Access control transactional objects


In Genesys Cloud, a transactional object is a transaction that interacts with or travels through the system. Transactional objects include voice, callback, chat, email, and message conversations; recordings; presence history; and audit data. 

Access control and transactional objects

Genesys Cloud applies divisions to transactional data to create access control around that data. Each transaction is associated with a division based on objects that the transaction touches during its existence; for example, queues, agents, or call flows. When a transaction connects with or passes through an object, it receives a tag for that object’s division. Transactional objects can associate with more than one division. 

Note: Depending on your set-up and how agents transfer interactions, or how transactional data travels through your system, you may not be able to segregate data completely. For example, a transactional object connects to two divisions as it travels through the system. If a supervisor has access to only one of those divisions, they can still see the transaction and all related information, including timeline and recordings.

Example of transactional object path

This example describes how the transactional data of a voice interaction travels through the system and connects to multiple divisions. This table describes existing objects, the divisions in which they belong, and the roles that have access to those objects.

Object Divisions Roles with access
Main Menu call flow Corporate Manager
Support East Queue Raleigh East Supervisors
Support West Queue San Francisco West Supervisors

Scenario

Call A routes through the Main Menu, which belongs to the Corporate division. Next the call transfers to the Support East queue, which belongs to the Raleigh division, and reaches an agent assigned to that queue. As a result, the voice interaction touches two divisions: Corporate and Raleigh.

Call B routes through the Main Menu, which belongs to the Corporate division. Next, the call transfers to the Support East queue, which belongs to the Raleigh division. However, the call does not reach an agent, and then transfers to the backup Support West queue, which belongs to the San Francisco division. In this case, the voice interaction touches three divisions: Corporate, Raleigh, and San Francisco.

Access result

Depending on role assignments, users have access to specific transactional objects. In our example:

  • Sam has the Manager role, and her Manager role includes the Corporate division.
  • Jesse has the Supervisor role, and his role includes the Raleigh division.
  • Diane has the Supervisor role, and her role includes to the San Francisco division.

Call A touched objects in the Corporate and Raleigh divisions. Call B touched objects in the Corporate, Raleigh, and San Francisco divisions. Therefore, only Sam (with the Manager role and the Corporate division) and Jesse (with the Supervisor role and the Raleigh division) can access Call A data. However, because of the roles and the divisions assigned to those roles, Sam, Jesse, and Diane can all access data for Call B. 

Division results based on transactional object

Transactional Object Division tags Access
Call A
  • Corporate
  • Raleigh
  • Sam
  • Jesse
Call B
  • Corporate
  • Raleigh
  • San Francisco
  • Sam
  • Jesse
  • Diane

Access based on user roles and assigned divisions

Role Division tags Transactional object
Supervisor
  • Raleigh
  • Call A

Supervisor

  • San Francisco
  • Call B

Manager

  • Corporate
  • Raleigh
  • San Francisco
  • Call A
  • Call B

Not only does Genesys Cloud control access to conversation details based on divisions and access control, it also maintains control over aggregate data. When presented with aggregate data and metrics, the system presents the numbers based on conversations associated with the division for which a user has access. If a supervisor has access to the skills, DNIS or wrap-up performance view, the data presented in these views is based on access control results. Therefore, each user sees the metrics based on the granted permissions and access.

Note: Multiple supervisors in a single organization can access to different divisions. Therefore, metrics shown under the skills, DNIS, and wrap-up performance views may show different data sets even at the aggregate level.