Permissions
Permissions enable users to view different data and content in Salted CX and perform actions. Salted CX has granular permissions that give individual users the level of access they need.
By default, a user logged to Salted CX using an Identity Provider has no permissions and cannot access any part of the application. To enable users to access Salted CX you have to explicitly add permissions in the identity provider.
Always give users the minimum level of access they need to do their job efficiently. We recommend identifying just a few combinations of permissions you will be giving your users so it is fairly consistent across your company. We have tried to put some common combinations of permissions into Permission Sets.
Scope
Scope defines to what metadata, content, and objects the permissions apply.
| Scope | Description |
|---|---|
| * | Users can perform the action on any entity within Salted CX. |
| ME | View only metadata and content related to my engagements. The meaning of this scope depends on the permission and context. |
Permissions List
Each permission has a scope. Supported scopes depend on the permission.
| Permission | Description | Scopes |
|---|---|---|
| account.manage | Change preferences for the entire account. | * |
| account.settings.ask | Change Ask settings for the entire account. | * |
| agent.view | Access to agent profile. | * |
| ask.engineering | Technical settings of asks enabling to adjust how AI model behaves. | * |
| ask.journey | Ask questions to AI in the customer journey on individual engagements, conversations and customer journey. | * |
| ask.sample | Ask questions to AI about larger set of engagements or reviews. | * |
| coaching.session.manage | Create and edit coaching sessions for agents. | * |
| content.salted.dashboards | View built-in Salted CX dashboards. | * |
| data.audio.agent | Play audio of the conversation in the customer journey | * — view metadata for all agentsME — view metadata only for engagements the user has handled |
| data.content.agent | View turn content in the customer journey. | * — view metadata for all agentsME — view metadata only for engagements the user has handled |
| data.metadata.agent | View metadata in dashboards and visualizations. | * — view metadata for all agentsME — view metadata only for engagements the user has handled |
| earlyAcccess.experiments | Access to experimental features. | * |
| form.manage | Create and modify forms. Enables to use existing questions in any of the forms. | * |
| protectedInformation.view | Reveal protected information in the customer journey. | * |
| question.manage | Create and modify questions. Enables to create and edit questions that can be used for building forms. | * |
| reporting.edit.metrics | Edit metrics. | * |
| reporting.edit.reports | Edit dashboards and visualization. | * |
| reporting.savedView.manage | Save current filtering criteria as personal saved views in dashboards. | * |
| reporting.view | View dashboards and visualizations. | * |
| review.agent.acknowledge | Acknowledge agent reviews. | * |
| review.agent.dispute | Dispute agent reviews. | * |
| review.auto.acknowledge | Acknowledge auto reviews. | * — acknowledge any auto reviewME — acknowledge only auto reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.auto.dispute | Dispute auto reviews. | * — dispute any auto reviewME — dispute only auto reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.auto.verify | Provide feedback to auto reviews. This permission enables them to mark the auto reviews as Correct, Incorrect and Unclear. This permission has strong influence of Auto Reviewer accuracy. Users should receive training before getting this permission. | * |
| review.autoreviewer.manage | Create, fine-tune and manage auto reviewers. Auto reviewers enable to find reviews automatically. | * |
| review.customer.acknowledge | Acknowledge customer reviews. | * — acknowledge any customer reviewME — acknowledge only customer reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.customer.dispute | Dispute customer reviews. | * — dispute any customer reviewME — dispute only customer reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.review | Review engagements and turns by answering questions, providing tags and answers to questions. | * — review any engagement or turnME — review only engagements that are associated with and turn (of any type) related to those engagements |
| review.reviewer.acknowledge | Acknowledge manual reviews. | * — acknowledge any manual review done by a reviewerME — acknowledge only manual reviews of engagements that are associated with and turn (of any type) related to those engagements |
| review.reviewer.dispute | Dispute manual reviews. | * — dispute any manual review done by a reviewerME — dispute only manual reviews of engagements that are associated with and turn (of any type) related to those engagements |
| saveSearch.shared.manage | Manage saved searches. Users can share their searches with the all users in their account. | * |
| user.settings.ask | Change Ask AI settings per user. | * |
Permission Sets
To simplify permission management we also provide permission sets that group multiple permissions under one common named item. By convention, the permission sets are in capital letters.
