a Contact Center (CC) license on the General User Settings.

Service Agent

Contact Center Requires a Contact Center (CC) license on the General User Settings. An associated Microsoft Teams channel is not required anymore, so the user can act as “standalone” specialist for dedicated tasks.

Team Owner

Default role granted during Service Provisioning via MS Teams.

  • Role synched to MS Teams Channel “Owner” role.(2)
  • Can fully manage the respective Nimbus Service Settings
Team Owner Limited

A reduced role that can be granted during Service Provisioning via MS Teams.

  • Manually assigned as “Team Owner Limited” via the Service Settings > “Users” tab.
  • Role synched to MS Teams Channel “Owner” role.(2)
  • Can manage a limited set of Service Settings (SLA, Opening Hours, Resources, Playlists, Workflows).
Team Member

A Nimbus user synched from the Tenant's user directory.

  • Synced with the Team Members of the associated “team” in MS Teams.(2)
  • Can access Nimbus services and data via the Portal once being a member of a service team.
Portal user roles overview

(1) GDPR General Data Access limitation (by design): If a user has a Supervisor but not a Team Owner / Service Admin role within a service, only limited datasets in the historical BI Template will be shown. Other tabs and queries in the Power BI Report may appear blank. 
→ To see a full dataset (including live Reporting data on the portal), the same user also needs a "Service/Team Owner" role assigned for the respective service(s).

(2) Nimbus “Team” roles are only used to limit access to Nimbus-related functionality. The baseline existing MS Teams role privileges are not affected by Nimbus role assignment. Even in a “limited” Nimbus role - Team Owners can continue to act with all their non-Nimbus related privileges within MS Teams. 
👆 Please keep in mind that Nimbus can generate service output data, such as Adaptive Cards which may contain privacy-sensitive customer data gathered via Nimbus Power Automate Connector. Guests in a channel - while not allowed to interact with Nimbus cards - may still read within the chat channels and see service-generated contents. 
→ Ensure to check your channel Members and Guests before provisioning Nimbus services to a MS Teams channel.

 

Table: Nimbus Frontend Portal Roles and Permissions

🔎Legend: Create, Read, Update, Delete, Execute. The term “grid” describes a permission to list (and potentially manipulate) already existing entries of the same type.

Services Overview

Section Service Supervisor CC User Team Member Service Agent Team / Service Owner Team Owner Limited
Services Overview R   R R R R
Service Settings icon E       E E
Call On Behalf     E E E E
Users - Own Active Toggle   N/A RU N/A RU RU
Users - Active Toggle R N/A R N/A RU RU
Users - Presence icon R   R R R R
Pickup   N/A E N/A E E
 
 

