Partition-Based Access Control

From Genesys Documentation
Jump to: navigation, search
This topic is part of the manual Designer User's Guide for version Current of Designer.

PBAC enables Designer Administrators to control which resources users have access to.

Related documentation:

Overview

Use the settings on the Partitions page (under the Admin Resources tab) to manage partitions, resources, and users. To view this page, you must be assigned to the Designer Administrator role in Designer. For more information about roles in Designer, see Permissions and Access.

As a Designer Administrator, you can control the resources that users have access to through Partition-Based Access Control (PBAC). With PBAC, you can create a partition and assign certain resources to it. In Designer, "resources" are the various objects used during interaction sessions, such as Applications, Shared Modules, Business Hours, Special Days, Emergency Flags, Data Tables, Speech Grammars, and Media and Digital Resources.

For each partition, you can then select the users who will belong to it. Users will only be able to see and manage those resources that are assigned to the partitions they belong to. What a user can then do with an accessible resource (view, edit, and so on) is determined by their Designer role. Each user's PBAC details are stored in their Workspace settings and retrieved during login.

Tip
You can also use PBAC to control which resources are displayed to users in drop-down lists when setting up columns with enumeration data types in Data Tables.

Watch this video to learn how PBAC works:



Watch this video to see an example of how PBAC can be set up:


Important
By default, PBAC works by inclusion. If a user is not assigned any partitions, it is assumed that PBAC is not in effect for that user and they will have access to ALL resources, including those that have partitions assigned to them. Similarly, if a resource is not assigned any partitions, it is considered a public resource that is accessible to ALL users.

In general, partitioning can be set up as follows:

  • Define a private partition. Assign it to all resources that you intend to control using PBAC. You can leave out any resources that should remain globally visible.
  • Don’t assign this partition to any users. This private partition will ensure that resources under partitioning control will NOT be visible to a user who has at least one partition defined.
  • For each department, set up a dedicated partition and assign it to users from that department. Then assign each partition to the resources those users need access to. (Here's an example.)
  • New resources inherit the partitions of the users who created them, and remain accessible only to users who belong to that partition.

For example...

You might create a partition for each of the following departments:

  • Sales
  • Finance
  • Marketing

Then add users as members of their appropriate partitions:

  • John to Finance
  • David to Marketing
  • Kristen to Sales and Finance
  • Jason to Sales and Marketing

Remember: Users who are Designer Administrators do not need to be assigned to a partition as they already have full access.

You can then assign certain resources to each partition:

  • Resource A to Finance
  • Resource B to Marketing
  • Resource C to Sales
  • Resource D to "none" (remember that non-assigned resources are visible to ALL users)

This diagram illustrates the relationships between the users, resources, and partitions described in this example:

Des pbac example.png-

Partitions tab

Use this tab to add or manage partitions and select the users who can access them.

For example, to add a new partition called Sales:


Des admin partitions add.gif


After the partition is added, you can use the edit users action to select the users who can access it:

Tip
Users who are also Designer Administrators don't need to be assigned to partitions as they already have full access. Even if they are assigned to partitions, they will continue to see all resources as if they were not.

Des admin partitions addusers.gif

Users tab

Use this tab to view the list of users and manage their assigned partitions.

For example, to assign user_sales to the Sales partition and remove them from Finance:


Des admin users edit.gif

Resources tab

Use this tab to view the list of resource types and their associated partitions.

For example, let's say the Business Hours resource regularhours is already associated with the Service and Sales partitions, but now we want to also associate it with Marketing:


Des admin resources edit.gif


Important
There are certain Designer resources that cannot be assigned to a partition because they are used by the system or are common resources that are shared across multiple applications. These include templates, shared audio resources, and some system-based data tables (such as CALLBACK_SETTINGS and NUMBER_VALIDATION_CONFIGURATIONS). All users have access to these resources.
Retrieved from "https://all.docs.genesys.com/DES/Current/Designer/Partitions (2024-03-19 10:15:02)"
Comments or questions about this documentation? Contact us for support!