Roles and Permissions Overview
Permissions and roles work together to define what users can do in inContact Workforce Optimization. First, you will create one or more roles and associate specific permissions with it. Then you will assign the role(s) to user(s) so that they can have access to the information and functionality they need. Key facts about roles include:
- Roles can be edited, copied, and deleted. Copying roles can help ensure permissions are assigned consistently. For example, you might have two sets of agents who handle calls from different
- Role permissions are cumulative. For example, Role A has Permission 1, and Role B does not have Permission 1. If a user is assigned both Role A and Role B, that user will have Permission 1.
- inContact WFO permissions do not conflict.
- inContact WFO allows you to create an unlimited number of roles. Having more roles allows security to be more granular and targeted to the needs of specific users. But more roles can be confusing to administer, and users may not know what roles they need when they request access.
- You can assign roles to users when you create their accounts and remove roles from users by editing their accounts.
- You can change role assignments for multiple users at once.
- The same role can be assigned to multiple users.
- The same user can be assigned multiple roles.
At the time of installation, inContact WFO includes:
- One default role named DefaultAgent. You cannot delete this role but you can edit its permissions.
- A Superuser account with all permissions. The superuser access level is not considered a role. You can grant superuser access to individual users, but inContact recommends that you limit the number of superusers for security reasons. Superuser access is not required to administer inContact WFO.
Associating Roles and Groups
The permissions included in a role determine what the user can do. In order to control what the user can access (recordings, agents, and so forth), roles can be associated with inContact Groups and
For example, Supervisor A needs to listen to recordings of calls made by agents in ABC group. Supervisor A must be assigned a role with both of these permissions:
- Allow Viewing of User's Own Records
- Access to ABC Group
associating Roles with inContact Groups
When you associate a role with an inContact Group, users with that role can access all audio recordings associated with that group. Additional permissions are required to view video, QA evaluations, and so forth, for group members.
Key facts about associating roles with inContact Groups include:
- Assigning a user to a role associated with an inContact Group does not make the user a member of the group.
- The same group can be associated with multiple roles.
- In Call List and Recorded Interactions list filtering tools for inContact Groups, users will only see those groups associated with their assigned role(s). This is true even if the user is a member of an inContact Group, but their role is not associated with that group.
associating Roles with inContact Skills
When you associate a role with an
Key facts about associating roles with
- Assigning a user to a role associated with an
- The same
- In Call List and Recorded Interactions list filtering tools, users will see all available groupings listed under the
Role Strategy and Design
Before creating users, develop a single plan that governs the use of groups and roles. The following two generic plans may help you decide the best plan for your organization.
Plan 1: Small Team
In this scenario, a company has one location, and 30 agents are divided evenly to work three eight-hour shifts. Each shift has a supervisor who reviews call records and performs quality evaluations.
The company owner and another employee, the system admin, administer the network and inContact WFO. They can create users, change system settings, and also perform tasks that supervisors do. All calls are for the company's products.
The company could use the following design.
Agent Group and Role
All users to be recorded (agents) are placed in an inContact Group named Agent and are also assigned a role named Agent. The Agent role has these permissions:
- Allow Password Changes
- Allow Viewing of QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
These are the same permissions included in the Default Agent role, which could be used instead.
Supervisor Group and Role
All supervisors are placed in an inContact Group named Supervisor, and are also assigned a role named Supervisor. The Supervisor role has these permissions:
- Allow Viewing of QA Evaluations
- Allow QA Form Administration
- Allow Content Library Management
- Allow Editing of Completed QA Evaluations
- Allow Performing QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
The Supervisor role is also associated with the Agent group.
Administrator Role
A role named Administrator is assigned directly to the company owner and the system administrator, and includes these permissions:
- Allow User Administration
- Allow Password Changes
- Allow System Configuration
- Allow Scheduling
- Allow Group Administration
- Allow Viewing of QA Evaluations
- Allow QA Form Administration
- Allow Content Library Management
- Allow Editing of Completed QA Evaluations
- Allow Performing QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
- Allow Viewing All Call Records & QA Evaluations
Plan 2: Multiple Teams
In this scenario, the company has three locations, and 120 agents who work a variety of shifts. All agents answer calls for the company's products. Some English-speaking agents answer calls for a new product, Product X. Another group answers Spanish callers.
The company owner, the IT manager, and the contact center manager administer the network and inContact WFO. They can create users, change system settings, and also perform tasks that supervisors do.
This more complex organization could use the following design.
Agent Group and Role
All agents who take English calls are placed in an inContact Group named Agent, and are also assigned a role named Agent. The Agent role has these permissions:
- Allow Password Changes
- Allow Viewing of QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
These are the same permissions included in the Default Agent role, which could be used instead.
Supervisor Group and Role
All supervisors of English-language agents are placed in an inContact Group named Supervisor, and are also assigned a role named Supervisor. The Supervisor role has these permissions:
- Allow Viewing of QA Evaluations
- Allow QA Form Administration
- Allow Content Library Management
- Allow Editing of Completed QA Evaluations
- Allow Performing QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
The Supervisor role is also associated with the Agent group.
Spanish Agent Group and Role
Only agents who answer Spanish callers are assigned to this group. They are also assigned a role named Spanish Agent. This role has the same permissions as the Agent role, but is also associated with the
Spanish Supervisor Group and Role
Only supervisors for the agents who answer Spanish callers are assigned to this group. They are also assigned a role named Spanish Supervisor. This role has the same permissions as the Supervisor role, but is associated with the Spanish Agent inContact Group.
Product X Group and Role
Agents who take calls for Product X should be assigned to this group. They should be assigned the Agent role and also be assigned a second role named Product X. This role should be associated with the
Administrator Role
A role named Administrator can be assigned directly to the company owner, IT administrator, and the contact center manager. The Administrator role includes these permissions:
- Allow User Administration
- Allow Password Changes
- Allow System Configuration
- Allow Scheduling
- Allow Group Administration
- Allow Viewing of QA Evaluations
- Allow QA Form Administration
- Allow Content Library Management
- Allow Editing of Completed QA Evaluations
- Allow Performing QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
- Allow Viewing All Call Records & QA Evaluations
Specialized roles
Roles can also be created to fine-tune permissions for features like quality management and reporting. These roles can then be assigned to users as needed. This allows you to maintain base roles for the majority of users while providing flexibility for custom roles.
For example, suppose only three of your contact center supervisors should be able to create new QA forms. You could create a specialized role named QA Form Designer. Then you would assign the Allow QA Form Administration permission only to that role, and that role only to the relevant users.
As another example, some organizations have only a few employees who create and manage custom reports. In this scenario, you could create a role named Reporting Admin. Then you would assign the Allow WFO Ad Hoc Reporting and Allow Report Subscriptions permissions only to that role, and that role only to relevant users.
This approach is often used for granting permissions related to applications like inContact Speech Analytics and inContact Survey.