Access control transactional objects

In Genesys Cloud, a transactional object is a transaction that interacts with or travels through the system. Transactional objects include voice, callback, chat, email, and message conversations; recordings; presence history; and audit data. 

Genesys Cloud applies divisions to transactional data to create access control around that data. Each transaction is associated with a division based on objects that the transaction touches during its existence; for example, queues, agents, or call flows. When a transaction connects with or passes through an object, it receives a tag for that object’s division. Transactional objects can associate with more than one division. 

Segregation of aggregate data depends on your set-up and how agents transfer interactions, or how transactional data travels through your system. For example, a transactional object connects to two divisions as it travels through the system. If a supervisor has access to only one of those divisions, they can still see the transaction and all related information, including timeline and recordings.

Access control and call recording segments

Genesys Cloud performs “trunk-side” call recording and creates a single call recording that encompasses what the customer hears during an interaction. This recording includes the transfer path from one agent to another agent or queue, either of which can be associated with another division. In this scenario, a supervisor of either division that has access to the call recording can listen to the end-to-end recording. This access includes the conversation between the first agent and the customer and also the second agent with the customer.

To prevent supervisors or agents from other divisions access to end-to-end recording, implement access control at the recording segment level instead. You can constrain agents and supervisors so that they only hear the segments of the recording that are relevant to them. For more information, see Work with an interaction with recording segment access control.

Access control and aggregate data

In addition to conversation details based on divisions and access control, Genesys Cloud also maintains control over aggregate data. When the system receives aggregate data and metrics, it presents numbers based on conversations associated with the division for which a user has access. If a supervisor can access the skills, DNIS, or wrap-up performance view, the data that appears in those views is based on access control results. Therefore, each user sees the metrics based on the granted permissions and access.

Note: Multiple supervisors in a single organization can access different divisions. Therefore, metrics shown under the skills, DNIS, and wrap-up performance views can display different datasets even at the aggregate level.

Transactional object scenarios 

The examples that follow demonstrate the concepts of transactional objects and call recording segments based on access control.

Voice transactional objects

This example describes how the transactional data of a voice interaction travels through the system and connects to multiple divisions. This table describes existing objects, the divisions in which they belong, and the roles that have access to those objects.

Object Divisions Roles with access
Main Menu call flow Corporate Manager
Support East Queue Raleigh Supervisor
Support West Queue San Francisco Supervisor

This table illustrates the users and the divisions and roles that have been granted to them:

User Divisions Roles granted
Sam Corporate Manager
Jesse Raleigh Supervisor
Diane San Francisco Supervisor

Scenario 1

Call A routes through the Main Menu, which belongs to the Corporate division. Next the call transfers to the Support East queue, which belongs to the Raleigh division, and reaches an agent assigned to that queue. As a result, the voice interaction touches two divisions: Corporate and Raleigh.

Scenario 2

Call B routes through the Main Menu, which belongs to the Corporate division. Next, the call transfers to the Support East queue, which belongs to the Raleigh division. However, the call does not reach an agent, and then transfers to the backup Support West queue, which belongs to the San Francisco division. In this case, the voice interaction touches three divisions: Corporate, Raleigh, and San Francisco.

Access results

Call A touched objects in the Corporate and Raleigh divisions. Call B touched objects in the Corporate, Raleigh, and San Francisco divisions. Therefore, only Sam (with the Manager role and the Corporate division) and Jesse (with the Supervisor role and the Raleigh division) can access Call A data. However, because of the roles and the divisions assigned to those roles, Sam, Jesse, and Diane can all access data for Call B. 

Division results based on transactional object

Transactional Object Division tags Access
Call A
  • Corporate
  • Raleigh
  • Sam
  • Jesse
Call B
  • Corporate
  • Raleigh
  • San Francisco
  • Sam
  • Jesse
  • Diane

Access based on user roles and assigned divisions

Role Division tags Transactional object
Supervisor
  • Raleigh
  • Call A

Supervisor
  • San Francisco
  • Call B

Manager
  • Corporate
  • Raleigh
  • San Francisco
  • Call A
  • Call B

Not only does Genesys Cloud control access to conversation details based on divisions and access control, it also maintains control over aggregate data. When presented with aggregate data and metrics, the system presents the numbers based on conversations associated with the division for which a user has access. If a supervisor has access to the skills, DNIS or wrap-up performance view, the data presented in these views is based on access control results. Therefore, each user sees the metrics based on the granted permissions and access.

