Data scope and permissions

With Roles Based Access Control (RBAC), you can now create and edit roles within the Agent Connect platform to support varied workflows and functions that may not have fit into the default Agent Connect Roles in the past. While we have retained the default Roles you're used to (Team Member, Team Leader, and Admin), the permissions for these roles and their Data Scope settings across the application are now configurable. In addition, you'll be able to create new Custom Roles, as needed. When creating Custom Roles, both Data Scope selections and Permissions which determine what a user can see and do within the application, can be customized to suit your needs best.

Below, we'll cover how each Data Scope selection works to control data visibility within Agent Connect and how Permissions will be utilized to determine what users in any Default or Custom Role can see & do in the application. Together, Data Scope selections & Permissions allow you to achieve powerful, granular control while maintaining the streamlined, self-service user management capabilities you're accustomed to today.

Data Scope

Data Scope can be set at the Default, Product Area, and in some cases, Feature levels, to ensure that you can design highly flexible Roles. Let's learn more about each of these levels!

Default Data Scope is the primary Data Scope selection for each Role and it will determine the broadest possible data set a Role may have access to. There are 5 Default Data Scope options for you to select from, which can expand or limit the data users can see & interact with in the application. If you reduce the Default Data Scope it will override most Product Area Scope selections, so you should treat Default Data Scope as the Maximum Data Scope a user in each role can see & interact with, unless stated otherwise for specific scope selections that will allow an increase in data visibility where applicable.

Product Area Data Scope limits the scope for particular product areas of the application (Feedback, QA, Performance & Coaching, Company Settings & Admin Tools, and Social). There are 5 different data scope options for you to select from. These options limit the data users can see & interact with in the application.

  • Company: Company Data Scope allows visibility to all employee data across the application.

    • We highly recommend leaving the Default Data Scope set to Company for most Roles, and simply updating Data Scope for each Product Area to the appropriate selection. This will allow for customization of varied Data Scopes at the Product Area-level – for example, If the Default Data Scope is reduced to Own Team, then selecting Own Group as the Data Scope for a specific Product Area will be overridden by the Default Data Scope, and in this case, users in the Role you're creating will not be able to see the data you intended. Leaving the Default Data Scope at Company will have no effect for most Roles, as the Product Area Data Scope selections will handle limiting the data users in the Role will see. Reducing the Default Data Scope makes the most sense for organizations that need strict data authorization walls between business units and is an advanced setting rarely necessary outside of this use case.​

  • Self: Self Data Scope limits data visibility to only data associated with a user's own profile. This includes data like Metrics, Survey Responses, QA Reviews, and Coaching Sessions. You would use the Self Data Scope if you wanted a user in this Role to see only data about themselves.

    • Self is the data scope historically used for the Team Member role. ​

  • Own Team: Own Team Data Scope limits the visibility to only data associated with users who belong to the same Team/report to the same Team Leader.

    • Own Team can be used to ensure that Team Leaders or a new Manager/Supervisor role that you create can only see data about employees who directly report to them. You may also use Own Team to broaden Team Member (or a new custom Agent-level Role's) visibility to see data about the other employees who belong to the same team they do, if desired.​

  • Own Group: Own Group Data Scope limits the data seen across the application to data belonging to Groups the user is a member of.

    • Own Group is the Data Scope historically used for our Reporting Group Permissions functionality to separate & isolate data belonging to BPO Vendors, as an example. Setting Data Scope to Own Group would ensure that users in a BPO-based Employee Group can only see data associated with users belonging to the same Group(s) they are in. You may also choose to use Own Group to segment user data between Departments (ie. Support and Sales teams both using Agent Connect).​

  • Specific Groups: Specific Groups Data Scope limits visibility to only data associated with Groups that the role has been specifically granted access to. If you select the Specific Groups Data Scope, you will be required to specify which Specific Groups users in this Role should have access to.

    • e.g. If there are 5 Groups in your account, but only 2 are selected when configuring the Specific Groups Data Scope then users in this Role would only see data belonging to the 2 Groups specified. The other 3 groups would not be visible to users in this Role.

    • When Specific Groups are selected as a Data Scope selection for a Role, users in this Role will see data for the specified Groups, even if they are not members of the Group(s).

    • Users will always be able to see data associated with themselves, even when you've set their Role's Data Scope to Specific Groups they do not belong to.

Product Areas

Available permissions across the application are grouped into specific Product Areas. There are 5 Product Areas that each have their own set of available permissions to configure and a primary Data Scope selection that can be customized.

  • Feedback: The Feedback Product Area contains permissions focused on areas of the product primarily related to surveys/customer feedback. This includes The Stream, Trends Dashboards & Reports, and Feedback Responses Exports, for example.

    • The Data Scope selected for this product area will also apply everywhere that Feedback data is shown in the application, even on pages that are not specifically Feedback-focused (i.e. on the Performance Dashboard) ​

  • QA: The QA Product Area contains permissions focused on areas of the product related to QA, including but not limited to; the QA Dashboard, QA Reviews, Calibrations, QA Assignments, and Audits.

    • The Data Scope selected for this product area will also apply everywhere that QA data is shown in the application, even on pages that are not specifically QA-focused (i.e. on the Performance Dashboard) ​

  • Coaching & Performance Management: The Coaching & Performance Management Product Area contains permissions focused on areas of the product related to Agent, Team, and Company Performance Management workflows. This includes features like Coaching/1:1s and the Performance Dashboard.​

  • Company Settings & Admin Tools: The Company Settings & Admin Tools Product Area contains permissions focused on configuring users, groups, roles, and various company settings located primarily within the Settings area of the application (ie. Survey Builder, Marketing, Areas of Excellence/Rewards & Areas of Intelligence, QA Settings, 1:1 Settings, and Metric Configuration).

