Security profiles
Latest update: 24 July 2023
This page is currently being updated to add definitions of the Security Profile Permissions and new permissions that are coming in release 2023.1.1.
Some permissions may not show in your version of Agent Desktop currently.
A security profile is a group of permissions that map to a common role of a persona within the contact centre. Security profiles help you manage who can perform specific tasks within the Agent Desktop and Amazon Connect.
There are two methods which Security Profiles can be created:
Manual creation via Agent Desktop
Security Groups pushed from the customer Identity Provider via SCIM (AzureAD/Okta)
Once a security profile has been created in Agent Desktop, it will also be created in Amazon Connect. Both Agent Desktop and Amazon Connect need to have Security Profile configuration for the relevant permissions, however some overlap and have a relationship.
When using SCIM provisioning, Security Profiles cannot be manually created and if a user needs to have their Security Profile changed, must be pushed from the Identity Provider.
Edit a security profile
To edit a security profile, go to Admin > Security profiles.
Click on the name of the security profile you want to edit.
Choose the appropriate permissions for the security profile from each permission group. For each permission type, choose one or more actions. Selecting some actions results in other actions being selected. For example, selecting Edit also selects View for the resource and any dependent resources.
Click on Save.
Security Profile Permissions
The below tables show definitions for each of the security profile permissions.
Routing and numbers
Permission Type | Action | Description of Permission |
|---|---|---|
Banner and events | All | Full access to all available actions. |
View | View all banners and events at your Hierachy level or below. | |
Edit | Edit a banner or event at your Hierachy level or below. | |
Create | Create a banner or event at your Hierachy level or below. | |
Delete | Delete a banner or event at your Hierachy level or below. | |
Enable/Disable | Enable or Disable a banner or event at your Hierachy level or below | |
Opening hours | All | Full access to all available actions. |
View | View all opening hours config at your Hierachy level or below. | |
Edit | Edit opening hours configuration at your Hierachy level or below. | |
Create | Create opening hours configuration at your Hierachy level or below. | |
Delete | Delete opening hours configuration at your Hierachy level or below. | |
Phone numbers | All | Full access to all available actions. |
View | View all phone numbers at your Hierachy level or below. | |
Edit | Edit phone number configuration such as the target Contact Flow at your Hierachy level or below. | |
Claim | Search and claim a phone number on your amazon connect instance Amazon Connect costs apply for all numbers claimed. | |
Prompts | All | Full access to all available actions. |
View | View all prompts at your Hierachy level or below. | |
Edit | Edit prompts at your Hierachy level or below. Edit could include changing a prompt file or updating the Text to Speech. | |
Create | Create a prompt at your hierachy level or below. | |
Delete | Delete a prompt at your hierachy level or below. | |
Queues | All | Full access to all available actions. |
View | View all queues at your hierachy level or below. | |
Edit | Edit queues at your hierachy level or below. Edit could include changing the queue name, the outbound CLI, outbound whisper, max calls in queue. | |
Create | Create a queue at your hierachy level or below. | |
Delete | Not used - Queues cannot be deleted, only renamed. | |
Enable/Disable | Enable or Disable a queue or event at your hierachy level or below | |
Create Tasks | Access | Provides access to create tasks through the Agent Desktop. |
Routing profiles | All | Full access to all available actions. |
View | View all routing profiles at your hierachy level or below. | |
Edit | Edit all routing profiles at your hierachy level or below. | |
Create | ||
Delete | Coming Soon! AWS APIs released July 2023 | |
S3 wav audio library | All | Full access to all available actions. |
View | View all .WAV files in the Audio Library at your Hierachy level or below. | |
Edit | Edit .WAV files in the Audio Library at your Hierachy level or below. Edit could include uploading a new prompt file | |
Create | Create/Add a WAV file to the Audio Library at your hierachy level or below. | |
Delete | Delete a WAV file in the Audio Library at your hierachy level or below. | |
Task templates | All | Full access to all available actions. |
View | View all Task templates at your Hierachy level or below. | |
Edit | Edit all Task templates at your Hierachy level or below. | |
Create | Create/Add a Task template at your hierachy level or below. | |
Delete | Delete a Task template at your hierachy level or below. | |
Update Ongoing Task | Enable/Disable | Enable or Disable the ability to update an active task at your hierachy level or below |
Users and permissions
Permission Type | Action | Description of Permission |
|---|---|---|
Agent status | All | Full access to all available actions. |
