Permissions | Salted CX Help and Documentation

Permissions enable users to view different data and content in Salted CX and perform actions. Salted CX has granular permissions that give individual users the level of access they need.

By default, a user logged to Salted CX using an Identity Provider has no permissions and cannot access any part of the application. To enable users to access Salted CX you have to explicitly add permissions in the identity provider.

Always give users the minimum level of access they need to do their job efficiently. We recommend identifying just a few combinations of permissions you will be giving your users so it is fairly consistent across your company. We have tried to put some common combinations of permissions into Permission Sets.

Scope

Scope defines to what metadata, content, and objects the permissions apply.

Scope	Description
*	Users can perform the action on any entity within Salted CX.
ME	View only metadata and content related to my engagements. The meaning of this scope depends on the permission and context.

Permissions List

Each permission has a scope. Supported scopes depend on the permission.

Permission	Description	Scopes
account.manage	Change preferences for the entire account.	`*`
account.settings.ask	Change Ask settings for the entire account.	`*`
agent.view	Access to agent profile.	`*`
ask.engineering	Technical settings of asks enabling to adjust how AI model behaves.	`*`
ask.journey	Ask questions to AI in the customer journey on individual engagements, conversations and customer journey.	`*`
ask.sample	Ask questions to AI about larger set of engagements or reviews.	`*`
coaching.session.manage	Create and edit coaching sessions for agents.	`*`
content.salted.dashboards	View built-in Salted CX dashboards.	`*`
data.audio.agent	Play audio of the conversation in the customer journey	`*` — view metadata for all agents `ME` — view metadata only for engagements the user has handled
data.content.agent	View turn content in the customer journey.	`*` — view metadata for all agents `ME` — view metadata only for engagements the user has handled
data.metadata.agent	View metadata in dashboards and visualizations.	`*` — view metadata for all agents `ME` — view metadata only for engagements the user has handled
earlyAcccess.experiments	Access to experimental features.	`*`
form.manage	Create and modify forms. Enables to use existing questions in any of the forms.	`*`
protectedInformation.view	Reveal protected information in the customer journey.	`*`
question.manage	Create and modify questions. Enables to create and edit questions that can be used for building forms.	`*`
reporting.edit.metrics	Edit metrics. This also enables user to view all dashboards in Salted, include private, for technical reasons.	`*`
reporting.edit.reports	Edit dashboards and visualization.	`*`
reporting.savedView.manage	Save current filtering criteria as personal saved views in dashboards.	`*`
reporting.view	View dashboards and visualizations.	`*`
review.agent.acknowledge	Acknowledge agent reviews.	`*`
review.agent.dispute	Dispute agent reviews.	`*`
review.auto.acknowledge	Acknowledge auto reviews.	`*` — acknowledge any auto review `ME` — acknowledge only auto reviews of engagements that are associated with and turn (of any type) related to those engagements
review.auto.dispute	Dispute auto reviews.	`*` — dispute any auto review `ME` — dispute only auto reviews of engagements that are associated with and turn (of any type) related to those engagements
review.auto.verify	Provide feedback to auto reviews. This permission enables them to mark the auto reviews as Correct, Incorrect and Unclear. This permission has strong influence of Auto Reviewer accuracy. Users should receive training before getting this permission.	`*`
review.autoreviewer.manage	Create, fine-tune and manage auto reviewers. Auto reviewers enable to find reviews automatically.	`*`
review.customer.acknowledge	Acknowledge customer reviews.	`*` — acknowledge any customer review `ME` — acknowledge only customer reviews of engagements that are associated with and turn (of any type) related to those engagements
review.customer.dispute	Dispute customer reviews.	`*` — dispute any customer review `ME` — dispute only customer reviews of engagements that are associated with and turn (of any type) related to those engagements
review.review	Review engagements and turns by answering questions, providing tags and answers to questions.	`*` — review any engagement or turn `ME` — review only engagements that are associated with and turn (of any type) related to those engagements
review.reviewer.acknowledge	Acknowledge manual reviews.	`*` — acknowledge any manual review done by a reviewer `ME` — acknowledge only manual reviews of engagements that are associated with and turn (of any type) related to those engagements
review.reviewer.dispute	Dispute manual reviews.	`*` — dispute any manual review done by a reviewer `ME` — dispute only manual reviews of engagements that are associated with and turn (of any type) related to those engagements
saveSearch.shared.manage	Manage saved searches. Users can share their searches with the all users in their account.	`*`
user.settings.ask	Change Ask AI settings per user.	`*`

Permission Sets

To simplify permission management we also provide permission sets that group multiple permissions under one common named item. By convention, the permission sets are in capital letters.

One user can have multiple permission sets and also have additional permissions that expand their permissions. Users can view and perform all actions listed in any permission set they have attached or in any individual permission.

