Roles and Permissions Overview

Permissions and roles work together to define what users can do in inContact Workforce Optimization. First, you will create one or more roles and associate specific permissions with it. Then you will assign the role(s) to user(s) so that they can have access to the information and functionality they need. Key facts about roles include:

  • Roles can be edited, copied, and deleted. Copying roles can help ensure permissions are assigned consistently. For example, you might have two sets of agents who handle calls from different ACD groups, but the agents require the same set of permissions. Copying a role ensures that the agents have exactly the same permissions. You can then associate each role with the appropriate ACD group.
  • Role permissions are cumulative. For example, Role A has Permission 1, and Role B does not have Permission 1. If a user is assigned both Role A and Role B, that user will have Permission 1.
  • inContact WFO permissions do not conflict.
  • inContact WFO allows you to create an unlimited number of roles. Having more roles allows security to be more granular and targeted to the needs of specific users. But more roles can be confusing to administer, and users may not know what roles they need when they request access.
  • You can assign roles to users when you create their accounts and remove roles from users by editing their accounts.
  • You can change role assignments for multiple users at once.
  • The same role can be assigned to multiple users.
  • The same user can be assigned multiple roles.

At the time of installation, inContact WFO includes:

  • One default role named DefaultAgent. You cannot delete this role but you can edit its permissions.
  • A Superuser account with all permissions. The superuser access level is not considered a role. You can grant superuser access to individual users, but inContact recommends that you limit the number of superusers for security reasons. Superuser access is not required to administer inContact WFO.

Associating Roles and Groups

The permissions included in a role determine what the user can do. In order to control what the user can access (recordings, agents, and so forth), roles can be associated with inContact Groups, ACD gates, and ACD groups.

For example, Supervisor A needs to listen to recordings of calls made by agents in ABC group. Supervisor A must be assigned a role with both of these permissions:

  • Allow Viewing of User's Own Records
  • Access to ABC Group

associating Roles with inContact Groups

When you associate a role with an inContact Group, users with that role can access all audio recordings associated with that group. Additional permissions are required to view video, QA evaluations, and so forth, for group members.

Key facts about associating roles with inContact Groups include:

  • Assigning a user to a role associated with an inContact Group does not make the user a member of the group.
  • The same group can be associated with multiple roles.
  • In Call List and Recorded Interactions list filtering tools for inContact Groups, users will only see those groups associated with their assigned role(s). This is true even if the user is a member of an inContact Group, but their role is not associated with that group.

associating Roles with ACD Groups or gates

Most PBX/ACD systems offer one or more means of grouping agents. Depending on the system, terminology may vary: labor groups, hunt groups, skills, gates, and queues are just a few of the naming conventions.

When you associate a role with an ACD group or gate, users with that role can access all audio recordings associated with that agent grouping. Additional permissions are required to view video, QA evaluations, and so forth, for grouping members.

Key facts about associating roles with agents groups or gates include:

  • Assigning a user to a role associated with an ACD group or gate does not make the user a member of that grouping. These memberships are configured on your PBX/ACD.
  • The same ACD group or gate can be associated with multiple roles.
  • In Call List and Recorded Interactions list filtering tools, users will see all available groupings listed under the ACD Groups and ACD Gatesmenus. However, they will only be able to see and play recordings for a grouping if they have a role with permission to do so.

Role Strategy and Design

Before creating users, develop a single plan that governs the use of groups and roles. The following two generic plans may help you decide the best plan for your organization.

Plan 1: Small Team

In this scenario, a company has one location, and 30 agents are divided evenly to work three eight-hour shifts. Each shift has a supervisor who reviews call records and performs quality evaluations.

The company owner and another employee, the system admin, administer the network and inContact WFO. They can create users, change system settings, and also perform tasks that supervisors do. All calls are for the company's products.

The company could use the following design.

Agent Group and Role

All users to be recorded (agents) are placed in an inContact Group named Agent and are also assigned a role named Agent. The Agent role has these permissions:

  • Allow Password Changes
  • Allow Viewing of QA Evaluations
  • Allow Viewing Call Reports
  • Allow Viewing QA Reports
  • Allow Viewing of User's Own Records

These are the same permissions included in the Default Agent role, which could be used instead.

Supervisor Group and Role

All supervisors are placed in an inContact Group named Supervisor, and are also assigned a role named Supervisor. The Supervisor role has these permissions:

  • Allow Viewing of QA Evaluations
  • Allow QA Form Administration
  • Allow Content Library Management
  • Allow Editing of Completed QA Evaluations
  • Allow Performing QA Evaluations
  • Allow Viewing Call Reports
  • Allow Viewing QA Reports
  • Allow Viewing of User's Own Records

The Supervisor role is also associated with the Agent group.