View | View all Agent Statuses that are configured | |
Edit | Edit all Agent Statuses that are configured | |
Create | Create new Agent Statuses | |
Enable/Disable | Enable or Disable all Agent Statuses that are configured | |
Agent status groups | All | Full access to all available actions. |
View | View all Agent Status Groups at your Hierachy level or below. | |
Edit | Edit all Agent Status Groups at your Hierachy level or below. Editing could include changing the statuses in the group or assiging the group to other routing profiles. | |
Create | Create new Agent Status Groups at your Hierachy level or below. | |
Delete | Delete Agent Status Groups at your Hierachy level or below. | |
Directory | All | Full access to all available actions. |
View | View all configured Directory entries at your Hierachy level or below. | |
Edit | Edit all configured Directory entries at your Hierachy level or below. | |
Create | Create new Directory entries at your Hierachy level or below. | |
Delete | Delete configured Directory entries at your Hierachy level or below. | |
Security profiles | All | Full access to all available actions. |
View | View all Security Profiles configured | |
Edit | Edit all Security Profiles and change the permissions in a security profile | |
Create | Create a new Security Profile and allocate permissions. Not available if SCIM is activated. Security Profiles are created from the customer Identity Provider. | |
Delete | Delete a configured Security Profile. | |
Users | All | Full access to all available actions. |
View | View all Users at your Hierachy level or below. | |
Edit | Edit a User at your Hierachy level or below. Edit could include changing a users routing profile, agent hierachy, licence type, enabling/disabling medialess mode (VDI users) and configuring a direct dial phone number. | |
Create | Create a new User to give access to Agent Desktop. Not available if SCIM is activated. Users are created from the customer Identity Provider. | |
Delete | Delete a User at your Hierachy level or below. | |
Edit permission | Edit permission allows a User to change the Security Profile assigned to a User. Not available if SCIM is activated. Security Profiles are changed from the customers Identity Provider using Security Groups. |
Voice permissions
Permission Type | Action | Description of Permission |
|---|---|---|
Outbound CLI | Enable/Disable | Enable or Disable the ability for a user to change the Outbound CLI by selecting the Queue when making an Outbound Call. Requires the Routing Profile assigned to the user, to have the Queue assigned to and the Outbound CLI option enabled. |
Outbound dialler | Enable/Disable | Enable or Disable the ability for a user have Outbound Dialler functionality Requires the Outbound Campaign Manager product add on. |
Pause & resume recording | Enable/Disable | Enable or Disable the ability for a user to pause and resume the call recording on the active call. Requires Call Recording to be configured and active in the conatct flows which the call was received on. |
Start and stop recording | Enable/Disable | Enable or Disable the ability for a user to Stop the call recording on the active call. Requires Call Recording to be configured and active in the conatct flows which the call was received on. |
Email permissions
Email Permissions are currently under review by the Product Team. The permission name and its function may change in a future release.
Permission Type | Action | Description of Permission |
|---|---|---|
Assign emails from inbox | Enable/Disable | Enable or Disable the ability for a user to Assign emails to a different Queue, a specific User or themself Permission function is currently under review |
Assign emails from sent | Enable/Disable | Enable or Disable the ability for a user to Assign sent emails to a different Queue, a specific User or themself Permission function is currently under review |
Compose email | Enable/Disable | Enable or Disable the ability for a user to Compose a new email Requires the Routing Profile assigned to the user, to have the Email Queue assigned |
Discard emails from inbox | Enable/Disable | Enable or Disable the ability for a user to Discard emails in a Queue |
Edit email subject | Enable/Disable | Enable or Disable the ability for a user to Edit the subject line of an email |
Reassign emails from inbox | Enable/Disable | Enable or Disable the ability for a user to Reassign emails to a different Queue, a specific User or themself. Permission function is currently under review |
Reassign emails from sent | Enable/Disable | Enable or Disable the ability for a user to Reassign sent emails to a different Queue, a specific User or themself Permission function is currently under review |
Return email back to queue | Enable/Disable | Enable or Disable the ability for a user to return an email which has been assigned to them, back to the Queue it came from. |
View all email queues in inbox | Enable/Disable | Enable or Disable the ability for a user to view the inbox of Email Queues Requires the Routing Profile assigned to the user, to have the Email Queue assigned |
View all email queues in sent items | Enable/Disable | Enable or Disable the ability for a user to view the sent items of Email Queues |