Note: Multiple supervisors in a single organization can access to different divisions. Therefore, metrics shown under the skills, DNIS, and wrap-up performance views may show different datasets even at the aggregate level.

Voice transactional objects and recording segments

For recording segments, we expand on the example in the previous section and introduce Rachel as an agent in Raleigh, and Saurabh as an agent in San Francisco. This table describes the users, the divisions in which they belong, their assigned roles, and the permissions and permission conditions assigned to the role.

User Division Role Permission included in role Permission conditions
Rachel Raleigh 

User role confined to the Raleigh division

Recording > RecordingSegment > View
  • Condition Type = User
  • Operator = Equals
  • Value = Current User
Jesse Raleigh

Supervisor role confined to the Raleigh division

Recording > RecordingSegment > View
  • None
Saurabh San Francisco  User role confined to the San Francisco division Recording > RecordingSegment > View
  • Condition Type = User
  • Operator = Equals
  • Value = Current User
Diane San Francisco Supervisor role confined to the San Francisco division Recording > RecordingSegment > View
  • None
Sam Corporate Manager role not confined to a single division Recording > Recording > View
  • None

In this permission setup:

  • Rachel and Saurabh can only listen to the segments of a recording in which they participate. They cannot listen to other segments of the interaction.
  • Jesse and Diane can only listen to the segments in which a transactional object within their division participates; for example, a queue, flow, or agent.
  • Sam can listen to all recordings and does not have segment constraints in any division.
Note: Notice that Sam is the only user with a role that includes the permission Recording > Recording > View for the call media type. Because the remaining users have roles that do not include the Recording > Recording > View permission, they cannot access or listen to the complete recordings.

A customer calls the organization and navigates the IVR prompts in the main menu call flow that is associated with the Corporate division. The call enters the Support East Queue in Raleigh division. Rachel picks up the call and after working with the caller, Rachel ends the call and completes after-call work. Let’s break down the interaction into segments.

Interaction segment Process
Segment 1 The caller navigates the auto-attendant menu in the Corporate division. Trunk side recording begins at the start of this segment.
Segment 2  The caller enters the Support East queue in the Raleigh division and is placed on hold.
Segment 3 Rachel picks up the call and interacts with the caller. Trunk side recording stops at the end of this segment.
Segment 4 Rachel ends the call and performs any after-call work.

Access result

Click the image to enlarge.

Access control recording transactional object scenario 1

Persona Access Details
Agent Rachel

Call recording
segment 3
  • Rachel can listen to the segment of the interaction in which she participates. In this case, the time spent on the phone with the caller.
  • If screen recording is enabled, Rachel can view her screen recording, which begins when she picks up the call.
Supervisor Jesse

Call recording
segments 2 and 3
  • Because Supervisor Jesse and Agent Rachel belong to the Raleigh division, Jesse can listen to Rachel’s segments and hold music.
  • If screen recording is enabled for Rachel, Jesse can view Rachel’s screen recording.
Agent Saurabh

None
  • Saurabh does not have access to this interaction.
Supervisor Diane

None
  • Diane does not have access to this interaction.
Manager Sam

All segments of the recording
  • Sam can listen to the end-to-end recording.

A customer calls the organization and navigates the IVR prompts in the main menu call flow that is associated with the Corporate division. The call enters the Support East Queue in the Raleigh division. Rachel picks up the call and after briefly interacting with the caller, Rachel starts a blind transfer to send the call to Support West Queue in San Francisco division. She then completes her after-call work. Agent Saurabh picks up the call from the queue, interacts with the customer, and then ends the call and completes his after call work. Let’s break down the interaction into segments.

Interaction segment Process
Segment 1 The caller navigates the auto-attendant menu in the Corporate division. Trunk side recording begins at the start of this segment.
Segment 2  The caller enters the Support East queue in the Raleigh division and is placed on hold.
Segment 3 Rachel picks up the call, interacts with the caller, and then starts the blind transfer to the Support West queue.
Segment 4 The caller is placed on hold. Rachel completes any after-call work.
Segment 5 Saurabh picks up the blind transfer and interacts with the caller. Trunk side recording stops at the end of this segment.
Segment 6 Saurabh ends the call and completes any after call work.

Access result

Click the image to enlarge.

