Roles and Permissions Overview
Permissions and roles work together to define what users can do in NICE Uptivity. First, you create one or more roles and associate specific permissions with it. Then you assign the role(s) to user(s) so they have access to the information and functionality they need. Key facts about roles include:
- Roles can be edited, copied, and deleted. Copying roles can help ensure permissions are assigned consistently. For example, you might have two sets of agents who handle calls from different ACD groups, but the agents require the same set of permissions. Copying a role ensures that the agents have exactly the same permissions. You can then associate each role with the appropriate ACD group.
- Role permissions are cumulative. For example, Role A has Permission 1, and Role B does not have Permission 1. If a user is assigned both Role A and Role B, that user will have Permission 1.
- Uptivity permissions do not conflict.
- Uptivity allows you to create an unlimited number of roles. Having more roles allows security to be more granular and targeted to the needs of specific users. But more roles can be confusing to administer, and users may not know what roles they need when they request access.
- You can assign roles to users when you create their accounts and remove roles from users by editing their accounts.
- You can change role assignments for multiple users at once.
- The same role can be assigned to multiple users.
- The same user can be assigned multiple roles.
At the time of installation, Uptivity includes:
- One default role named DefaultAgent. You cannot delete this role but you can edit its permissions.
- A Superuser account with permissions to all functionality and data in NICE Uptivity. The superuser access level is not considered a role. You can grant superuser access to individual users, but you should limit the number of superusers for security reasons. Superuser access is not required to administer Uptivity.
Associating Roles and Groups
The permissions included in a role determine what the user can do. In order to control what the user can access (recordings, agents, and so forth), roles can be associated with QA Groups, ACD gates, and ACD groups.
For example, Supervisor A needs to listen to recordings of calls made by agents in ABC group. Supervisor A must be assigned a role with both of these permissions:
- Allow Viewing All Call Records & QA Evaluations
- Access to ABC Group
associating Roles with QA Groups
When you associate a role with an QA Group, users with that role can access all audio recordings associated with that group. Additional permissions are required to view video (that is, screen recordings), QA evaluations, and so forth, for group members.
Key facts about associating roles with QA Groups include:
- Assigning a user to a role associated with an QA Group does not make the user a member of the group.
- The same group can be associated with multiple roles.
- In Call List and Recorded Interactions list filtering tools for QA Groups, users will only see those groups associated with their assigned role(s). This is true even if the user is a member of an QA Group, but their role is not associated with that group.
associating Roles with ACD Groups or gates
Most PBX/ACD systems offer one or more means of grouping agents. Depending on the system, terminology may vary: labor groups, hunt groups, skills, gates, and queues are just a few of the naming conventions.
When you associate a role with an ACD group or gate, users with that role can access all audio recordings associated with that agent grouping. Additional permissions are required to view video (that is, screen recordings), QA evaluations, and so forth, for grouping members.
Key facts about associating roles with agent groups or gates include:
- Assigning a user to a role associated with an ACD group or gate does not make the user a member of that grouping. These memberships are configured on your PBX/ACD.
- The same ACD group or gate can be associated with multiple roles.
- In Call List and Recorded Interactions list filtering tools, users will see all available groupings listed under the ACD Group and ACD Gate menus. However, they will only be able to see and play recordings for a grouping if they have a role with permission to do so.
Role Strategy and Design
Before creating users, develop a single plan that governs the use of groups and roles. The following two generic plans may help you decide the best approach for your organization.
Plan 1: Small Team
In this scenario, a company has one location, and 30 agents are divided evenly to work three eight-hour shifts. Each shift has a supervisor who reviews call records and performs quality evaluations.
The company owner and another employee, the system admin, administer the network and Uptivity. They can create users, change system settings, and also perform tasks that supervisors do. All calls are for the company's products.
The company could use the following design.
Agent Group and Role
All users to be recorded (agents) are placed in an QA Group named Agent and are also assigned a role named Agent. The Agent role has these permissions:
- Allow Password Changes
- Allow Viewing of QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
These are the same permissions included in the Default Agent role, which could be used instead.
Supervisor Group and Role
All supervisors are placed in an QA Group named Supervisor, and are also assigned a role named Supervisor. The Supervisor role has these permissions:
- Allow Viewing of QA Evaluations
- Allow QA Form Administration
- Allow Content Library Management
- Allow Editing of Completed QA Evaluations
- Allow Performing QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
- Allow Viewing All Call Records & QA Evaluations
The Supervisor role is also associated with the Agent group.
