Authorized users and groups roles and permissions


Note: When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.

An administrator from the PureCloud organization in which the authorized users and groups work must assign the appropriate permissions to them. For example, in a customer-to-partner scenario, a customer must assign the appropriate permissions to the users and groups from the partner. Roles are predefined sets of permissions that streamline the process of assigning permissions.

Access control for authorized users and groups

Be aware of access control when you allow authorized groups or users the access to work in another organization. PureCloud automatically grants authorized groups or users access to all divisions assigned to the roles that the member receives by pairing with the organization. 

Permissions for authorized users and groups

This table lists all the permissions that are available for authorized users and groups. You can assign any permission to any user or groups.

This permission Allows these actions

Authorization > Orgtrustee > Add

Create a trust relationship and send the pairing request

Authorization > Orgtrustee > Delete

Delete authorized users

Authorization > Orgtrustee > View

View authorized users

AuthorizationOrgtrustee > Edit

Enable and disable authorized organizations, and add and remove authorized users in an authorized organization

AuthorizationOrgtrusteeuser > All Permissions

View, edit, and delete new authorized users

Authorization > Orgtrustor > View

View information about an authorized organization

Authorization > Role > View

View PureCloud roles

Note: This permission is required to grant roles to authorized users.

Minimum permissions

All external authorized users and groups require the following permissions.

This permission Allows these actions

Authorization > Orgtrustor > View

View information about an authorized organization

Authorization > Orgtrusteeuser > View

View authorized users

Trusted External User role

An administrator must assign the Trusted External User role or the minimum permissions to all authorized external users and groups who work in the organization.

Note: The Trusted External User role is available only for PureCloud organizations created on or after May 17, 2017. If your organization was created before May 17, 2017, create a custom role that has the minimum permissions necessary for authorized users. For more information, see Example of a custom role (Trusted External User).

Master Admin role

In the typical customer-to-partner scenario, it is common for customers to assign the Master Admin role to the authorized users from their partner. The Master Admin role contains all the permissions that an authorized user needs.

If you do not want to assign the Master Admin role to an authorized user or group from another organization, create custom roles that contain only the permissions you want to assign. 

Example of a custom role (Authorized User Admin)

Here is an example of a custom role that provides the minimum permissions that are necessary for an authorized user or group.

  1. Add a custom role called Authorized User Admin.

  2. Assign the following rights to the Authorized User Admin role.

This permission Allows these actions
Authorization > Orgtrustee > Add Create trust relationship and send the pairing request
Authorization > Orgtrustee > Delete Delete authorized users 

Authorization > Orgtrustee > View

View authorized users

Authorization > Orgtrustee > Edit

Enable and disable authorized organizations, add and remove authorized users in an authorized organization.

Authorization > Orgtrusteeuser > All Permissions

View, edit, and delete new authorized users

Authorization > Orgtrustor > View

View information about an authorized organization

Authorization > Role > View

View PureCloud roles

Note: A user who grants roles to authorized users needs this permission.

Example of a custom role (Trusted External User)

Here is an example of a custom role that provides the minimum permissions that are necessary for an authorized user or group. 

  1. Add a custom role called Trusted External User.

  2. Assign the following rights to the Trusted External User role.

This permission

Allows these actions

Authorization > Orgtrustor > View

View information about an authorized organization

Authorization > Orgtrusteeuser > View

View authorized users

Minimum permissions for partners

If you are a partner and you want to work with your clients, you must have the following permissions:

View your clients

To view your clients, you must have a role with these permissions:

  • affiliateOrganization > clients > View
  • externalOrganization > externalContacts > View
  • authorization > orgTrustee > View

Pair with your clients

To pair with your clients, you must have a role with these permissions:

  • Authorization > Orgtrustee > Add
  • AffiliateOrganization > Clients > Pair
  • AffiliateOrganization > Clients > View
  • ExternalOrganization > Externalcontacts > View