This document provides a comprehensive overview of all access roles available in the system, their permissions, and use cases. Each role is designed to provide specific levels of access to different system functionalities.
Each role contains the following main permission categories:
- Reports: Access to various reporting functionalities
- Provision: Device and profile provisioning capabilities
- Status: Real-time status monitoring and call management
- Config: System configuration access
- Users: User management capabilities
- SmartPbx: Smart PBX feature access
- CallCenter: Contact center functionality access
Description: Full system access with all permissions enabled.
Permissions:
- Reports: Full access to all reports
- Provision: Full provisioning capabilities including phones and profiles
- Status: Complete status monitoring and call management
- Config: Full configuration access
- Users: Complete user management capabilities
- SmartPbx: Full Smart PBX access
- CallCenter: Full contact center access with read permissions
Use Case: System administrators who need complete control over all system functionalities.
¶ 2. Admin View & Download Recordings (admin_view_and_download_recordings)
Description: Admin role with access to view and download call recordings only.
Permissions:
- Reports:
- Call Recording: Download enabled, Delete disabled
- All other reports disabled
- Provision: Disabled
- Status: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
- CallCenter: Disabled
Use Case: Compliance officers or auditors who need access to call recordings for review purposes.
Description: Admin role with access to view call recordings only (no download capability).
Permissions:
- Reports:
- Call Recording: Download disabled, Delete disabled
- All other reports disabled
- Provision: Disabled
- Status: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
- CallCenter: Disabled
Use Case: Supervisors who need to review call recordings without the ability to download them.
¶ 4. Admin View Recordings and CallCenter Reports (admin_view_recordings_and_cc_reports)
Description: Admin role with access to view recordings and contact center reports.
Permissions:
- Reports:
- Call Recording: Download disabled, Delete disabled
- All other reports disabled
- Provision: Disabled
- Status: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
- CallCenter:
- Enabled with read access
- Config and Status sections disabled
- Reports enabled
Use Case: Contact center managers who need to review recordings and access call center reports.
Description: Full admin access except for inbound calls reporting.
Permissions:
- Reports:
- Inbound Calls: Disabled
- All other reports enabled
- Provision: Full provisioning capabilities
- Status: Complete status monitoring
- Config: Full configuration access
- Users: Complete user management
- SmartPbx: Full access
- CallCenter: Full access with read permissions
Use Case: Administrators who need full access but should not see inbound call reports for compliance reasons.
Description: Admin role with read-only access to most features.
Permissions:
- Reports:
- Call Recording: Download enabled, Delete disabled
- CDRs: Delete disabled
- Provision: Disabled
- Status:
- Enabled for monitoring
- Active Calls: Hangup and Spy/Barge disabled
- Config: Disabled
- Users:
- Enabled with read-only access
- Create, Delete, Edit, Disable, Invite: All disabled
- SmartPbx: Disabled
- CallCenter: Disabled
Use Case: Support staff who need to view system information but should not make changes.
Description: Admin role focused on user management, device provisioning, and reports (excluding recordings).
Permissions:
- Reports:
- Users Activity: Enabled
- DIDs Activity: Enabled
- Callers Activity: Enabled
- CDRs: Enabled (no recordings)
- Call Recording: Disabled
- Outbound/Inbound Calls: Enabled (no recordings)
- All other reports disabled
- Provision:
- Phones: Full provisioning (Add, Edit, Remove)
- Profiles: Disabled
- Users: Full user management capabilities
- Status: Disabled
- Config: Disabled
- SmartPbx: Disabled
- CallCenter: Disabled
Use Case: HR managers or IT staff who need to manage users and devices but should not access call recordings.
Description: Admin role focused on user invitation and basic monitoring.
Permissions:
- Reports:
- Call Recording: Download enabled, Delete disabled
- CDRs: Delete disabled
- Provision: Disabled
- Status:
- Enabled for monitoring
- Active Calls: Hangup and Spy/Barge disabled
- Config: Disabled
- Users:
- Read access enabled
- Invite access enabled
- All other user operations disabled
- SmartPbx: Disabled
- CallCenter: Disabled
Use Case: Department managers who need to invite new users and monitor basic system status.
Description: Minimal role for user activation functionality only.
Permissions:
- Reports: Disabled
- Provision: Disabled
- Status: Disabled
- Config: Disabled
- Users:
- Read access enabled
- Disable access enabled
- All other operations disabled
- SmartPbx: Disabled
- CallCenter: Disabled
Use Case: Support staff who only need to activate/deactivate user accounts.
Description: Contact center focused role with basic monitoring capabilities.
Permissions:
- CallCenter:
- Status:
- Enabled for monitoring
- Active Calls: Spy/Barge enabled, Hangup disabled
- Reports: Disabled
- Provision: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
Use Case: Contact center supervisors who need to monitor agent activity and calls.
Description: Contact center role with access to recordings and outbound call reports.
Permissions:
- Reports:
- Call Recording: Download enabled, Delete disabled
- Outbound Calls: Enabled with recordings
- All other reports disabled
- CallCenter:
- Status:
- Enabled for monitoring
- Active Calls: Spy/Barge enabled, Hangup disabled
- Provision: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
Use Case: Contact center managers who need to review outbound calls and recordings.
Description: Contact center role with access to recordings and both inbound/outbound call reports.
