Partition-based Access Controls

From Genesys Documentation
Jump to: navigation, search
This topic is part of the manual Outbound (CX Contact) CX Contact Help for version Current of Outbound (CX Contact).

Learn about partition-based access controls.

Partition-based access (PBAC) is useful in environments where a single tenant has within it several independent organizations (business units). For example, if tenant ORG1 has subaccounts such as, BU1, BU2, and BU3 you might require partitioned access to one or more of these subaccounts. Also, administrators must be able to control access to these accounts.

When partition-based access is applied, you only have view access to a specific set of objects. Other types of access are provided by role-based access (RBAC) and Configuration Server permissions. PBAC enhances other types of access, but does not replace them.


Before you begin using PBAC, it's important to understand the terminology being used in this article:

  • Partition—A logical, united set of CX Contact objects and External objects accessible to a specific group of CX Contact users. The set of objects includes all object types created by CX Contact or by some other process or application.
  • Partition Member—A user with access rights to a particular partition. A user can be a member of zero, one, or several partitions. User access rights to a partition are of type Boolean (access is either allowed or denied).
  • Active Partition—The partition that a user has explicitly nominated as current. All new objects are created by the user within this active partition. Only one active partition is associated with each user. Users can switch active partitions if they have access to multiple partitions.
  • Partition Assignment—The process of nominating an object into a partition and the serialization of this nomination into Configuration Server.
  • CX Contact objects—A set of configuration objects created by CX Contact and are considered outbound. For example, calling lists, campaign groups, treatments, scripts of type Outbound (such as, outbound list, outbound schedule), and so on.
  • External objects—A set of configuration objects that are not created by CX Contact. For example, Agent Groups, DNs, Applications, IVR Profiles, and so on.
  • Shared objects—A set of configuration objects that are visible and accessible in all partitions.
When you migrate existing configuration objects, those objects without any assigned partitions are considered Shared objects and are visible in all partitions until they are manually assigned to a specific partition.

Manage partitions

Administrators and others who have the appropriate RBAC permissions, can manage partitions in the CX Contact UI by creating, and deleting partitions.

To manage partitions, go to Settings and click the Partitions tab.Partitions_Settings-Enable.png

Administrators can switch Partitioning support on or off in the CX Contact UI anytime if they have the appropriate RBAC permissions. However, they must first create at least one partition before switching Partitioning on.

New partitions

When you create a new partition and name it, CX Contact automatically creates the <Partition name> Access Group. If an Access Group with the same name exists, CX Contact does not re-create it or generate errors.

You do not need to grant permissions to newly created Access Groups for objects with which they are associated. The only purpose for having a <Partition Name> Access Group is to enable user access to the partition.

Once a partition is created, you cannot modify its name, because the Access Group created for that partition is mapped to the partition Name.

After CX Contact creates the Access Group, use GAX or Agent Setup to select users who will be members of the group, enabling them to use the CX Contact partition.

Active partitions

When Partitioning is enabled for a Tenant, each user belongs to only one partition at any given time. The first time you log in you are automatically associated with the first partition that is enabled for you (including all partition Access Groups you are a member of).

A user can not be associated with a deleted or non-existent partition.

Deleted partitions

When you delete partitions, they are removed from the Tenant settings. Any configuration objects belonging to deleted partitions are not modified in any way and continue to store partition-associated information. This enables you to recreate the partition (using the same name) and automatically retain the association with partition objects.


When PBAC is active, CX Contact assigns each object that it creates to a partition. It assigns objects to the active partition for the user who created them.

Partition members

When new partitions are created, CX Contact automatically creates an empty Access Group for the partition. The Access Group is named <Partition name> (for example BU1 or BU2) and is used to add members to the partition. A person automatically becomes a member of the partition when they are assigned to the Access Group.

Use GAX or Agent Setup to assign users to Access Groups. This task is not done in CX Contact.
If you delete a partition, CX Contact does not automatically delete the Access Group. This means that you can recreate the partition and regain access to the configuration objects assigned to the partition, because the objects are not deleted when the partition is deleted.
If a specific Business Rule exists that requires you to delete all objects in a partition, as well as the partition itself, use the CX Contact UI or the API to do so before deleting the partition. Neither the CX Contact UI or the API support deleting objects in a partition that's been deleted. If required, you must delete these objects externally.

Shared objects

CX Contact considers configuration objects to be Shared and visible in any partition if they are not associated with a specific partition. Users can gain access to shared objects if they are a member of at least one partition or a member of the CX Contact All Partitions Access Group.

Globally applicable Compliance rules and Suppression Lists that are marked as Required are Shared and therefore are visible across and apply to all partitions.

Assigning users to the special, precreated CXContact All Partitions Access Group makes all CX Contact partitions available to them.

External objects

Currently, CX Contact supports only the Agent Groups External object.

Agent Groups

CX Contact can honor External object partition assignments, such as Agent Groups, if the Agent Group is configured as a member of a specific partition.

Currently, only the Agent Groups External object can be optionally partitioned. All other External objects, such as DNs, Applications, IVR Profiles are treated as Shared.

Outbound analytics

When Partitioning is enabled for a Tenant, the partition field is added to all CX Contact ES indexes and populated by CX Contact components. Also, actions performed on partitions (create, delete, and select active) are logged in the Audit ES index.

When members of an active partition (for example, Partition A) browse data for Outbound Analytics, they'll see only the data for Partition A, and the data for Shared objects. They cannot see data from other partitions in any of the Outbound Analytics dashboards.

When Partitioning is enabled for the Tenant and the Export Analytics Data job automation is executed for Partition A, the export contains data for Partition A, and the data for the Shared objects for any of the Outbound Analytics ES indexes.

Retrieved from " (2023-09-27 10:51:30)"
Comments or questions about this documentation? Contact us for support!