Service Details

Tab Section OU Admin WF Admin Service Supervisor CC User Team Member Service Agent Team / Service Owner Team Owner Limited
Dashboard Dashboard     R   R R R R
Users List     R   R R R R
Users - Own Active Toggle     N/A N/A RU N/A RU RU
Users - Active Toggle     RU N/A R N/A RU RU
Pickup       N/A E N/A E E
Today's Reporting KPIs     R   R R R R
Reporting Service Statistics     R   R R R R
Tasks Heatmap     R   R R R R
Users Statistics     R   R R R R
Historical Sessions Session Results     R       R R
Sessions     R       R R
Session Types     R       R R
Session Directions     R       R R
Historical Sessions - Service Sessions     R       R R
Historical Sessions - User Sessions     R       R R
Session Details Popup     R       R R
Settings General Name RU R R       RU R
Service Display Name RU R R       RU R
Service UPN RU R R       RU R
Application ID R R R       R R
Organization Unit RU R R       RU R
PSTN Active RU R R       RU R
PSTN E.164 Number RU R R       RU R
Primary Opening Hours RU R RU       RU RU
Secondary Opening Hours RU R RU       RU RU
SLA Hangup RU R RU       RU RU
SLA Acceptance RU R RU       RU RU
Short Abandons Threshold in Seconds RU R RU       RU RU
Show on Historical Session Page RU R R       R R
Hide User Statistics from Reporting RU R R       R R
Show on Historical Sessions Page RU R R       R R
Modalities Audio Video checkbox RU R R       RU R
Instant Messaging checkbox RU R R       RU R
External Task checkbox RU R R       RU R
Email checkbox RU R R       RU R
Audio Video - Inbound Conversations toggle RU R R       RU R
Audio Video - Outbound Conversations toggle RU R R       RU R
Audio Video - Audio Video Workflow dropdown RU R R       RU R
Audio Video - Voice Message Channel RU R R       RU R
Instant Messaging - Instant Messaging Workflow dropdown RU R R       RU R
External Task - External Task Workflow dropdown RU R R       RU R
Email - Email Workflow dropdown RU R R       RU R
Email - Mailbox dropdown RU R R       RU R
Distribution User Assignment Type RU R R       RU R
Distribution Policy RU R R       RU R
Users Immediately Active RU R R       RU R
Conversation Distribution - Available R R R       R R
Conversation Distribution - Dnd R R R       R R
Conversation Distribution - Offline R R R       R R
Conversation Distribution - Busy RU R R       RU R
Conversation Distribution - Away RU R R       RU R
Task Priority RU R R       RU R
ACW RU R R       RU R
Auto Redirect in Emergency Case RU R R       R R
Redirect Destination RU R R       R R
RONA RU R R       RU R
Extensions Codes - Primary Codes RU R R       RU R
Codes - Secondary Codes RU R R       RU R
Assistant - Assistant Conversation Context RU R R       RU R
Assistant - Service Call Templates RU R R       RU R
My Sessions - Conversation Context RU R R       RU R
My Sessions - Store Conversation Context Data toggle RU R R       RU R
My Sessions - Widgets - Codes & Tags toggle RU R R       RU R
My Sessions - Widgets - Contacts toggle RU R R       RU R
My Sessions - Widgets - Embedded Context toggle RU R R       RU R
My Sessions - Widgets - Embedded Context dropdown RU R R       RU R
My Sessions - Widgets - Live Caption toggle RU R R       RU R
My Sessions - Widgets - Transcript toggle RU R R       RU R
My Sessions - Widgets - Session Details toggle RU R R       RU R
My Sessions - Widgets - Map toggle RU R R       RU R
My Sessions - Widgets - Session Parameters RU R R       RU R
Agents Service Agents List R R R       R R
Service Agents Levels and Profiles RU           RU  
Service Owners List R R R       R R
Service Owners Levels and Profiles RU           RU  
Users Default Team Owner Role RU R         R R
Team member can change active state RU RU         RU R
Users - list R R         R R
Users - Role - Member R R         R R
Users - Role - Owner / Limited Team Owner RU R         R R
Active toggle RU RU         RU RU
 
 

Configuration

Tab Section OU Admin WF Admin User Supervisor Team / Service Owner Team Owner Limited
Workflows Resources Resources grid CRUD CRUD   CRUD CRUD
Name RU RU   RU RU
Organization Unit RU RU   R R
Audio File RU RU   RU RU
Playlists Play List grid CRUD CRUD   CRUD CRUD
Name RU RU   RU RU
Organization Unit RU RU   R R
Play List RU RU   RU RU
Workflows Workflow grid CRUD RU   CRUD CRUD
Name RU R   RU RU
Organization Unit RU R   R R
Template Type R R   R R
Workflow Template R R   R R
Workflow RU RU   RU RU
Codes Primary Codes Primary Codes grid CRUD     CRUD  
Name RU     RU  
Organization Unit RU     R  
Description RU     RU  
Secondary Codes Secondary Codes grid CRUD     CRUD  
Name RU     RU  
Organization Unit RU     R  
Description RU     RU  
Service Conversation Context Conversation Context grid CRUD     CRUD  
Name RU     RU  
Organization Unit RU     R  
URL RU     RU  
Parameters Parameters grid CRUD     CRUD  
Name RU     RU  
Organization Unit RU     R  
Default Value RU     RU  
ID RU     R  
Opening Hours Opening Hours grid CRUD RU CRUD CRUD CRUD
Name RU R RU RU RU
Organization Unit RU R RU R R
Default RU R RU RU RU
Periods CRUD CRUD CRUD CRUD CRUD
 
 

Flexible Dashboards

Contact Center - Non-Personal Dashboards and Personal Dashboards require a Contact Center license on the user to become accessible. Each Dashboard can be customized with Dashboard Widgets.