Access control recording transactional object scenario 2

Persona Access Details
Agent Rachel

Call recording
segment 3
  • Rachel can listen to the segment of the interaction in which she participates. In this case, the time spent on the phone with the caller.
  • If screen recording is enabled, Rachel can view her screen recording, which begins when she picks up the call.
Supervisor Jesse

Call recording
segments 2 and 3
  • Supervisor Jesse can listen to Rachel’s segments, and hold music, since they are from Raleigh division.
  • If screen recording is enabled for Rachel, Jesse can view Rachel’s screen recording.  But not Saurabh’s.
  • Supervisor Jesse cannot access any segments in which Saurabh participates.
Agent Saurabh

Call recording segment 5
  • Saurabh can listen to the segments of the interaction in which he participates. In this case, the time spent on the phone with the caller.
  • If screen recording is enabled, Saurabh can view his screen recording.
  • Saurabh cannot access any segments in which Rachel participates.
Supervisor Diane

Call recording 
segments 4 and 5
  • Because Saurabh’s segments and blind-transfer hold music are associated with the San Francisco division, Supervisor Diane can access and listen to them.
  • If screen recording is enabled for Saurabh, Diane can view Saurabh’s screen recording.
  • Diane cannot view Rachel’s screen recording or any segments in which Rachel participates.
Manager Sam

All segments of the recording
  • Sam can listen to the end-to-end recording.

A customer calls the organization and navigates the IVR prompts in the main menu call flow that is associated with the Corporate division. The call enters the Support East queue in Raleigh division. Rachel picks up the call and briefly interacts with the caller. Rachel then initiates a consult transfer to Saurabh, which places the caller on hold. Saurabh answers the consult transfer and speaks to Rachel. Rachel releases the call to Saurabh and then completes any after call work. Saurabh interacts with the customer, and then ends the call and completes any after call work. 

Note: The consult transfer scenario creates two recordings:
  • Recording 1: The trunk-side recording that includes the audio content from caller’s perspective.  For example, when Rachel initiates the consult transfer, the caller hears hold music.
  • Recording 2: The audio content from Rachel’s perspective during consult transfer, which ends when Rachel releases the caller.

Let’s break down the interaction into segments.

Interaction segment Process
Segment 1 The caller navigates the auto-attendant menu in the Corporate division. Trunk side recording begins at the start of this segment.
Segment 2  The caller enters the Support East queue in Raleigh division and is placed on hold..
Segment 3 Rachel picks up the call and interacts with the caller.
Segment 4 Rachel initiates the consult transfer to Saurabh.
Segment 5 Saurabh picks up the consult transfer and speaks to Rachel. While they interact, the caller remains on hold. Saurabh and Rachel are participants in this segment.
Segment 6 Rachel speaks to the caller and then releases the call to the consult transfer.
Segment 7

Rachel completes the transfer, releasing herself from the call. Rachel completes any after call work. Saurabh interacts with the caller. Trunk side recording stops at the end of this segment.
Segment 8 Saurabh ends the call and completes any after call work.

Access result

Click the image to enlarge.

Access control recording transactional object scenario 3

Persona Access Details
Agent Rachel

Call recording
segments 3, 4, 5, and 6
  • Rachel can listen to the segments of the interaction in which she participates, including the time spent on the phone with the caller.
  • Rachel can access the consult transfer recording with Saurabh.
  • If screen recording is enabled, Rachel can view her screen recording, which begins when she picks up the call.
  • Rachel cannot access any segment of the interaction after she completes the transfer to Saurabh.
Supervisor Jesse

Call recording
segments 2, 3, 4, 5, 6
  • Supervisor Jesse can access Rachel’s segments, Rachel’s segments that include Saurabh, and both segments of hold music.
  • Jesse can also access the consult transfer recording between Rachel and Saurabh.
  • If screen recording is enabled for Rachel, Jesse can view Rachel’s screen recording.
  • Supervisor Jesse cannot access any segments in which Saurabh participates and Rachel does not.
Agent Saurabh

Call recording
segments 5, 6, and 7
  • Saurabh can listen to the segments of the interaction in which he participates, including the time spent on the phone with the caller.
  • Saurabh can also access the consult transfer recording with Rachel.
  • If screen recording is enabled, Saurabh can view his screen recording, which begins when he picks up the call.
  • Saurabh cannot access any segment of the interaction prior to receiving the transfer from Rachel, including Rachel’s conversation, and screen recording.
Manager Sam

All segments of the call recording
  • Sam can listen to the end-to-end recording.