Permissions enable users to view different data and content in Salted CX and perform actions. Salted CX has granular permissions that give individual users the level of access they need.
By default, a user logged to Salted CX using an Identity Provider has no permissions and cannot access any part of the application. To enable users to access Salted CX you have to explicitly add permissions in the identity provider.
Always give users the minimum level of access they need to do their job efficiently. We recommend identifying just a few combinations of permissions you will be giving your users so it is fairly consistent across your company. We have tried to put some common combinations of permissions into Permission Sets.
Scope
Scope defines to what metadata, content, and objects the permissions apply.
| Scope | Description |
|---|---|
| * | Users can perform the action on any entity within Salted CX. |
| ME | View only metadata and content related to my engagements. The meaning of this scope depends on the permission and context. |
Permissions List
Each permission has a scope. Supported scopes depend on the permission.
| Permission | Description | Scopes |
|---|---|---|
| account.manage | Enables to change preferences for the entire account. | * |
| agent.view | Access to agent profile. | * |
| ask.journey | Ask questions for AI in customer journey on individual engagements, conversations and customer journey. | * |
| coaching.session.manage | Create and edit coaching sessions for agents. | * |
| content.salted.dashboards | View built-in Salted CX dashboards. | * |
| data.content.agent | View turn content in the customer journey. | * — view metadata for all agentsME — view metadata only for engagements the user has handled |
| data.metadata.agent | View metadata in reports related to the | * — view metadata for all agentsME — view metadata only for engagements the user has handled |
| earlyAcccess.experiments | Access to experimental features. | * |
| form.manage | Create and modify forms. Enables to use existing questions in any of the forms. | * |
| question.manage | Create and modify questions. Enables to create and edit questions that can be used for building forms. | * |
| reporting.edit.metrics | Edit metrics. | * |
| reporting.edit.reports | Edit dashboards and visualization. | * |
| reporting.view | View dashboards and visualizations. | * |
| review.agent.acknowledge | Acknowledge agent reviews. | * |
| review.agent.dispute | Dispute agent reviews. | * |
| review.auto.acknowledge | Acknowledge auto reviews. | * — acknowledge any auto reviewME — acknowledge only auto reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.auto.dispute | Dispute auto reviews. | * — dispute any auto reviewME — dispute only auto reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.auto.verify | Provide feedback to auto reviews. This permission enables them to mark the auto reviews as Correct, Incorrect and Unclear. This permission has strong influence of Auto Reviewer accuracy. Users should receive training before getting this permission. | * |
| review.autoreviewer.manage | Create, fine-tune and manage auto reviewers. Auto reviewers enable to find reviews automatically. | * |
| review.customer.acknowledge | Acknowledge customer reviews. | * — acknowledge any customer reviewME — acknowledge only customer reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.customer.dispute | Dispute customer reviews. | * — dispute any customer reviewME — dispute only customer reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.review | Review engagements and turns by answering questions, providing tags and answers to questions. | * — review any engagement or turnME — review only engagements that are associated with and turn (of any type) related to those engagements |
| review.reviewer.acknowledge | Acknowledge manual reviews. | * — acknowledge any manual review done by a reviewerME — acknowledge only manual reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.reviewer.dispute | Dispute manual reviews. | * — dispute any manual review done by a reviewerME — dispute only manual reviews of engagements that are associated with and turn (of any type) related to those engagements |
Permission Sets
To simplify permission management we also provide permission sets that group multiple permissions under one common named item. By convention, the permission sets are in capital letters.
One user can have multiple permission sets and also have additional permissions that expand their permissions. Users can view and perform all actions listed in any permission set they have attached or in any individual permission.
| Role | Permissions | Description |
|---|---|---|
| ALL | All permissions | Access to every feature of Salted CX. Any new functionality added to our application is automatically available to this user. We do not recommend to assign this permission to anybody. It is intended primarily for the evaluation period before single sign-on is set up for the account. |
| AGENT | "agent.view" : “*”<br/>"data.content.agent": “ME”<br/>"data.metadata.agent": “ME”<br/>"reporting.view": “*”<br/>"review.auto.aknowledge": “ME”<br/>"review.auto.dispute": “ME”<br/>"review.customer.acknowledge": “ME”<br/>"review.customer.dispute": “ME”<br/>"review.review" : “ME”<br/>"review.reviewer.akcnowledge" : “ME”<br/>"review.reviewer.dispute" : "ME" | The set of permissions suitable for agents that give access to view reports filtered to their data and drill to the customer journey. |
Permissions sets are managed by Salted CX and we may add more permissions to give users access to features suitable for the given roles. If you need to be really strict with access to individual features of Salted CX do not use permission sets but always list individual permissions.
Permissions Definition
You define permissions for individual users in a JSON object that you edit in your Identity Provider. Each user that should have access to Salted CX has to have the permission definition in stored in their attribute.
The example permission definition below uses just one permission set without version. User with this permission will able to perform tasks that we consider suitable for agents including getting new features.
{
"sets": ["ALL"]
}
The example permission definition below uses combination of 1 role and individual permissions.
{
"sets": ["AGENT"],
"review.view": "*",
"review.edit": "*"
}
If the permission definition is not in a valid format the user has no access to Salted CX.
Issues include invalid JSON structure, unknown permission set name, unknown permission name, values are not of the expected type and unsupported scope for a permission.
The limit for permissions is 2048 characters (including spaces, new lines and other empty characters). For this reason Salted CX enables you to specify permissions in a short way using permissions sets.
If the length of the permissions exceeds the 2048 characters and thus the permissions are not in valid JSON format Salted CX ignores the permissions and the given user has no access to Salted CX.
Setting Permissions
Permissions are evaluated during login as they are passed to Salted CX from an identity provider. Users have to logout and login to have updated permissions.
User permissions are passed to Salted CX from identity providers in custom user attributes. Claim is a key-value pair associated with the user. Claims can be used to provide additional attributes that might be useful for applications such as Salted CX.
To give users access to Salted CX you need to provide value in cxsaltedpermissions in the JSON format that Salted CX expects. How the value is set depends on your identity provider.
If you use another Identity Provider, you can check general [Problem Internal Link].