Permissions:
- Reports:
- Call Recording: Download enabled, Delete disabled
- Outbound Calls: Enabled with recordings
- Inbound Calls: Enabled with recordings
- All other reports disabled
- CallCenter:
- Status:
- Enabled for monitoring
- Active Calls: Spy/Barge enabled, Hangup disabled
- Provision: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
Use Case: Contact center managers who need comprehensive call monitoring and recording access.
Description: Contact center role with access to recordings only.
Permissions:
- Reports:
- Call Recording: Download disabled, Delete disabled
- All other reports disabled
- CallCenter:
- Status:
- Enabled for monitoring
- Active Calls: Spy/Barge enabled, Hangup disabled
- Provision: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
Use Case: Contact center supervisors who need to review recordings without download capability.
Description: Contact center role focused on reports and monitoring only.
Permissions:
- CallCenter:
- Status:
- Enabled for monitoring
- Active Calls: Spy/Barge enabled, Hangup disabled
- Reports: Disabled
- Provision: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
Use Case: Contact center analysts who need to monitor agent activity and generate reports.
Description: Admin role with read-only access to tenant accounts configuration only.
Permissions:
- Config:
- Tenant Accounts: Read-only access
- All other configuration sections disabled
- Reports: Disabled
- Provision: Disabled
- Status: Disabled
- Users: Disabled
- SmartPbx: Disabled
- CallCenter: Disabled
Use Case: Account managers who need to view tenant account information without modification rights.
Description: Admin role focused on activity reports and recordings access.
Permissions:
- Reports:
- Users Activity: Enabled
- DIDs Activity: Enabled
- Callers Activity: Enabled
- Call Recording: Enabled (no delete/download)
- All other reports disabled
- Provision: Disabled
- Status: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
- CallCenter: Disabled
Use Case: Business analysts who need to review activity reports and call recordings.
¶ 17. Admin Reports and CallCenter (admin_reports_and_callcenter)
Description: Admin role with comprehensive reporting and contact center access.
Permissions:
- Reports:
- Users Activity: Enabled
- DIDs Activity: Enabled
- Callers Activity: Enabled
- CDRs: Enabled with recordings
- Call Recording: Download enabled, Delete disabled
- Outbound/Inbound Calls: Enabled with recordings
- DND Activity: Enabled
- All other reports disabled
- CallCenter:
- Enabled with read access
- Config section disabled
- Status and Reports enabled
- Status: Enabled for monitoring
- Provision: Disabled
- Config: Disabled
- Users: Disabled
- SmartPbx: Disabled
Use Case: Contact center managers who need comprehensive reporting and contact center management capabilities.
The reports section includes the following sub-permissions:
- Users Activity: User activity monitoring
- DIDs Activity: Direct Inward Dialing activity
- Callers Activity: Caller activity tracking
- CDRs: Call Detail Records with delete and recordings options
- Call Recording: Recording access with download and delete options
- Outbound Calls: Outbound call reports with recordings option
- Inbound Calls: Inbound call reports with recordings option
- Usage Charges: Usage-based charging reports
- Users Charges: User-specific charging reports
- Totals Charges Per Account: Account-level charging summaries
- DND Activity: Do Not Disturb activity
- Faxes Activity: Fax activity reports
- Queue Calls: Queue call activity
- Audit Logs: System audit logs
- Meetings Activity: Meeting activity reports
- Enabled: Overall provisioning access
- Phones: Phone device management (Add, Edit, Remove)
- Profiles: Profile management capabilities
- Enabled: Overall status monitoring access
- Active Calls: Real-time call management (Hangup, Spy/Barge)
- Enabled: Overall configuration access
- Tenant Accounts: Tenant account management
- LDAP Server: LDAP server configuration
- Directories: Directory management
- Whitelabel: Whitelabel configuration
- Tags: Tag management
- Softphones: Softphone configuration
- Security: Security settings
- Trunks: Trunk configuration
- Pins: PIN management
- Caller ID: Caller ID configuration
- Locations: Location management
- Queues: Queue configuration
- Faxboxes: Fax box configuration
- Callflows: Call flow configuration
- CDRs Storage: CDR storage configuration
- Recordings Storage: Recording storage configuration
- Phone Numbers: Phone number management
- Numbers Provider: Number provider configuration
- SMS Provider: SMS provider configuration
- Number Manager: Number management
- Call Recording: Call recording configuration
- Ratedecks: Rate deck configuration
- Service Plans: Service plan management
- Payment Gateway: Payment gateway configuration
- Webchat: Web chat configuration
- Hubspot: HubSpot integration
- Salesforce: Salesforce integration
- Zoho: Zoho integration
- Call Events: Call event configuration
- Exportable Reports: Exportable reports configuration
- Enabled: Overall user management access
- User: Specific user operations (Read, Create, Delete, Edit, Disable, Invite)
- Enabled: Overall contact center access
- Read: Read access to contact center data
- Config: Configuration section access
- Status: Status section access
- Reports: Contact center reports access
- All roles are stored in the
fonouc_roles database
- Roles are created during system initialization via the
CreateRolesDocs function
- Each role has a unique ID and descriptive name
- Permissions are structured hierarchically for easy management
- The system supports granular permission control for compliance and security requirements
- Roles should be assigned based on the principle of least privilege
- Regular audits should be conducted to ensure appropriate role assignments
- Sensitive operations (like recording deletion) are restricted to specific roles
- Contact center operations require specific permissions to prevent unauthorized access
- Configuration changes are restricted to prevent accidental system modifications