Administrator Role
A role named Administrator is assigned directly to the company owner and the system administrator, and includes these permissions:
- Allow User Administration
- Allow Password Changes
- Allow System Configuration
- Allow Scheduling
- Allow Group Administration
- Allow Viewing of QA Evaluations
- Allow QA Form Administration
- Allow Content Library Management
- Allow Editing of Completed QA Evaluations
- Allow Performing QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
- Allow Viewing All Call Records & QA Evaluations
Plan 2: Multiple Teams
In this scenario, the company has three locations and 120 agents who work a variety of shifts. All agents answer calls for the company's products. Some English-speaking agents answer calls for a new product, Product X. Another group answers Spanish callers.
The company owner, the IT manager, and the contact center manager administer the network and Uptivity. They can create users, change system settings, and also perform tasks that supervisors do.
This more complex organization could use the following design.
Agent Group and Role
All agents who take English calls are placed in an QA Group named Agent, and are also assigned a role named Agent. The Agent role has these permissions:
- Allow Password Changes
- Allow Viewing of QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
These are the same permissions included in the Default Agent role, which could be used instead.
Supervisor Group and Role
All supervisors of English-language agents are placed in an QA Group named Supervisor, and are also assigned a role named Supervisor. The Supervisor role has these permissions:
- Allow Viewing of QA Evaluations
- Allow QA Form Administration
- Allow Content Library Management
- Allow Editing of Completed QA Evaluations
- Allow Performing QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
- Allow Viewing All Call Records & QA Evaluations
The Supervisor role is also associated with the Agent group.
Spanish Agent Group and Role
Only agents who answer Spanish callers are assigned to this group. They are also assigned a role named Spanish Agent. This role has the same permissions as the Agent role, but is also associated with the ACD Gate that routes Spanish callers.
Spanish Supervisor Group and Role
Only supervisors for the agents who answer Spanish callers are assigned to this group. They are also assigned a role named Spanish Supervisor. This role has the same permissions as the Supervisor role, but is associated with the Spanish Agent QA Group.
Product X Group and Role
Agents who take calls for Product X are assigned to this group. They are assigned the Agent role and also assigned a second role named Product X. This role is associated with the ACD Gate that routes Product X callers. This design allows for the correct association between agents and calls, and enables reporting specific to Product X interactions. Any supervisor can evaluate these calls, so the Supervisor role is associated with the Product X group. There is no need for a Product X Supervisor group or role.
Administrator Role
A role named Administrator can be assigned directly to the company owner, IT administrator, and the contact center manager. The Administrator role includes these permissions:
- Allow User Administration
- Allow Password Changes
- Allow System Configuration
- Allow Scheduling
- Allow Group Administration
- Allow Viewing of QA Evaluations
- Allow QA Form Administration
- Allow Content Library Management
- Allow Editing of Completed QA Evaluations
- Allow Performing QA Evaluations
- Allow Viewing Call Reports
- Allow Viewing QA Reports
- Allow Viewing of User's Own Records
- Allow Viewing All Call Records & QA Evaluations
Specialized roles
Roles can also be created to fine-tune permissions for features like quality management and reporting. These roles can then be assigned to users as needed. This allows you to maintain base roles for the majority of users while providing flexibility for custom roles.
For example, suppose only three of your contact center supervisors should be able to create new QA forms. You could create a specialized role named QA Form Designer. Then you would assign the Allow QA Form Administration permission only to that role, and that role only to the relevant users.
As another example, some organizations have only a few employees who create and manage custom reports. In this scenario, you could create a role named Reporting Admin. Then you would assign the Allow WFO Ad Hoc Reporting and Allow Report Subscriptions permissions only to that role, and that role only to relevant users.
This approach is often used for granting permissions related to applications like NICE Uptivity Speech Analytics and NICE Uptivity Survey.
AD Group Role Synchronization
To simplify administration, users may be placed in one or more Active Directory (AD) groups that have access to Uptivity. You can then relate Uptivity roles to AD group names, and user roles, permissions, and associated QA Groups are synchronized at each login based on the user’s AD group membership. This feature is called AD Group Role Synch.
AD Group Role Synch is typically configured during your initial system installation. Because AD groups may change after installation, you may need to edit or configure these settings from time to time. For more information on these settings, see Security Settings.
Related Tasks
- Create Roles
- Edit Roles
- Copy Roles
- Edit Role Assignments for Multiple Users
- Delete Roles
- Add Active Directory (AD) Groups for Role Synchronization
- Edit Active Directory (AD) Groups for Role Synchronization
- Remove Active Directory (AD) Groups from Role Synchronization