Note: When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.

An administrator from the Genesys Cloud organization in which the authorized users and groups work must assign the appropriate permissions to them. For example, in a customer-to-partner scenario, a customer must assign the appropriate permissions to the users and groups from the partner. Roles are predefined sets of permissions that streamline the process of assigning permissions.

Access control for authorized users and groups

Be aware of access control when you allow authorized groups or users the access to work in another organization. Genesys Cloud automatically grants authorized groups or users access to all divisions assigned to the roles that the member receives by pairing with the organization. 

Permissions for authorized users and groups

This table lists all the permissions that are available for authorized users and groups. You can assign any permission to any user or groups.

This permission Allows these actions

Authorization > Orgtrustee > Add

Create a trust relationship and send the pairing request

Authorization > Orgtrustee > Delete

Delete authorized users
Authorization > Orgtrustee > View

View authorized users

AuthorizationOrgtrustee > Edit

Enable and disable authorized organizations, and add and remove authorized users in an authorized organization

AuthorizationOrgtrusteeuser > All Permissions

View, edit, and delete new authorized users

Authorization > Orgtrustor > View

View information about an authorized organization

Authorization > Role > View

View Genesys Cloud roles

Note: To grant roles to authorized users, you must have this permission.

Minimum permissions

All external authorized users and groups require the following permissions.

This permission Allows these actions

Authorization > Orgtrustor > View

View information about an authorized organization

Authorization > Orgtrusteeuser > View

View authorized users

Trusted External User role

An administrator must assign the Trusted External User role or the minimum permissions to all authorized external users and groups who work in the organization.

Note: The Trusted External User role is available only for Genesys Cloud organizations created on or after May 17, 2017. If your organization was created before May 17, 2017, create a custom role that has the minimum permissions necessary for authorized users. For more information, see Example of a custom role (Trusted External User).

Master Admin role

In the typical customer-to-partner scenario, it is common for customers to assign the Master Admin role to the authorized users from their partner. The default Master Admin role has all the permissions that are necessary for a user or group to administer your organization. When you seek assistance, Customer Care may require other permissions and roles.

Note: The permissions that a role contains are what enables a user to perform an action. Because you can modify existing roles, it is important to be sure that a role has the permission(s) required to perform a specified action.

If you do not want to assign the Master Admin role to an authorized user or group from another organization, create custom roles that contain only the permissions you want to assign. 

Example of a custom role (Authorized User Admin)

Here is an example of a custom role that provides the minimum permissions that are necessary for an authorized user or group.

  1. Add a custom role called Authorized User Admin.

  2. Assign the following rights to the Authorized User Admin role.

This permission Allows these actions
Authorization > Orgtrustee > Add Create trust relationship and send the pairing request
Authorization > Orgtrustee > Delete Delete authorized users 

Authorization > Orgtrustee > View

 View authorized users

Authorization > Orgtrustee > Edit

Enable and disable authorized organizations, add, and remove authorized users in an authorized organization.

Authorization > Orgtrusteeuser > All Permissions

 View, edit, and delete new authorized users

Authorization > Orgtrustor > View

 View information about an authorized organization

Authorization > Role > View

View Genesys Cloud roles

Note: A user who grants roles to authorized users needs this permission.

Example of a custom role (Trusted External User)

Here is an example of a custom role that provides the minimum permissions that are necessary for an authorized user or group. 

  1. Add a custom role called Trusted External User.

  2. Assign the following rights to the Trusted External User role.

This permission

 Allows these actions

Authorization > Orgtrustor > View

 View information about an authorized organization

Authorization > Orgtrusteeuser > View

 View authorized users

Minimum permissions for partners

If you are a partner and you want to work with your clients, you must have the following permissions:

View your clients

To view your clients, you must have a role with these permissions:

  • affiliateOrganization > clients > View
  • externalOrganization > externalContacts > View
  • authorization > orgTrustee > View

Pair with your clients

To pair with your clients, you must have a role with these permissions:

  • Authorization > Orgtrustee > Add
  • AffiliateOrganization > Clients > Pair
  • AffiliateOrganization > Clients > View
  • ExternalOrganization > Externalcontacts > View