Skip to content

Access Roles Technical Documentation

Overview

This document provides a comprehensive overview of all access roles available in the system, their permissions, and use cases. Each role is designed to provide specific levels of access to different system functionalities.

Role Structure

Each role contains the following main permission categories: - Reports: Access to various reporting functionalities - Provision: Device and profile provisioning capabilities - Status: Real-time status monitoring and call management - Config: System configuration access - Users: User management capabilities - SmartPbx: Smart PBX feature access - CallCenter: Contact center functionality access

Available Roles

1. Admin Total Access (admin)

Description: Full system access with all permissions enabled.

Permissions: - Reports: Full access to all reports - Provision: Full provisioning capabilities including phones and profiles - Status: Complete status monitoring and call management - Config: Full configuration access - Users: Complete user management capabilities - SmartPbx: Full Smart PBX access - CallCenter: Full contact center access with read permissions

Use Case: System administrators who need complete control over all system functionalities.

2. Admin View & Download Recordings (admin_view_and_download_recordings)

Description: Admin role with access to view and download call recordings only.

Permissions: - Reports: - Call Recording: Download enabled, Delete disabled - All other reports disabled - Provision: Disabled - Status: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled - CallCenter: Disabled

Use Case: Compliance officers or auditors who need access to call recordings for review purposes.

3. Admin View Recordings (admin_view_recordings)

Description: Admin role with access to view call recordings only (no download capability).

Permissions: - Reports: - Call Recording: Download disabled, Delete disabled - All other reports disabled - Provision: Disabled - Status: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled - CallCenter: Disabled

Use Case: Supervisors who need to review call recordings without the ability to download them.

4. Admin View Recordings and CallCenter Reports (admin_view_recordings_and_cc_reports)

Description: Admin role with access to view recordings and contact center reports.

Permissions: - Reports: - Call Recording: Download disabled, Delete disabled - All other reports disabled - Provision: Disabled - Status: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled - CallCenter: - Enabled with read access - Config and Status sections disabled - Reports enabled

Use Case: Contact center managers who need to review recordings and access call center reports.

5. Admin without Inbound Calls Report (admin_without_inbound_calls_report)

Description: Full admin access except for inbound calls reporting.

Permissions: - Reports: - Inbound Calls: Disabled - All other reports enabled - Provision: Full provisioning capabilities - Status: Complete status monitoring - Config: Full configuration access - Users: Complete user management - SmartPbx: Full access - CallCenter: Full access with read permissions

Use Case: Administrators who need full access but should not see inbound call reports for compliance reasons.

6. Admin Read Only (admin_read_only)

Description: Admin role with read-only access to most features.

Permissions: - Reports: - Call Recording: Download enabled, Delete disabled - CDRs: Delete disabled - Provision: Disabled - Status: - Enabled for monitoring - Active Calls: Hangup and Spy/Barge disabled - Config: Disabled - Users: - Enabled with read-only access - Create, Delete, Edit, Disable, Invite: All disabled - SmartPbx: Disabled - CallCenter: Disabled

Use Case: Support staff who need to view system information but should not make changes.

7. Admin Users Devices Reports Without Recordings (admin_users_devices_reports_without_recordings)

Description: Admin role focused on user management, device provisioning, and reports (excluding recordings).

Permissions: - Reports: - Users Activity: Enabled - DIDs Activity: Enabled - Callers Activity: Enabled - CDRs: Enabled (no recordings) - Call Recording: Disabled - Outbound/Inbound Calls: Enabled (no recordings) - All other reports disabled - Provision: - Phones: Full provisioning (Add, Edit, Remove) - Profiles: Disabled - Users: Full user management capabilities - Status: Disabled - Config: Disabled - SmartPbx: Disabled - CallCenter: Disabled

Use Case: HR managers or IT staff who need to manage users and devices but should not access call recordings.

8. Admin Inviter (admin_inviter)

Description: Admin role focused on user invitation and basic monitoring.

