Skip to main content
Skip table of contents

AgentDesk Permissions - Resource, Scope & Groups Mapping

All Resources are defined in Keycloak in spinal-case

All Scopes and Groups are defined in Keycloak in snake_case

Note that the following table and group segregation are for agents only and not for Supervisors. Supervisor permissions structure should remain intact as working in the previous versions.






1Customer PIIFor security reasons, the PII customer data should be protected from unauthorized access. customer

view_pii: With this scope, agent can see all PII attributes of a customer (without masking).

masked_pii:  With this scope agent can only see customer attributes as masked.

senior_agents: view_pii scope is linked to it.

agents: masked_pii scope is linked to it.

2Access Customer Profiles 

Agents are able to view customer profiles with this permission, without an active conservation view with a customer


view: Agent with this scope can view the customer profile without any active session with a customer. 

All agents, senior agents, supervisors are able to access the customer list.


Edit Customer Profile

  1. Agent are able to edit customer profiles with this permission, without any active session with a customer
  2. Agent can able to edit customer profiles (including linking the conversation with a different profile)  with this permission, only when an active session with a customer.

manage: Agent with this scope can edit the customer profile without any active session with a customer.

manage_in_conversation: Agent with this scope can edit the customer profile ( link profiles) only when the conversation view is visible.

agents:  All agents have the manage_in_conversation scope assigned.

senior_agents: have the manage scope assigned. 

4Create New Customer

Admin/Supervisor can able to create new customer 


manage: Agent with this scope can create new customer.

senior_agents: manage scope is linked to it.

5Manage Customer SchemaAdmin/Supervisor can manage (create/update/delete) customer schema customer-schemamanage: Users with this permission can Create/Edit/Delete Customer Schema.

supervisor: manage scope is linked to it.

(role based)

6View Customer SchemaOnly specialized agents can view customer schemacustomer-schema

view:  Agents/Supervisors with this scope has permission to view customer schema list.

senior_agents: view scope is linked to it.

Assign Labels

Agent can assign labels with this permission.customer-labels

assign_label: Agent with this scope can Create/View and Assign labels to customer.

agents: assign_label scope is linked to it.

8Manage LabelsSupervisor can manage labels with this permission.customer-labelsmanage: Supervisors with this permission can Edit/Delete labels.

supervisor: manage scope is linked to it.

(role based)


View Customer History

With this permission, an agent can view activities of older conversations with this customer. 

An additional requirement: 

Different access levels to view customer history for an agent:

  1. Access to active conversations only and not to past conversations 
  2. Complete access to Conversation History while agent have an active conversation with a customer 
  3. Complete access to Conversation History regardless of any active conversation with a customer 
  4. Complete history should be visible from agent-interacted customers only (Reserved for future - Need to be looked on API level whether its possible or not).
  5. View last week conversation history only. (Keycloak Limitation)

view_history_active_customer : Agent with this scope have complete access to Conversation History only if agent interacted with customer in conversation view.

view_history : Agent with this scope have complete access to Conversation History regardless of any active conversation with a customer in conversation view.

view_history_interacted_customer :

(Reserved for future)

senior_agents: view_history scope is linked to this group. Only Senior Agents can view history of any customer with or without any Active Conversation.

agents:  view_history_active_customer is linked to this group. Agents with this scope can only see the past conversations of customer once an active conversation with the same customer is going on.

10Do Direct TransferAgent can transfer a chat to other agents/supervisors using this permission so that only the users having these permission should be able to transfer a conversation to supervisors or other agents.agent-conversation-control

view_direct_transfer: Agent with this scope has permission to transfer chat directly (without consult) to other agents/suprevisors to save customer time. (covers both use-cases for queue-transfer and agent-transfer)

agents: view_direct_transfer scope is linked to this group.

11Do ConferenceAgent can add other agents/supervisors as a primary participant to active conversation. (Currently an agent can add only single agent/supervisor as a primary participant).agent-conversation-controlview_conference: Agent with this scope has permission to add other agent/supervisor as primary participant in active conversation with customer.agents: view_conference scope is linked to this group.

Start a new session / agent initiated messaging

All agents, senior agents, supervisors should be able to start a new channel session or a new conversation with a customer.


view_initiate_chat:  Agent with this scope has the permission to start a new conversation or a new channel session within a conversation, on available media channels.

All agents, senior agents, supervisors should be able to start a new channel session or a new conversation with a customer.
13Add Wrap-up/ Notes

Agent can able to add wrap-up notes with this permission.


view_wrap_up:  Agent with this scope has permission to add wrap-up notes.

agents: view_wrap_up scope is linked to this group.

14Leave ChatAgent/Supervisor will be able to leave chatagent-conversation-controlview_leave_chat: Agent with this scope has permission to leave chat.

agents: view_leave_chat scope is linked to this group.


State Change

User will be able to change and view agent and MRD statesstate-change


agents: manage_state_change scope is linked to this group.

16Subscribed ListAgent/Supervisor will be able to mange subscribed listsubscribed-list

view: Agent with this scope has permission see and join available chat.

manage: Supervisor with this scope has permission see, join, end chat.

agents: view scope is linked to this group.

supervisor: manage scope is linked to this role.

(Role based)

17Supervisor DashboardSupervisor can view all dashboards (for now)supervisor


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.