View assigned emails in inbox | Enable/Disable | Enable or Disable the ability for a user to see assigned emails and they user they are assigned to |
View discard email queue in sent items | Enable/Disable | Enable or Disable the ability for a user to see the discarded emails in the sent items. |
View escalated emails in inbox | Enable/Disable | Enable or Disable the ability for a user to see emails which have been marked as escalated. |
Analytics and Optimization permissions
Permission Type | Action | Description of Permission |
|---|---|---|
Mini dashboard | Enable/Disable | Enable or Disable the ability for a user to see the Real Time Mini Dashboard showing active waiting interactions. Only shows statistics of the queues configured in the users assigned routing profile, or active routing profile version. Recommended for all Users. |
Agent Desktop configuration permissions
Permission Type | Action | Description of Permission |
|---|---|---|
Agent hierarchy | All | Full access to all available actions. |
View | View all Agent hierarchy configuration. | |
Edit | Edit all Agent hierarchy configuration. | |
Applications | All | Full access to all available actions. |
View | View all applications | |
Edit | Edit all applications | |
Create | Create applications | |
Delete | Delete applications | |
Enable/Disable | Enable or Disable applications | |
Connect | All | Full access to all available actions. |
View | View all Amazon Connect configuration. | |
Edit | Edit all Amazon Connect configuration. | |
Contact flow attributes | All | Full access to all available actions. |
View | View all attributes and attribute sets for use within contact flows | |
Edit | Edit all attributes and attribute sets for use within contact flows | |
Create | Create all attributes and attribute sets for use within contact flows | |
Delete | Delete all attributes and attribute sets for use within contact flows | |
Customer profiles | Enable/Disable | Enable or Disable Amazon Connect Customer Profiles within Agent Desktop. Requires pre-requsite configuration is required. |
Dispositions | All | Full access to all available actions. |
View | View dispositions. | |
Edit | Edit dispositions. | |
Create | Create dispositions. | |
Delete | Delete dispositions. | |
Email accounts | All | Full access to all available actions. |
View | View all email accounts. | |
Edit | Edit email accounts. | |
Create | Create email accounts. | |
Delete | Delete email accounts. | |
Enable/Disable | Enable or Disable email accounts. | |
Email editor | All | Full access to all available actions. |
View | View the email HTML editor configuration. | |
Edit | Edit the email HTML editor configuration. | |
Email signatures | All | Full access to all available actions. |
View | View all email signatures. | |
Edit | Edit email signatures. | |
Create | Create email signatures. | |
Delete | Delete email signatures. | |
Maintenance | Enable/Disable | Enable or Disable access to maintenance functions. |
Message templates | All | Full access to all available actions. |
View | View all message templates. | |
Edit | Edit message templates. | |
Create | Create message templates. | |
Delete | Delete message templates. | |
SCIM | All | Full access to all available actions. |
View | View the SCIM configuration. | |
Edit | Edit the SCIM configuration. | |
Screen pops | All | Full access to all available actions. |
View | View all screen pop configuration | |
Edit | Edit screen pop configuration | |
Create | Create screen pop configuration | |
Delete | Delete screen pop configuration | |
Enable/Disable | Enable or Disable configured screen pops. | |
Sentiment analysis | Enable/Disable | Enable or Disable Contact Lens sentiment analysis within Agent Desktop. Requires pre-requsite configuration is required. |
Theme | All | Full access to all available actions. |
View | View the theme configuration. | |
Edit | Edit the theme configuration. | |
Transfers | All | Full access to all available actions. |
View | View the transfers configuration. | |
Edit | Edit the transfers configuration. | |
Auto response templates | All | Full access to all available actions. |
View | View all auto response templates. | |
Edit | Edit auto response templates. | |
Create | Create auto response templates. | |
Delete | Delete auto response templates. | |
Email routing | All | Full access to all available actions. |
View | View all email routing configuration. | |
Edit | Edit email routing configuration. | |
Create | Create email routing configuration. | |
Delete | Delete email routing configuration. | |
Enable/Disable | Enable or Disable email routing rules. |
Supervisor dashboard permissions
Permission Type | Action | Description of Permission |
|---|---|---|
Barge In | Enable/Disable | Enable or Disable the ability to Barge In to active calls. |
Change agent states | Enable/Disable | Enable or Disable the ability to Change Agent States |
Agent Dashboard | Enable/Disable | Enable or Disable the ability to view the Agent Dashboard |
Queue Dashboard | Enable/Disable | Enable or Disable the ability to view the Queue Dashboard |
Monitor Calls | Enable/Disable | Enable or Disable the ability to Monitor Active calls (Silent Listening). |