Permissions: - Reports: - Call Recording: Download enabled, Delete disabled - CDRs: Delete disabled - Provision: Disabled - Status: - Enabled for monitoring - Active Calls: Hangup and Spy/Barge disabled - Config: Disabled - Users: - Read access enabled - Invite access enabled - All other user operations disabled - SmartPbx: Disabled - CallCenter: Disabled

Use Case: Department managers who need to invite new users and monitor basic system status.

9. Activation Only (activation_only)

Description: Minimal role for user activation functionality only.

Permissions: - Reports: Disabled - Provision: Disabled - Status: Disabled - Config: Disabled - Users: - Read access enabled - Disable access enabled - All other operations disabled - SmartPbx: Disabled - CallCenter: Disabled

Use Case: Support staff who only need to activate/deactivate user accounts.

10. Admin Callcenter (admin_callcenter)

Description: Contact center focused role with basic monitoring capabilities.

Permissions: - CallCenter: - Enabled with read access - Status: - Enabled for monitoring - Active Calls: Spy/Barge enabled, Hangup disabled - Reports: Disabled - Provision: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled

Use Case: Contact center supervisors who need to monitor agent activity and calls.

11. Admin Callcenter Recordings Outbounds (admin_callcenter_recordings_outbounds)

Description: Contact center role with access to recordings and outbound call reports.

Permissions: - Reports: - Call Recording: Download enabled, Delete disabled - Outbound Calls: Enabled with recordings - All other reports disabled - CallCenter: - Enabled with read access - Status: - Enabled for monitoring - Active Calls: Spy/Barge enabled, Hangup disabled - Provision: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled

Use Case: Contact center managers who need to review outbound calls and recordings.

12. Admin Callcenter Recordings Outbounds Inbounds (admin_callcenter_recordings_outbounds_inbounds)

Description: Contact center role with access to recordings and both inbound/outbound call reports.

Permissions: - Reports: - Call Recording: Download enabled, Delete disabled - Outbound Calls: Enabled with recordings - Inbound Calls: Enabled with recordings - All other reports disabled - CallCenter: - Enabled with read access - Status: - Enabled for monitoring - Active Calls: Spy/Barge enabled, Hangup disabled - Provision: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled

Use Case: Contact center managers who need comprehensive call monitoring and recording access.

13. Admin Callcenter Recordings (admin_callcenter_recordings)

Description: Contact center role with access to recordings only.

Permissions: - Reports: - Call Recording: Download disabled, Delete disabled - All other reports disabled - CallCenter: - Enabled with read access - Status: - Enabled for monitoring - Active Calls: Spy/Barge enabled, Hangup disabled - Provision: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled

Use Case: Contact center supervisors who need to review recordings without download capability.

14. Admin Callcenter Reports (admin_callcenter_reports)

Description: Contact center role focused on reports and monitoring only.

Permissions: - CallCenter: - Enabled with read access - Status: - Enabled for monitoring - Active Calls: Spy/Barge enabled, Hangup disabled - Reports: Disabled - Provision: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled

Use Case: Contact center analysts who need to monitor agent activity and generate reports.

15. Admin Config Tenant Accounts Read Only (admin_config_tenant_accounts_read_only)

Description: Admin role with read-only access to tenant accounts configuration only.

Permissions: - Config: - Tenant Accounts: Read-only access - All other configuration sections disabled - Reports: Disabled - Provision: Disabled - Status: Disabled - Users: Disabled - SmartPbx: Disabled - CallCenter: Disabled

Use Case: Account managers who need to view tenant account information without modification rights.

16. Admin Activity Reports (admin_activity_reports)

Description: Admin role focused on activity reports and recordings access.

Permissions: - Reports: - Users Activity: Enabled - DIDs Activity: Enabled - Callers Activity: Enabled - Call Recording: Enabled (no delete/download) - All other reports disabled - Provision: Disabled - Status: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled - CallCenter: Disabled

Use Case: Business analysts who need to review activity reports and call recordings.