One user can have multiple permission sets and also have additional permissions that expand their permissions. Users can view and perform all actions listed in any permission set they have attached or in any individual permission.
| Role | Description |
|---|---|
| ALL | Access to every feature of Salted CX. Any new functionality added to our application is automatically available to this user. We do not recommend to assign this permission to anybody. It is intended primarily for the evaluation period before single sign-on is set up for the account. |
| AGENT | Permissions suitable for agents that give access to view reports filtered to their data and drill to the customer journey. |
| AGENT_ALL_CONTENT | Agents that are allowed to see all the data in the contact center. This can help agents to better understand complete customer journeys and see their performance compared to other agents. |
| ANALYST | Permissions suitable for analyst role - a dashboard creator that give access to create reports and edit metrics. |
| AUTO_QA_MANAGER | Permissions suitable for experienced users enabling full stack of analytical features including management of auto-reviewer models and ask AI. |
| REVIEWER | Permissions suitable for a person that performs manual quality assurance. |
| TEAM_LEADER | Permissions suitable for team leaders that give access to all reports and search and drill to the customer journey of all agents. |
| TEAM_LEADER_QA | Team leaders who also perform quality assurance. |
| VIEW_CONTENT | Permissions that enable to view all metadata and content. You can combine this permission set with other permissions set to widen the data available to the user but keeping the same set of actions the user can perform. |
| VIEW_METADATA | Permissions that enable to view all metadata. You can combine this permission set with other permissions set to widen the data available to the user but keeping the same set of actions the user can perform. |
| VIEW_PROTECTED | Permissions that enable to reveal protected (redacted) information in the customer journey. You can combine this permission set with other permissions set to widen the data available to the user but keeping the same set of actions the user can perform. |
Permissions sets are managed by Salted CX and we may add more permissions to give users access to features suitable for the given roles. If you need to be really strict with access to individual features of Salted CX do not use permission sets but always list individual permissions.
The following matrix contains what permissions are enabled for each permission set.
| Permission / Permission Set | ADMIN | AGENT | AGENT_ALL_CONTENT | ANALYST | AUTO_QA_MANAGER | REVIEWER | TEAM_LEADER | TEAM_LEADER_QA | VIEW_CONTENT | VIEW_METADATA | VIEW_PROTECTED |
|---|---|---|---|---|---|---|---|---|---|---|---|
| account.manage | * | ||||||||||
| agent.view | ME | ME | * | * | * | * | * | ME | * | * | |
| ask.journey | * | * | * | * | * | * | * | * | |||
| coaching.session.manage | * | * | |||||||||
| content.salted.dashboards | * | * | * | ||||||||
| data.audio.agent | ME | * | * | * | |||||||
| data.content.agent | ME | * | * | * | * | * | * | * | * | ||
| data.metadata.agent | ME | * | * | * | * | * | * | * | * | ||
| form.manage | * | * | * | ||||||||
| protectedInformation.view | * | ||||||||||
| question.manage | * | * | * | ||||||||
| reporting.edit.metrics | * | * | |||||||||
| reporting.edit.reports | * | * | |||||||||
| reporting.view | * | * | * | * | * | * | * | * | * | * | |
| review.agent.acknowledge | * | ||||||||||
| review.agent.dispute | * | ||||||||||
| review.auto.acknowledge | ME | ME | * | ||||||||
| review.auto.dispute | ME | ME | * | * | * | ||||||
| review.auto.verify | * | * | |||||||||
| review.autoreviewer.manage | * | ||||||||||
| review.customer.acknowledge | ME | ME | * | ||||||||
| review.customer.dispute | ME | ME | * | ||||||||
| review.review | ME | ME | * | * | * | * | |||||
| review.reviewer.acknowledge | ME | ME | * | ||||||||
| review.reviewer.dispute | ME | ME | * | * | |||||||
| saveSearch.shared.manage | * | * |
Permissions Definition
You define permissions for individual users in a JSON object that you edit in your Identity Provider. Each user that should have access to Salted CX has to have the permission definition in stored in their attribute.
The example permission definition below uses just one permission set without version. User with this permission will able to perform tasks that we consider suitable for agents including getting new features.
{
"sets": ["ALL"]
}
The example permission definition below uses combination of 1 role and individual permissions.
{
"sets": ["AGENT"],
"review.view": "*",
"review.edit": "*"
}
If the permission definition is not in a valid format the user has no access to Salted CX.
Issues include invalid JSON structure, unknown permission set name, unknown permission name, values are not of the expected type and unsupported scope for a permission.
The limit for permissions is 2048 characters (including spaces, new lines and other empty characters). For this reason Salted CX enables you to specify permissions in a short way using permissions sets.
If the length of the permissions exceeds the 2048 characters and thus the permissions are not in valid JSON format Salted CX ignores the permissions and the given user has no access to Salted CX.
Setting Permissions
Permissions are evaluated during login as they are passed to Salted CX from an identity provider. Users have to logout and login to have updated permissions.
User permissions are passed to Salted CX from identity providers in custom user attributes. Claim is a key-value pair associated with the user. Claims can be used to provide additional attributes that might be useful for applications such as Salted CX.
To give users access to Salted CX you need to provide value in cxsaltedpermissions in the JSON format that Salted CX expects. How the value is set depends on your identity provider.