Genesys Cloud
Introducing enhanced access control with attribute-based policies

Announced on Effective date Aha! idea
2024-10-21 - Aha! link
In a future release, Genesys Cloud will allow administrators to create Attribute-Based Access Control (ABAC) policies that provide more granular control over user permissions and system access. This new feature will work alongside existing Role-Based Access Control (RBAC) and divisions, and use detailed attributes to define dynamic access conditions. 
Previously, access control relied solely on RBAC, which uses roles to grant permissions. With the introduction of ABAC, administrators can restrict permissions more precisely. For example, they can ensure that supervisors can assign agent and supervisor roles without granting the supervisors access to higher-level admin roles. This feature prevents unintended privilege escalation and addresses common security concerns, such as preventing users from modifying their own role assignments. Layering ABAC over existing role-based controls provides administrators the flexibility that they need to securely manage permissions in complex environments.
Initially, the feature will include a code editor UI to set up these policies. A more user-friendly visual editor is planned for a future release, which will make it easier to implement these policies without technical expertise. This change will help organizations tailor access controls to their business and security requirements by enabling such use cases as:
  • Preventing admins from granting themselves elevated permissions.
  • Allowing agents to view but not modify their own custom fields.
  • Restricting who can change group memberships without modifying group security settings.
For more information about the new UI options, see the UI Change: Attribute-Based Access Control (ABAC) community post.