Tab Section   User Supervisor Service Supervisor CC User Team Member Service Agent Team / Service Owner Team Owner Limited
Dashboards Personal Dashboards     CRUD        
Non-Personal Dashboards     R        
Dashboard Widgets Service Service KPI Tile   R W(1) R R R  
Service KPI Tabular   R W(1) R R R  
Service KPI Chart   R W(1) R R R  
Service KPI Comparison Chart   R W(1) R R R  
Service KPI Graph   R W(1) R R R  
Service Queue Tabular   R W(1) R R R  
Live Service Tasks Tabular   R W(1) R R R  
Service Outbound Tasks Tabular   RE W(1) R R RE  
Service External Tasks Tabular   RE W(1) R R RE  
Service Heatmap   R W(1) R R R  
Service Supervision   WRE W(1)        
User User Performance Tabular R   W(1)     R  
User State Tabular R   W(1)     R  
User Supervisor Tabular RE   W(1)        
User State Chart R   W(1)     R  
User Tile R   W(1)     R  
Common Markdown     WR        
Date & Time     WR        
Embedded Website     WR        

(1) W = Widget access. A user needs a CC license to even see Dashboards, and can add Dashboard Widgets. However, seeing data (Services / Users / OUs) inside those widgets requires a dedicated R permission (e.g. Team Member, Agent role) within the service / team.

 
 
 
 

Power Automate User Permissions

Power Automate Roles

Revoked Role Limitation

🔎 Roles described table below have access to the Nimbus Power Automate Connector

☝If a User configures a Power Automate Flow for a service, but then loses permissions to configure such a flow (e.g. removed as Service Owner), the previously configured Power Automate Flows will still be triggered.

✅When changing service ownership we recommend you to check for leftover flows or use a global administrator to manage all your flow needs in a centralized fashion.

 

Table: Nimbus Power Automate Permissions

🔎Legend: Create, Read, Update, Delete, Execute

  Certified Connector Custom Connector Tenant Admin OU Admin Team/Service Owner Team Owner Limited
Conversations Triggers - GetOnNewTasks E   E  
When a task changes state GetOnUpdatedTasks E   E  
When the virtual task assistant has an update   E   E  
Actions Update task UpdateTask E   E  
Add a new external task AddExternalTask E   E  
Remove an external task RemoveExternalTask E   E  
Get Data from Virtual Task Assistant   E   E  
Address Books Actions Add a contact to an address book AddOrUpdateContact E E    
Update a contact in an address book - E E    
Empty an address book ClearContacts E E    
Get contact(s) from ana address book GetContacts E E    
Remove contact(s) from an address book RemoveContacts E E    
Outbound Service Calls Triggers When a scheduler entry changes state GetOnUpdatedOutboundTask E   E  
Actions Schedule a new outbound call AddOrUpdateOutboundTask E   E E
Get all scheduler entries GetOutboundTasks E   E  
Update a scheduler entry - E   E  
Remove a scheduler entry RemoveOutboundTask E   E  
 
 

Reporting User Permissions

Reporting Roles

NOTES

🔎Roles described in the table below have access to Historical Sessions summarized in a Nimbus Power BI Report Template. 

✅ When Setting Up Power BI and connecting to the OData Feed (e.g. via the Report Template or other means), any of the user roles below are required. The Organization Unit of the connecting user account determines, which service and user data will become available in the data query.

 
Historical Session & User Data(2) User Supervisor Service Supervisor Team / Service Owner Team Owner Limited
Service Sessions   R R R
User Sessions   R R R
User States  R      
Service Session Aggregates(1)   R R R
User Session Aggregates(1)   R R R

(1) Refer to Data Aggregation.  
(2) All data is built from the Nimbus Reporting Model.

 
 

Table of Contents