The WebConfigurator Role Based Access Control (RBAC) allows you assign permissions to users that have been added to Stratus Agent. It is worth noting that Stratus Agent uses the term "Agents" as a subgroup of users, however it is the role assigned in RBAC that enables a user to perform more tasks within Stratus Agent front- and backend.

Stratus Agent distinguishes by the following roles:

  • A System Administrator has full system-level privileges, not only on Stratus Agent but also on the underlying servers (also called "instances").
    (warning) This role is reserved for Luware or Luware-trained personnel to configure basic system components of the Stratus Agent server topology.
    (lightbulb) This user always has all permissions outside of the RBAC system to prevent accidental locking out.
  • An Administrator mainly acts within the backend Configuration UI. Admins manage Organizational structures and all other Stratus Agent relevant data entities such as as Workflows, Resources and templates. Admins also define visibility of those entities to other users via Role Based Access.
  • A Supervisor manages basic settings in the for services. As team manager the supervisor also has access to reporting features according to his permissions and may configure Frontend Widgets and Groups to form individualized dashboards for his teams.
  • An Agent works mostly on the Web FrontEnd. Additionally the Agent Assistantcan be installed on Agent client PCs to handle calls and tasks with more functionality. Agents mostly have very basic viewing permissions on dashboards. 

The aforementioned roles are just a common ground to start from. If you hand out full permissions even an "Agent" can access every aspect of Stratus Agent. 

Notes to remember

  • By default new users added via Webconfigurator do not have assigned roles and permissions. Only the System Administrator may access the system to change the configuration at this point.
  • RBAC permissions are given to individual agents when editing their Agent Roles. It is possible to define one Agent as a template and use his permission set for future users.
  • RBAC permissions are tied to the Organization Units(OU) structure as framework for inheritance
    • A "System" level OU is defined in Stratus Agent as a default, which cannot be superseded by any OU. System privileges will always inherit down to any Sub-OU, even if added later. This will ensure that a System level administrator is never locked out of (any parts of) the system. 
    • In consequence, saving data entity (e.g. a workflow or trait) defined within on "System" level OU will make it accessible to any child OU.
    • On RBAC permission level, all child OU inherit all the permissions contained in an upper (parent) OU.
    • The table below lists available roles & permissions independent of OU structures. You can basically define any organizational structure first and then grant these rights as you see fit.

(lightbulb) Role and OU mixtures are possible. The roles mentioned in this table can be mixed and matched to have Stratus Agent users perform multiple functions depending on which OU they are in.

(info) Further API-based roles and rights are described on the Stratus Agent API pages.

Administrator Roles

(info) In context of this manual the term "Administrator" ADMINISTRATOR will be used, generally referring to to any admin role mentioned below with according permissions. A "System Administrator" will always have all privileges mentioned below.

Administrator Permissions table. C = Create, R = Read, U = Update, D = Delete
RolePrivileges
System 
  • Has full privileges (any of the rights below) 
    (info) This role is reserved to Luware to prevent accidental lockout.
  • Can log in to both front and backend
  • Defines and configures server topology, user directories and system components
  • Authorizes further users and assigns roles to them in RBAC
Organization Units 
  • Can manage Organization Units (CRUD)
Distribution
  • Can manage Distribution Policies and Traits (CRUD)
User
  • Can manage users (CRUD)
  • Performs all Agent Management related tasks in Backend (WebConfigurator)
  • Manages user dependent entities such as: Trait and edit common user settings (First Name, Last Name, Email, SIP URI), Assign Agent/Supervisor Roles
UserReadOnly
  • As User Administrator but only read access on user details and parts of the settings.
Service
Service Extended
  • CANNOT manage Configuring Services, but: 
    • Can read a subset of service dependent entities Name, Organization Unit, Common Settings (SIP URI, Display Name, Telephone URI, TelSipURI)
    • Can manage a subset of service dependent entities (CRUD) such as: Placeholders, Workflows, Completion Codes
Agent
Agent Extended
  • Similar to Agent Administrator but with some limitations such as:
    • CANNOT read Skype for Business relevant settings like Line Uri, Private Line Uri, LYNC POOL REGISTRAR
    • CANNOT read and update settings like Busy on Busy in a call enabled, Can login to Recording manager
AgentReadOnly
  • Same as Agent Administrator but only with read access on agent traits, profiles and configuration settings
Workflow
  • Manage (CRUD) Workflows including all dependent entities and resources
Topology
  • Manage (CRUD) Configure Architecture Component details, Manage Tenants, API tokens, trusted applications
Web
DataPrivacy
  • Execute related actions in the backend (customer data anonymization).
    (info) This role is reserved to Luware to prevent accidental data destruction through anonymization. If you want to learn more about this feature, get in contact with Luware support or your Stratus Agent personal administrator.
Roles

This user can freely assign roles and elevate users, up to highest level! Assignthis role sparingly and only to people you know 

Supervisor Roles

(info) In context of this manual the term "Supervisor" SUPERVISOR will be used, generally referring to to any role mentioned below with according permissions.

Supervisor Permissions
AreaRolePrivileges
Web FrontEndAgent
Service
Supervision
Web Reporting PortalAgentCurrently unused.
CustomerAccess to the Customer Journey Page
ServiceAccess to the Reporting Overview Page and Service Overview Page

(Historic) Reporting 

(Excel / Power BI SSRS database exports)

AgentAccess to Agent-Related SSRS Reports as well as related facts and dimensions 
→ See: Historic Reporting
CustomerAccess to Customer the corresponding Service-Related SSRS Reports as well as related facts and dimensions → See: Historic Reporting
ServiceAccess to all Service-Related facts and dimensions, KPI → See:Historic Reporting

Agent Roles

(info) In context of this manual the term "Agent" AGENT will be used, generally referring to to any role mentioned below with according permissions.


AreaRolePrivileges
Web FrontendAgent
  • Can Read Frontend Walls
  • Access to Agent-related Widgets

Service
  • Can Read Frontend Walls
  • Access to Service-related Widgets
Agent Permissions