Administrator Role

A role named Administrator is assigned directly to the company owner and the system administrator, and includes these permissions:

  • Allow User Administration
  • Allow Password Changes
  • Allow System Configuration
  • Allow Scheduling
  • Allow Group Administration
  • Allow Viewing of QA Evaluations
  • Allow QA Form Administration
  • Allow Content Library Management
  • Allow Editing of Completed QA Evaluations
  • Allow Performing QA Evaluations
  • Allow Viewing Call Reports
  • Allow Viewing QA Reports
  • Allow Viewing of User's Own Records
  • Allow Viewing All Call Records & QA Evaluations

Plan 2: Multiple Teams

In this scenario, the company has three locations, and 120 agents who work a variety of shifts. All agents answer calls for the company's products. Some English-speaking agents answer calls for a new product, Product X. Another group answers Spanish callers.

The company owner, the IT manager, and the contact center manager administer the network and inContact WFO. They can create users, change system settings, and also perform tasks that supervisors do.

This more complex organization could use the following design.

Agent Group and Role

All agents who take English calls are placed in an inContact Group named Agent, and are also assigned a role named Agent. The Agent role has these permissions:

  • Allow Password Changes
  • Allow Viewing of QA Evaluations
  • Allow Viewing Call Reports
  • Allow Viewing QA Reports
  • Allow Viewing of User's Own Records

These are the same permissions included in the Default Agent role, which could be used instead.

Supervisor Group and Role

All supervisors of English-language agents are placed in an inContact Group named Supervisor, and are also assigned a role named Supervisor. The Supervisor role has these permissions:

  • Allow Viewing of QA Evaluations
  • Allow QA Form Administration
  • Allow Content Library Management
  • Allow Editing of Completed QA Evaluations
  • Allow Performing QA Evaluations
  • Allow Viewing Call Reports
  • Allow Viewing QA Reports
  • Allow Viewing of User's Own Records

The Supervisor role is also associated with the Agent group.

Spanish Agent Group and Role

Only agents who answer Spanish callers are assigned to this group. They are also assigned a role named Spanish Agent. This role has the same permissions as the Agent role, but is also associated with the ACD Gate that routes Spanish callers.

Spanish Supervisor Group and Role

Only supervisors for the agents who answer Spanish callers are assigned to this group. They are also assigned a role named Spanish Supervisor. This role has the same permissions as the Supervisor role, but is associated with the Spanish Agent inContact Group.

Product X Group and Role

Agents who take calls for Product X should be assigned to this group. They should be assigned the Agent role and also be assigned a second role named Product X. This role should be associated with the ACD Gate that routes Product X callers. This design allows for the correct association between agents and calls, and enables reporting specific to Product X interactions. Any supervisor can evaluate these calls, so the Supervisor role is associated with the Product X group. There is no need for a Product X Supervisor group or role.

Administrator Role

A role named Administrator can be assigned directly to the company owner, IT administrator, and the contact center manager. The Administrator role includes these permissions:

  • Allow User Administration
  • Allow Password Changes
  • Allow System Configuration
  • Allow Scheduling
  • Allow Group Administration
  • Allow Viewing of QA Evaluations
  • Allow QA Form Administration
  • Allow Content Library Management
  • Allow Editing of Completed QA Evaluations
  • Allow Performing QA Evaluations
  • Allow Viewing Call Reports
  • Allow Viewing QA Reports
  • Allow Viewing of User's Own Records
  • Allow Viewing All Call Records & QA Evaluations

Specialized roles

Roles can also be created to fine-tune permissions for features like quality management and reporting. These roles can then be assigned to users as needed. This allows you to maintain base roles for the majority of users while providing flexibility for custom roles.

For example, suppose only three of your contact center supervisors should be able to create new QA forms. You could create a specialized role named QA Form Designer. Then you would assign the Allow QA Form Administration permission only to that role, and that role only to the relevant users.

As another example, some organizations have only a few employees who create and manage custom reports. In this scenario, you could create a role named Reporting Admin. Then you would assign the Allow WFO Ad Hoc Reporting and Allow Report Subscriptions permissions only to that role, and that role only to relevant users.

This approach is often used for granting permissions related to applications like inContact Speech Analytics and inContact Survey.

AD Group Role Synchronization

This feature is not available in Hybrid deployments.

To simplify administration, users may be placed in one or more Active Directory (AD) groups that have access to inContact WFO. You can then relate inContact WFO roles to AD group names, and user roles, permissions, and associated inContact Groups are synchronized at each login based on the user’s AD group membership. This feature is called AD Group Role Synch.

AD Group Role Synch is typically configured during your initial system installation. Because AD groups may change after installation, you may need to edit or configure these settings from time to time. For more information on these settings, see Page Details: Security Settings

Related Tasks

Related References