Role	Description
ALL	Access to every feature of Salted CX. Any new functionality added to our application is automatically available to this user. We do not recommend to assign this permission to anybody. It is intended primarily for the evaluation period before single sign-on is set up for the account.
AGENT	Permissions suitable for agents that give access to view reports filtered to their data and drill to the customer journey.
AGENT_ALL_CONTENT	Agents that are allowed to see all the data in the contact center. This can help agents to better understand complete customer journeys and see their performance compared to other agents.
ANALYST	Permissions suitable for analyst role - a dashboard creator that give access to create reports and edit metrics.
AUTO_QA_MANAGER	Permissions suitable for experienced users enabling full stack of analytical features including management of auto-reviewer models and ask AI.
REVIEWER	Permissions suitable for a person that performs manual quality assurance.
TEAM_LEADER	Permissions suitable for team leaders that give access to all reports and search and drill to the customer journey of all agents.
TEAM_LEADER_QA	Team leaders who also perform quality assurance.
VIEW_CONTENT	Permissions that enable to view all metadata and content. You can combine this permission set with other permissions set to widen the data available to the user but keeping the same set of actions the user can perform.
VIEW_METADATA	Permissions that enable to view all metadata. You can combine this permission set with other permissions set to widen the data available to the user but keeping the same set of actions the user can perform.
VIEW_PROTECTED	Permissions that enable to reveal protected (redacted) information in the customer journey. You can combine this permission set with other permissions set to widen the data available to the user but keeping the same set of actions the user can perform.

Permissions sets are managed by Salted CX and we may add more permissions to give users access to features suitable for the given roles. If you need to be really strict with access to individual features of Salted CX do not use permission sets but always list individual permissions.

The following matrix contains what permissions are enabled for each permission set.

Permission / Permission Set	ADMIN	AGENT	AGENT_ALL_CONTENT	ANALYST	AUTO_QA_MANAGER	REVIEWER	TEAM_LEADER	TEAM_LEADER_QA	VIEW_CONTENT	VIEW_METADATA	VIEW_PROTECTED
account.manage	`*`
agent.view		`ME`	`ME`	`*`	`*`	`*`	`*`	`*`	`ME`	`*`	`*`
ask.journey			`*`	`*`	`*`	`*`	`*`	`*`	`*`		`*`
coaching.session.manage							`*`	`*`
content.salted.dashboards					`*`	`*`		`*`
data.audio.agent		`ME`	`*`	`*`					`*`
data.content.agent		`ME`	`*`	`*`	`*`	`*`	`*`	`*`	`*`		`*`
data.metadata.agent		`ME`	`*`	`*`	`*`	`*`	`*`	`*`	`*`		`*`
form.manage					`*`	`*`		`*`
protectedInformation.view											`*`
question.manage					`*`	`*`		`*`
reporting.edit.metrics				`*`	`*`
reporting.edit.reports				`*`	`*`
reporting.view		`*`	`*`	`*`	`*`	`*`	`*`	`*`	`*`	`*`	`*`
review.agent.acknowledge							`*`
review.agent.dispute							`*`
review.auto.acknowledge		`ME`	`ME`				`*`
review.auto.dispute		`ME`	`ME`			`*`	`*`	`*`
review.auto.verify					`*`			`*`
review.autoreviewer.manage					`*`
review.customer.acknowledge		`ME`	`ME`				`*`
review.customer.dispute		`ME`	`ME`				`*`
review.review		`ME`	`ME`		`*`	`*`	`*`	`*`
review.reviewer.acknowledge		`ME`	`ME`				`*`
review.reviewer.dispute		`ME`	`ME`				`*`	`*`
saveSearch.shared.manage							`*`	`*`

Permissions Definition

You define permissions for individual users in a JSON object that you edit in your Identity Provider. Each user that should have access to Salted CX has to have the permission definition in stored in their attribute.

The example permission definition below uses just one permission set without version. User with this permission will able to perform tasks that we consider suitable for agents including getting new features.

{
	"sets": ["ALL"]
}

The example permission definition below uses combination of 2 roles and individual permissions. This enables to empower Team Leaders with all AI features available and also gives them permission to review engagements.

{
	"sets": ["TEAM_LEADER", "AI"],
	"review.view": "*",
	"review.edit": "*"
}

If the permission definition is not in a valid format the user has no access to Salted CX. Issues include invalid JSON structure, unknown permission set name, unknown permission name, values are not of the expected type and unsupported scope for a permission.

The limit for permissions is 2048 characters (including spaces, new lines and other empty characters). For this reason Salted CX enables you to specify permissions in a short way using permissions sets. If the length of the permissions exceeds the 2048 characters and thus the permissions are not in valid JSON format Salted CX ignores the permissions and the given user has no access to Salted CX.

Setting Permissions

Permissions are evaluated during login as they are passed to Salted CX from an identity provider. Users have to logout and login to have updated permissions.

User permissions are passed to Salted CX from identity providers in custom user attributes. Claim is a key-value pair associated with the user. Claims can be used to provide additional attributes that might be useful for applications such as Salted CX.

To give users access to Salted CX you need to provide value in cxsaltedpermissions in the JSON format that Salted CX expects. How the value is set depends on your identity provider.