Authorized users and groups roles and permissions

An administrator from the Genesys Cloud organization in which the authorized users and groups work must assign the appropriate permissions to them. For example, in a customer-to-partner scenario, a customer must assign the appropriate permissions to the users and groups from the partner. Roles are predefined sets of permissions that streamline the process of assigning permissions.

Note: When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.

Access control for authorized users and groups

Be aware of access control when you allow authorized groups or users the access to work in another organization. Genesys Cloud automatically grants authorized groups or users access to all divisions assigned to the roles that the member receives by pairing with the organization.

Permissions for authorized users and groups

This table lists all the permissions that are available for authorized users and groups. You can assign any permission to any user or groups.

Note: It can take up to five minutes for permission updates to make their way through Genesys Cloud and take effect.

This permission	Allows these actions
Authorization > Orgtrustee > Add	Create a trust relationship and send the pairing request
Authorization > Orgtrustee > Delete	Delete authorized users
Authorization > Orgtrustee > View	View authorized users
Authorization > Orgtrustee > Edit	Enable and disable authorized organizations, and add and remove authorized users in an authorized organization
Authorization > Orgtrusteeuser > All Permissions	View, edit, and delete new authorized users
Authorization > Orgtrustor > View	View information about an authorized organization
Authorization > Role > View	View Genesys Cloud roles Note: To grant roles to authorized users, you must have this permission.

Minimum permissions

All external authorized users and groups require the following permissions.

This permission	Allows these actions
Authorization > Orgtrustor > View	View information about an authorized organization
Authorization > Orgtrusteeuser > View	View authorized users

Trusted External User role

An administrator must assign the Trusted External User role or the minimum permissions to all authorized external users and groups who work in the organization.

Note: The Trusted External User role is available only for Genesys Cloud organizations created on or after May 17, 2017. If your organization was created before May 17, 2017, create a custom role that has the minimum permissions necessary for authorized users. For more information, see Example of a custom role (Trusted External User).

Master Admin role

In the typical customer-to-partner scenario, it is common for customers to assign the Master Admin role to the authorized users from their partner. The default Master Admin role has all the permissions that are necessary for a user or group to administer your organization. When you seek assistance, Customer Care may require other permissions and roles.

Note: The permissions that a role contains are what enables a user to perform an action. Because you can modify existing roles, it is important to be sure that a role has the permission(s) required to perform a specified action.

If you do not want to assign the Master Admin role to an authorized user or group from another organization, create custom roles that contain only the permissions you want to assign.

Example of a custom role (Authorized User Admin)

Here is an example of a custom role that provides the minimum permissions that are necessary for an authorized user or group.

Add a custom role called Authorized User Admin.
Assign the following rights to the Authorized User Admin role.

This permission	Allows these actions
Authorization > Orgtrustee > Add	Create trust relationship and send the pairing request
Authorization > Orgtrustee > Delete	Delete authorized users
Authorization > Orgtrustee > View	View authorized users
Authorization > Orgtrustee > Edit	Enable and disable authorized organizations, add, and remove authorized users in an authorized organization.
Authorization > Orgtrusteeuser > All Permissions	View, edit, and delete new authorized users
Authorization > Orgtrustor > View	View information about an authorized organization
Authorization > Role > View	View Genesys Cloud roles Note: A user who grants roles to authorized users needs this permission.

Example of a custom role (Trusted External User)

Here is an example of a custom role that provides the minimum permissions that are necessary for an authorized user or group.

Add a custom role called Trusted External User.
Assign the following rights to the Trusted External User role.

This permission	Allows these actions
Authorization > Orgtrustor > View	View information about an authorized organization
Authorization > Orgtrusteeuser > View	View authorized users

Minimum permissions for partners

If you are a partner and you want to work with your clients, you must have the following permissions:

View your clients

To view your clients, you must have a role with these permissions:

affiliateOrganization > clients > View
externalOrganization > externalContacts > View
authorization > orgTrustee > View

Pair with your clients

To pair with your clients, you must have a role with these permissions:

Authorization > Orgtrustee > Add
AffiliateOrganization > Clients > Pair
AffiliateOrganization > Clients > View
ExternalOrganization > Externalcontacts > View