Security and User Permissions
Overview
This document throws the light on how Keycloak is integrated with Unified Admin and Agent Desk regarding user authorization. For user authorization, we need to setup resources within the EF realm and assign scopes to the resources. In Keycloak, there are two ways to manage the user authorization, i.e. Role-based access, Scope-based permissions. We use Role-based access to authorize user roles and permissions to access a resource.
See Keycloak Client Resource Management Setup to understand more on how to create roles, users, scopes and resources on Keycloak.
See Keycloak Configuration to see how to configure Keycloak once the Expertflow software is installed.
User Authorization with Agent Desk
All necessary resources and scopes of Agent Desk are automatically added within Keycloak when you import the expertflow realm.
The following resources and scopes mapping are predefined within Keycloak when you import the expertflow realm. See Keycloak Configuration to learn more about it.
Resource - Scope Mapping
Resource | Description | View Scope | Manage Scope |
---|---|---|---|
state-change | This includes changing the agent's global as well as MRD state. | Change global (Ready, Not ready) as well as MRD states | N/A |
customer-list | Manage the customer list and all operations available on the List view. This includes creating customers, editing profiles, linking customers to conversations. | list, view | create/edit customer, link/relink customer, list, |
customer-conversation- view | See customer conversation and all operations related to managing a conversation | Current conversation activities (messages exchanged between the customer and the bot before arriving on the agent end), send message, switch between active chats, all chat controls except those which are protected as a separate, independent resource (Leave chat, e.g.) | View past history ( by clicking on "Load more") |
leave-chat | This gives the ability to leave a chat room by clicking the close icon in the conversation | leave chat | N/A |
customer-labels (reserve for future) | Manage customer labels | list, assign (pre-generated labels only) | Create, edit, delete, list, assign labels |
customer-schema | Manage customer schema | list, view | Create, edit, delete, list |
subscribed-list | This includes all operations related to Subscribed Chats lists (join, end, view chats list) | List, Subscribe/Unsubscribe, Join chat | End chat (close chat from the Pull-based list) |
team-announcements (reserve for future) | All operations related to managing team announcements | list, view | Create, edit, delete, list |
supervisor-dashboard | Viewing dashboards | View (all operations) | N/A |
Customer labels | All operations related to managing customer labels | list, view, assign label (includes dynamic creation of labels) | Create, Edit, Delete Labels from Labels list |
Role-Scope Mapping:
Role | Description | Assigned Scope |
---|---|---|
Agent | This is a contact center agent who is supposed to take customer chat requests and answer them. | View (State Change, Customer Labels, Subscribed Lists, Leave Chat, Customer List, Conversation View, Customer Labels), Manage (Customer List, Conversation View) |
Supervisor | This is a contact center supervisor who is managing agents and also take chat requests. | View (State Change, Subscribed Lists, Leave Chat, Customer Schema, Customer List, Conversation view), Manage (Customer List, Customer Schema, Supervisor Dashboards, Subscribed Lists, Conversation View, Customer Labels) |
Admin | This is a super user, a contact center admin whose main purpose of logging into the Agent Desk is to define the Customer Schema. | View, Manage (all resources) except for the State Change |
User Authorization with Unified Admin
All necessary resources and scopes of Unified Admin are automatically added within Keycloak when you import the expertflow realm.
The following resources and scopes mapping are predefined within Keycloak when you import the expertflow realm. See Keycloak Configuration to learn more about it.
Resource - Scope Mapping
Resource | Resource Description | View Scope | Manage Scope |
---|---|---|---|
routing-engine | This includes everything that comes under this group i.e. agents, queues, MRDs and attributes. | View | Create, Edit ,Delete |
channel-manager | This includes everything that comes under this group i.e. channel types, channel provider, channel connector, channel settings. | View | Create, Edit ,Delete |
bot-settings | This includes bot settings. | View | Create, Edit ,Delete |
general-settings | This includes license and locale info. | View | Create, Edit |
web-widget | This includes everything that comes under this group. | View | Create, Edit ,Delete |
forms | This includes everything that comes under this group i.e. forms list and form settings. | View | Create, Edit ,Delete |
pull-mode-list | This includes everything that comes under this group i.e. list view and list settings. | View | Create, Edit ,Delete |
reason-code | This includes everything that comes under this group. | View | Create, Edit ,Delete |
Role-Scope Mapping:
Role | Role Description | Scope |
---|---|---|
admin | This is the contact center administrator who is supposed to manage system-wide settings. | View, Manage (all*) |
*All means all resources mentioned in the table (Resource-Scope Mapping) above.