Role | Purpose |
---|---|
sn_openframe_admin |
Grants access to the OpenFrame Configurations module where you can create, update, and manage OpenFrame configurations |
admin | If the sn_openframe_admin role is not explicitly assigned, the admin role provides access to all configuration modules, including OpenFrame |
Privileges required for an agent
Role | Purpose | Notes |
---|---|---|
sn_openframe_user |
| |
workspace_user | Grants general access to workspaces | |
sn_customerservice_agent |
| either this or ITIL role must be added in order to access respective workspaces |
sn_customerservice.consumer_agent |
| requires user_admin role or ACL to create/update consumer records |
itil |
| |
user_admin | Grants full permissions to manage user records (create, read, update, delete) and manage user roles | agent can not create/update sys_user/contact/consumer records without this role |
customer_contact_manager | Provides full CRUD (create, read, update, delete) access to the customer_contact table | |
x_zvmi_zcc_int.zcc_phone_log_user |
|
Different use cases and required roles/privileges
Use case | Operation | ACL Requirement | Role(s) required |
---|---|---|---|
Get a sys_user record | Read | Requires ACL with read permission | snc_internalor custom role with ACL on sys_user table |
Update a sys_user record | Write | Requires ACL with write permission | user_admin, or custom role with ACL on sys_user table |
Create a sys_user record | Create | Requires ACL with create permission | user_admin, or custom role with ACL on sys_user table |
Delete a sys_user record | Delete | Requires ACL with delete permission | admin, user_adminor custom role with ACL on sys_user table |
Get a customer_contact record | Read | Requires ACL with read permission | sn_customerservice_agent, csm_ws_integration, or custom role with ACL on customer_contact table |
Update a customer_contact record | Write | Requires ACL with write permission | user_admin, customer_contact_manager, csm_ws_integration or custom role with ACL on customer_contact table |
Create a customer_contact record | Create | Requires ACL with create permission | user_admin, customer_contact_manager, csm_ws_integrationor custom role with ACL on customer_contact table |
Delete a customer_contact record | Delete | Requires ACL with delete permission | user_admin, customer_contact_manager, csm_ws_integration or custom role with ACL on customer_contact table |
Interaction records | Requires ACL with read, write, create permission on a custom role | sn_customerservice_agent (for agents in CSM), itil (for agents in ITSM) | |
sn_customerservice_case record | Requires ACL with read, write, create permission on a custom role | sn_customerservice_agent | |
incident record | Requires ACL with read, write, create permission on a custom role | itil | |
OpenFrame window access | View | sn_openframe_user, sn_customerservice_agent (if openframe used in CSM env), sn_customerservice.consumer_agent, itil (if openframe used in ITSM env) | |
Creating OpenFrame configuration | Create | admin, sn_openframe_admin (if available on the instance) | |
Read Phone Call log data | Read | Requires ACL with read, write, create permission on a custom role | x_zvmi_zcc_int.zcc_phone_log_user |
Update Phone Call log data | Write | Requires ACL with read, write, create permission on a custom role | x_zvmi_zcc_int.zcc_phone_log_user |
Create Phone Call log data | Create | Requires ACL with read, write, create permission on a custom role | x_zvmi_zcc_int.zcc_phone_log_user |
Delete Phone Call log data | Delete | Requires ACL with read, write, create permission on a custom role | x_zvmi_zcc_int.zcc_phone_log_user |
How to customize Access Control Rules (ACLs)
To prevent granting excessive permissions, adjust the following ACLs to provide specific table access where roles alone are insufficient:
- sys_user Table:
- Allow the user_admin role to manage user records.
- If only limited access is required, create a custom ACL to grant create/update permissions while restricting delete access.
- customer_contact Table:
- By default, customer_contact_manager can delete records. If this is not required, modify the Delete ACL to exclude this role or replace it with a custom role (e.g., customer_contact_editor).
- csm_consumer Table:
- Ensure the sn_customerservice_agent role has appropriate CRUD permissions to manage consumer records.
How to create custom roles for agents
If customer wants agents to access these tables without assigning broad roles like itil or sn_customerservice_agent, they can create a custom role and configure ACL rules for each table.
- Create a new role:
- Navigate to System Security then Roles.
- Create a new role, for example, zcc_agent_access.
- Update ACLs for the Tables:
- Go to System Security then Access Control (ACL).
- Search for ACL rules in the following tables:
- Interaction (interaction)
- Case (sn_customerservice_case)
- Incident (incident)
- Add the custom role (zcc_agent_access) to the Requires Role list for create, read, and write operations.
- Assign the role to agents:
- Assign the custom role to the users or groups who need access.