Access rights

1. Description

By default, there is one role — sysadmin, which has all rights and access.

The User is authorised to access this or that page when configured with the necessary permissions.

The procedure for passing the access checks:

  1. Availability of a license;

  2. Permission to access the application;

  3. Permission to access the section (for applications that have sections);

  4. Permission for actions in the application/section.

1.1. Availability of a license

Please get in touch with your Webitel representative to obtain a license.

1.2. App permission

The permission to access the application is defined on the Applications access tab of the role entry, which is on the Roles page from the Permissions category. How to set this resolution can be found here.

1.3. Permission to access the section 

Permission to access a section is defined in a modal window (opened through the editing tool of the application containing this section) on the Applications access tab for the role entry, which is on the Roles page from the Permissions category. How to set this resolution can be found here.

In cases where additional settings are enabled (switch(s) in the on position) on the Objects page (from the Permissions category), access can be granted through the Managed by operations tab or the Permissions tab of the particular entry to which you want to get permission.

Available only for entry from those sections to which access is granted!

1.4. Permission to action in an application/section

By default, all switches on the Objects page are in the off position.

When the Managed by operations and Managed by records switches for the relevant section are in the off position, Users with permission to access the application or section (see sections 1.2 and 1.3) are allowed the following actions: read, edit, create, and delete.

Otherwise, action permissions for the section can be configured on the following pages:

  1. Managed by operations;

  2. Managed by records;

  3. Role permissions;

  4. Permissions.

1.4.1. Managed by operations

On the Managed by operations tab, Users and Roles are selected. Permissions for actions such as Add, Select, Update, and Delete are configured for each of them. These settings apply when the Managed by operations switch for the relevant section on the Objects page is enabled (Fig. 5).

1.4.2. Managed by records

On the Managed by records tab of a section, default values can be configured. These values will be passed to the Permissions tab when new objects are created in the selected section, provided the Managed by records switch for the section on the Objects page is enabled.

If the Managed by records switch is enabled, the Managed by operations switch will also be enabled!

1.4.3. Role permissions

Role permissions is the tab for roles. Here, additional rights for the role can be configured, such as eavesdropping rights, viewing CDR phone numbers, data export grid, playback record file, and more, as well as global rights for viewing, editing, deleting, and creating. More information about these rights can be found here.

Global rights from the Role permissions page take priority over the rights configured on the Managed by operations tab! These rights include Select, Add, Delete, and Update. For instance, if the Role permissions page grants permission to edit, but editing is restricted on the Managed by operations tab, the User with that Role will still be able to edit.

1.4.4. Permissions

Permissions are used when the Managed by records switch is in the on position.

On the Permissions tab, action permissions for specific records are configured.

The Permissions tab is present in objects within the following sections:

  • Users;

  • Devices;

  • Buckets;

  • Call lists;

  • Calendars;

  • Agents;

  • Teams;

  • Resources;

  • Resource groups;

  • Queues.

If access to the section is granted, but there is no permission for actions on the specific record, the right to perform actions can be provided through the global rights Select, Add, Delete, and Update in the Role permissions tab for the User's Role (see Option 4).

The Permissions tab shows only the Roles and Users that you can view. If you do not have permission to view other Users, you will only see yourself and your Roles on the Permissions tab, if they are configured there.

2. Practical examples

A task:

Make settings under which the Test_User User will have access to view data about the Test_team Team.

Option 1

These conditions are met:

  • license CALL_CENTER;

  • the Test_User User is assigned the Super-admin Role (Fig. 1). The Super-admin Role has access to the Admin application (Fig. 2) and the Team section of this application (Fig. 3). Configured in the Applications access tab of the Super-admin entry;

Fig. 1. Assigning the Super-admin role

Fig. 2. Allowing the Super-admin role to access the Admin application

Fig. 3. Allowing the Super-admin role to access the Teams section of the Admin application

  • on the Objects page in the cc_team entry, the Managed by operations and Managed by records  switches are off. (Fig. 4).

Fig. 4. The Managed by operations and Managed by records  switches are off

With these settings, the user can read, create, edit, and delete on the Teams page.

Option 2

These conditions are met:

  • license CALL_CENTER;

  • the Test_User User is assigned the Super-admin Role (Fig. 1). The Super-admin Role has access to the Admin application (Fig. 2) and the Team section of this application (Fig. 3). Configured in the Applications access tab of the Super-admin entry; 

  • on the Objects page in the cc_team entry, the Managed by operations  switch is on (Fig.5).

Fig. 5. The Managed by operations  switch is on

  • in the Managed by operations  tab of the cc_team entry, which is on the Objects page,

  • there is permission for the Read action for the Test_User User (Fig. 6), or for the Super-admin Role.

Fig. 6. Action permission for Test_User User

With these settings, the user can only view information on the Teams page. Other action permissions can be configured by changing the settings from Forbidden to Allow or Allow with delegation.

Option 3

These conditions are met:

  • license CALL_CENTER;

  • the Test_User User is assigned the Super-admin Role (Fig. 1). The Super-admin Role has access to the Admin application (Fig. 2) and the Team section of this application (Fig. 3). Configured in the Applications access tab of the Super-admin entry; 

  • on the Objects page in the cc_team entry, the Managed by operations and Managed by records  switches are on (Fig. 7);

Fig. 7. The Managed by operations and Managed by records  switches are on

  • in the Managed by operations  tab of the cc_team entry, which is on the Objects page, there is permission to action for the Test_User User, or for the Super-admin Role (Fig. 6);

  • in the Permissions tab of the Test_team entry, that on the Teams page there is permission for the Read action for the Test_User User, or for the Super-admin Role (Fig. 8).

Fig. 8. Action permission for Super-admin role

With these settings, the user can only view information on the Teams page. Other action permissions can be configured by changing the settings from Forbidden to Allow or Allow with delegation.

Option 4

These conditions are met:

  • license CALL_CENTER;

  • the Test_User User is assigned the Super-admin Role (Fig. 1). The Super-admin Role has access to the Admin application (Fig. 2) and the Team section of this application (Fig. 3). Configured in the Applications access tab of the Super-admin entry, which is on the Roles page; 

  • in the Role permissions  tab of the Super-admin entry, on the Roles page, there is the Select permission (Fig. 9).

Fig. 9. The Select permission

With these settings, the user can view information on all permitted pages (see sections 1.2 and 1.3).