How You Use Role Access to Define Permissions
Setting permissions carefully and thoughtfully greatly enhances the security of your site. This is particularly true regarding administrator permissions, which typically let staff members edit configuration settings and administrative controls.
One method for determining the permissions you grant is to use a role-access method. While no contrived set of roles will represent any organization perfectly, the four job types used here demonstrate a general scenario of how permissions might be set up.
- Administrator—Staff member with access to all functionality.
- Supervisor—Staff member with supervisory responsibilities but no responsibility for configuring your site.
- Staff member—Staff member with access to data but no administrative controls.
- Developer—Staff member with access to development and integration interfaces.
Although this table doesn’t contain a complete list of all the permissions available, it does provide a list of those permissions having direct security ramifications.
Setting |
Functionality |
Roles |
---|---|---|
Administration | ||
Administration | Create and edit these items:
|
Administrator |
Groups/Accounts/Distribution Lists | Access staff accounts and distribution lists. | Administrator Supervisor |
System Error Log | Access log files under Site Configuration. | Administrator Supervisor |
Workspace Designer | Access Workspaces and Workflows explorers and designers. | Administrator Supervisor |
Scripting | Create and edit agent scripts. | Administrator Developer |
Object Designer | Create custom objects. | Administrator Developer |
Message Templates | Customize administrator notifications, administrator emails, and contact emails. | Administrator |
Access Control | Access the Access Control editor to configure staff and customer settings permissions for Community Self Service. | Administrator Supervisor |
CP Promote | Promote customer portal pages from the staging area to the production area. | Administrator Developer |
CP Stage | Copy customer portal development files to the staging area. | Administrator Developer |
CP Edit | Access the Customer Portal Administration site and edit customer portal pages in the development area using WebDAV. | Administrator Developer |
Rules View | View business rules. | Administrator Supervisor Staff member |
Data Import | Import data, including answers, contacts, incidents, organizations, and custom objects. | Administrator Supervisor |
Process Designer | Create custom processes. | Administrator Developer Supervisor Staff member |
Virtual Assistant Edit | Access to configuration of the virtual assistant. | Administrator |
Broadcast Notifications | Send messages to other staff members. | Administrator Supervisor |
Configuration | Access to these areas and functionality:
|
Administrator |
Business Process Settings | Define interface appearance and functionality,
including:
|
Administrator Supervisor |
Rules Edit | Edit business rules. | Administrator Supervisor |
Profiles | Add and edit profiles. | Administrator |
SSO Login (SAML 2.0) | Allows login only through an identity provider,
that is, using a single sign-on process. B2C Service uses the SAML 2.0 protocol for single sign-on. |
Administrator |
Skill Edit | Access to configuration of advanced routing. | Administrator Supervisor |
Agent Browser User Interface | Access to the B2C Service using the Agent Browser UI through account authentication. | Administrator Supervisor Staff member |
Public SOAP API | Access the public SOAP API through account or session authentication. | Administrator Developer |
Public Knowledge Foundation API | Access the public Knowledge Foundation API through account or session authentication. | Administrator Developer Supervisor Staff member |
Organizations | ||
Add, edit, delete, and view organizations. | Administrator | |
Edit and view organizations. | Supervisor | |
View organizations. | Staff member | |
Contacts | ||
Add, edit, delete, view, and move contacts. | Administrator | |
Add, email, edit, delete, and view contacts. | Supervisor | |
Email, edit, and view contacts. | Staff member | |
Service | ||
Incidents | Add, edit, view, and delete incidents; propose incidents as answers; respond to incidents. | Administrator Supervisor |
Add, edit, and respond to incidents. | Staff member | |
Answers | Add, edit, and delete answers; set answers to public status. | Administrator Supervisor |
Add and edit answers. | Staff member | |
Asset | Add, edit, delete, and view assets. | Administrator Supervisor |
View and edit assets. | Staff member | |
Opportunities | ||
Create, edit, delete, view, respond to leads, and send quotes. | Administrator | |
Create, edit, and view leads, and send quotes. | Supervisor | |
View leads and send quotes. | Staff member | |
Outreach | ||
Create, edit, delete, and view mailings, campaigns, documents, templates, snippets, file attachments, tracked links, segments, and contact lists. | Administrator | |
Edit and view mailings, campaigns, documents, templates, snippets, file attachments, tracked links, segments, and contact lists. | Supervisor | |
View mailings, campaigns, documents, templates, snippets, file attachments, tracked links, segments, and contact lists. | Staff member | |
Feedback | ||
Create, edit, delete, and view surveys, questions, documents, templates, snippets, file attachments, tracked links, segments, and contact lists. | Administrator | |
Edit and view surveys, questions, documents, templates, snippets, file attachments, tracked links, segments, and contact lists. | Supervisor | |
View surveys, questions, documents, templates, snippets, file attachments, tracked links, segments, and contact lists. | Staff member | |
Tasks | ||
Create, edit, delete, and view tasks. | Administrator | |
Edit, view, and delete tasks. | Supervisor | |
View tasks. | Staff member | |
Analytics | ||
Create, edit, view, customize, print, export, and forward reports. | Administrator | |
Edit, view, customize, print, export, and forward reports. | Supervisor | |
View, edit, print, export, and forward reports. | Staff member |