17. Admin Reports and CallCenter (admin_reports_and_callcenter)

Description: Admin role with comprehensive reporting and contact center access.

Permissions: - Reports: - Users Activity: Enabled - DIDs Activity: Enabled - Callers Activity: Enabled - CDRs: Enabled with recordings - Call Recording: Download enabled, Delete disabled - Outbound/Inbound Calls: Enabled with recordings - DND Activity: Enabled - All other reports disabled - CallCenter: - Enabled with read access - Config section disabled - Status and Reports enabled - Status: Enabled for monitoring - Provision: Disabled - Config: Disabled - Users: Disabled - SmartPbx: Disabled

Use Case: Contact center managers who need comprehensive reporting and contact center management capabilities.

Permission Categories Detailed

Reports Permissions

The reports section includes the following sub-permissions: - Users Activity: User activity monitoring - DIDs Activity: Direct Inward Dialing activity - Callers Activity: Caller activity tracking - CDRs: Call Detail Records with delete and recordings options - Call Recording: Recording access with download and delete options - Outbound Calls: Outbound call reports with recordings option - Inbound Calls: Inbound call reports with recordings option - Usage Charges: Usage-based charging reports - Users Charges: User-specific charging reports - Totals Charges Per Account: Account-level charging summaries - DND Activity: Do Not Disturb activity - Faxes Activity: Fax activity reports - Queue Calls: Queue call activity - Audit Logs: System audit logs - Meetings Activity: Meeting activity reports

Provision Permissions

  • Enabled: Overall provisioning access
  • Phones: Phone device management (Add, Edit, Remove)
  • Profiles: Profile management capabilities

Status Permissions

  • Enabled: Overall status monitoring access
  • Active Calls: Real-time call management (Hangup, Spy/Barge)

Config Permissions

  • Enabled: Overall configuration access
  • Tenant Accounts: Tenant account management
  • LDAP Server: LDAP server configuration
  • Directories: Directory management
  • Whitelabel: Whitelabel configuration
  • Tags: Tag management
  • Softphones: Softphone configuration
  • Security: Security settings
  • Trunks: Trunk configuration
  • Pins: PIN management
  • Caller ID: Caller ID configuration
  • Locations: Location management
  • Queues: Queue configuration
  • Faxboxes: Fax box configuration
  • Callflows: Call flow configuration
  • CDRs Storage: CDR storage configuration
  • Recordings Storage: Recording storage configuration
  • Phone Numbers: Phone number management
  • Numbers Provider: Number provider configuration
  • SMS Provider: SMS provider configuration
  • Number Manager: Number management
  • Call Recording: Call recording configuration
  • Ratedecks: Rate deck configuration
  • Service Plans: Service plan management
  • Payment Gateway: Payment gateway configuration
  • Webchat: Web chat configuration
  • Hubspot: HubSpot integration
  • Salesforce: Salesforce integration
  • Zoho: Zoho integration
  • Call Events: Call event configuration
  • Exportable Reports: Exportable reports configuration

Users Permissions

  • Enabled: Overall user management access
  • User: Specific user operations (Read, Create, Delete, Edit, Disable, Invite)

CallCenter Permissions

  • Enabled: Overall contact center access
  • Read: Read access to contact center data
  • Config: Configuration section access
  • Status: Status section access
  • Reports: Contact center reports access

Implementation Notes

  • All roles are stored in the fonouc_roles database
  • Roles are created during system initialization via the CreateRolesDocs function
  • Each role has a unique ID and descriptive name
  • Permissions are structured hierarchically for easy management
  • The system supports granular permission control for compliance and security requirements

Security Considerations

  • Roles should be assigned based on the principle of least privilege
  • Regular audits should be conducted to ensure appropriate role assignments
  • Sensitive operations (like recording deletion) are restricted to specific roles
  • Contact center operations require specific permissions to prevent unauthorized access
  • Configuration changes are restricted to prevent accidental system modifications