The WebConfigurator Role Based Access Control (RBAC) allows you assign permissions to users that have been added to Stratus Agent. It is worth noting that Stratus Agent uses the term "Agents" as a subgroup of users, however it is the role assigned in RBAC that enables a user to perform more tasks within Stratus Agent front- and backend.
Stratus Agent distinguishes by the following roles:
- A System Administrator has full system-level privileges, not only on Stratus Agent but also on the underlying servers (also called "instances").
This role is reserved for Luware or Luware-trained personnel to configure basic system components of the Stratus Agent server topology.
This user always has all permissions outside of the RBAC system to prevent accidental locking out.
- An Administrator mainly acts within the backend Configuration UI. Admins manage Organizational structures and all other Stratus Agent relevant data entities such as as Workflows, Resources and templates. Admins also define visibility of those entities to other users via Role Based Access.
- A Supervisor manages basic settings in the for services. As team manager the supervisor also has access to reporting features according to his permissions and may configure Frontend Widgets and Groups to form individualized dashboards for his teams.
- An Agent works mostly on the Web FrontEnd. Additionally the Agent Assistantcan be installed on Agent client PCs to handle calls and tasks with more functionality. Agents mostly have very basic viewing permissions on dashboards.
The aforementioned roles are just a common ground to start from. If you hand out full permissions even an "Agent" can access every aspect of Stratus Agent.
Notes to remember
- By default new users added via Webconfigurator do not have assigned roles and permissions. Only the System Administrator may access the system to change the configuration at this point.
- RBAC permissions are given to individual agents when editing their Agent Roles . It is possible to define one Agent as a template and use his permission set for future users.
- RBAC permissions are tied to the Organization Units (OU) structure as framework for inheritance
- A "System" level OU is defined in Stratus Agent as a default, which cannot be superseded by any OU. System privileges will always inherit down to any Sub-OU, even if added later. This will ensure that a System level administrator is never locked out of (any parts of) the system.
- In consequence, saving data entity (e.g. a workflow or trait) defined within on "System" level OU will make it accessible to any child OU.
- On RBAC permission level, all child OU inherit all the permissions contained in an upper (parent) OU.
- The table below lists available roles & permissions independent of OU structures. You can basically define any organizational structure first and then grant these rights as you see fit.
Role and OU mixtures are possible. The roles mentioned in this table can be mixed and matched to have Stratus Agent users perform multiple functions depending on which OU they are in.
Further API-based roles and rights are described on the Stratus Agent API pages.
In context of this manual the term "Administrator" ADMINISTRATOR will be used, generally referring to to any admin role mentioned below with according permissions. A "System Administrator" will always have all privileges mentioned below.
This user can freely assign roles and elevate users, up to highest level! Assignthis role sparingly and only to people you know
In context of this manual the term "Supervisor" SUPERVISOR will be used, generally referring to to any role mentioned below with according permissions.
|Web Reporting Portal||Agent||Currently unused.|
|Customer||Access to the Customer Journey Page|
|Service||Access to the Reporting Overview Page and Service Overview Page|
(Excel / Power BI SSRS database exports)
|Agent||Access to Agent-Related SSRS Reports as well as related facts and dimensions |
→ See: Historic Reporting
|Customer||Access to Customer the corresponding Service-Related SSRS Reports as well as related facts and dimensions → See: Historic Reporting|
|Service||Access to all Service-Related facts and dimensions, KPI → See:Historic Reporting|
In context of this manual the term "Agent" AGENT will be used, generally referring to to any role mentioned below with according permissions.