AgentDesk Permissions - Resource, Scope & Groups Mapping

All Resources are defined in Keycloak in spinal-case

All Scopes and Groups are defined in Keycloak in snake_case

Note that the following table and group segregation are for agents only and not for Supervisors. Supervisor permissions structure should remain intact as working in the previous versions.

	Permission	Description	Resource	Scopes	Groups
1	Customer PII	For security reasons, the PII customer data should be protected from unauthorized access.	`customer`	view_pii: With this scope, agent can see all PII attributes of a customer (without masking). masked_pii: With this scope agent can only see customer attributes as masked.	`senior_agents: view_pii` scope is linked to it. `agents: masked_pii` scope is linked to it.
2	Access Customer Profiles	Agents are able to view customer profiles with this permission, without an active conservation view with a customer	`customer`	view: Agent with this scope can view the customer profile without any active session with a customer.	All agents, senior agents, supervisors are able to access the customer list.
3	Edit Customer Profile	Agent are able to edit customer profiles with this permission, without any active session with a customer Agent can able to edit customer profiles (including linking the conversation with a different profile) with this permission, only when an active session with a customer.	`customer`	manage: Agent with this scope can edit the customer profile without any active session with a customer. manage_in_conversation: Agent with this scope can edit the customer profile ( link profiles) only when the conversation view is visible.	agents: All agents have the manage_in_conversation scope assigned. senior_agents: have the manage scope assigned.
4	Create New Customer	Admin/Supervisor can able to create new customer	`customer`	manage: Agent with this scope can create new customer.	`senior_agents: manage` scope is linked to it.
5	Manage Customer Schema	Admin/Supervisor can manage (create/update/delete) customer schema	`customer-schema`	manage: Users with this permission can Create/Edit/Delete Customer Schema.	`supervisor: manage` scope is linked to it. (role based)
6	View Customer Schema	Only specialized agents can view customer schema	`customer-schema`	view: Agents/Supervisors with this scope has permission to view customer schema list.	`senior_agents: view` scope is linked to it.
7	Assign Labels	Agent can assign labels with this permission.	`customer-labels`	assign_label: Agent with this scope can Create/View and Assign labels to customer.	`agents: assign_label` scope is linked to it.
8	Manage Labels	Supervisor can manage labels with this permission.	`customer-labels`	manage: Supervisors with this permission can Edit/Delete labels.	`supervisor: manage` scope is linked to it. (role based)
9	View Customer History	With this permission, an agent can view activities of older conversations with this customer. An additional requirement: Different access levels to view customer history for an agent: Access to active conversations only and not to past conversations Complete access to Conversation History while agent have an active conversation with a customer Complete access to Conversation History regardless of any active conversation with a customer Complete history should be visible from agent-interacted customers only (Reserved for future - Need to be looked on API level whether its possible or not). ~~View last week conversation history only.~~ ~~(Keycloak Limitation)~~	`agent-conversation-control`	view_history_active_customer : Agent with this scope have complete access to Conversation History only if agent interacted with customer in conversation view. view_history : Agent with this scope have complete access to Conversation History regardless of any active conversation with a customer in conversation view. view_history_interacted_customer : (Reserved for future)	`senior_agents:` view_history scope is linked to this group. Only Senior Agents can view history of any customer with or without any Active Conversation. agents: `view_history_active_customer` is linked to this group. Agents with this scope can only see the past conversations of customer once an active conversation with the same customer is going on.
10	Do Direct Transfer	Agent can transfer a chat to other agents/supervisors using this permission so that only the users having these permission should be able to transfer a conversation to supervisors or other agents.	`agent-conversation-control`	view_direct_transfer: Agent with this scope has permission to transfer chat directly (without consult) to other agents/suprevisors to save customer time. (covers both use-cases for queue-transfer and agent-transfer)	agents: `view_direct_transfer` scope is linked to this group.
11	Do Conference	Agent can add other agents/supervisors as a primary participant to active conversation. (Currently an agent can add only single agent/supervisor as a primary participant).	`agent-conversation-control`	view_conference: Agent with this scope has permission to add other agent/supervisor as primary participant in active conversation with customer.	agents: `view_conference` scope is linked to this group.
12	Start a new session / agent initiated messaging	All agents, senior agents, supervisors should be able to start a new channel session or a new conversation with a customer.	`agent-conversation-control`	view_initiate_chat: Agent with this scope has the permission to start a new conversation or a new channel session within a conversation, on available media channels.	All agents, senior agents, supervisors should be able to start a new channel session or a new conversation with a customer.
13	Add Wrap-up/ Notes	Agent can able to add wrap-up notes with this permission.	`agent-conversation-control`	view_wrap_up: Agent with this scope has permission to add wrap-up notes.	agents: `view_wrap_up` scope is linked to this group.
14	Leave Chat	Agent/Supervisor will be able to leave chat	`agent-conversation-control`	view_leave_chat: Agent with this scope has permission to leave chat.	agents: `view_leave_chat` scope is linked to this group.
15	State Change	User will be able to change and view agent and MRD states	`state-change`	manage_state_change	agents: `manage_state_change` scope is linked to this group.
16	Subscribed List	Agent/Supervisor will be able to mange subscribed list	`subscribed-list`	view: Agent with this scope has permission see and join available chat. manage: Supervisor with this scope has permission see, join, end chat.	agents: `view` scope is linked to this group. supervisor: manage scope is linked to this role. (Role based)
17	Supervisor Dashboard	Supervisor can view all dashboards (for now)	`supervisor`	view_all:
18	Recording Link	Agents/Supervisors can only see their own recording link in a Conversation. Agents/Supervisors can see all the recording links in a Conversation.	`recording-link`	view: Agent/Supervisor with this scope has permission to only see his own recording links in a conversation. view_all: Agent/Supervisor with this scope has permission to see all the recording links in a conversation.