    • Please note that you must have at least one user in a Role that has permission to manage Roles & Permissions at all times.​

  • Social: The Social Product Area contains permissions focused on features that require a less restricted Data Scope selection to function properly, including Leaderboards and QA Messaging.

    • Please Note: The Social Product Area permissions function independently of the Default Data Scope set for the Role, as the features within this Product Area require a broader scope to work as intended.

    • The Social Product Area Data Scope cannot be set to Self (Leaderboards & Messaging just aren't fun all by yourself)

Permissions

Each Product Area has a number of Permissions available to configure when customizing your Roles.

See below for a description of the function of each Permission:

Product AreaPermission NameDescription
FeedbackArchive Feedback on StreamRoles with this permission can archive feedback on the Stream utilizing the Remove Feedback button underneath each Survey Response card. This is historically an Admin-only feature.
FeedbackExport Feedback DataRoles with this permission can access the Export Responses tile from Settings and export survey request & responses data.
FeedbackSend SurveysWhen Agent Connect receives survey requests associated with this user, surveys should be sent to customers. When not selected, survey requests Agent Connect receives for employees in this Role will be ignored – this can help to ensure surveys are not mistakenly sent for Supervisors or Admins, for example. Please Note: Disabling this should be utilized with caution as if it is accidentally disabled/left off for a user in any Role, the survey requests created while it was disabled will be ignored and these ignored requests cannot be retrieved.
FeedbackView Company ProgramRoles with this permission can access the Company Program from the Trends navbar menu.
FeedbackView Company TrendsRoles with this permission can access the Company Trends Dashboard from the Trends navbar menu.
FeedbackView Customer Information on StreamRoles with this permission enabled can see Customer PII on Stream, this includes Customer Name, Customer Email, and Link to Original Ticket, if present.
FeedbackView Service Recovery DashboardRoles with this permission can access the Service Recovery Dashboard from the Trends navbar menu.
FeedbackView StreamRoles with this permission can access the Stream.
FeedbackView Team Member TrendsRoles with this permission can access Team Member Trends from the Trends navbar menu.
FeedbackView Team TrendsRoles with this permission can access Team Trends from the Trends navbar menu.
QAExport Calibrations dataRoles with this permission can export Calibration data from the Calibrations - All Sessions tab.
QAExport QA DataRoles with this permission can export QA data from QA Reporting (QA > Dashboard > Completed Reviews > Export).
QAManage CalibrationsRoles with this permission can access, create, edit, and archive QA Calibration Sessions, in addition to seeing the All Sessions Calibrations tab. Please note that this permission is required to access Calibration Exports. This permission has its own Data Scope selection. The Data Scope selected here will override other Scope selections to ensure that users with the ability to Create Calibration Sessions can invite Participants from across the organization, if desired.
QAManage QA AssignmentsRoles with this permission can create, edit Participants for, and archive QA Assignments in addition to seeing the All Assignments section on the Assignments Overview page (QA > Assignments)
QAManage QA SettingsRoles with this permission can access the QA tile from Settings and configure any company-wide QA Settings, including QA Scorecards, enabling features like Acknowledgments & Appeals, and various QA notifications.
QAQA Review

Roles with this permission can Initiate QA Reviews from the following places (if they have access to them, based on other permissions):

  • +New Review under the QA navbar menu

  • The Interactions page (QA > Interactions)

  • The Stream

And they can be assigned as a reviewer in a QA Assignment.

Users with permission to Conduct QA Reviews may be selected as Participants in a Calibration Session.

QAView AuditsRoles with this Permission can view completed QA Audits but cannot conduct QA Audits themselves.
QAPerform AuditsRoles with this Permission can view and conduct QA Audits
QAView QA HistoryRoles with this Permission can view QA Review History on any Completed QA Review they can access based on their Data Scope selection.
QAView QA DashboardRoles with this permission can view the QA Dashboard, which includes all tabs/subpages on the QA Dashboard.
QAView ReviewersRoles with this Permission can view the Reviewers Performance reporting page from the QA navbar menu.
QASubmit Appeals

Roles with this permission can Submit Appeals for QA Reviews if they have been granted appropriate scope to Appeal it.

This permission has Scope and the Scope selected will override the QA Product Area Scope for this Role, if necessary.

QAResolve Appeals

Roles with this permission can Resolve Appeals for any QA Review with an Open Appeal if they have been granted appropriate scope to Resolve Appeals.

Note: This permission has Scope and the Scope selected will override the QA Product Area Scope for this role, if necessary.

Coaching & Performance ManagementCoach 1:1sRoles with this permission can initiate Coaching Sessions/1:1s as a Coach.
Coaching & Performance ManagementParticipate in 1:1sRoles with this permission can be selected as the Coachee of a Coaching Session/1:1. When selected as the Coachee, the user can add Notes to the Agenda of the Session after it has been shared with them.
Coaching & Performance ManagementView 1:1sRoles with this permission can access 1:1s from the navbar, and have the ability to view 1:1 sessions but not edit those sessions. These users should not be coachable and they cannot coach others.
Coaching & Performance ManagementSave for 1:1sRoles with this permission can Save pieces of Feedback, QA Reviews, and Metric Snapshots to discuss in their Coaching Sessions/1:1s
Coaching & Performance ManagementManage 1:1 SettingsUsers with this permission can access the 1:1s tile from Settings and have the ability to edit company-level Settings like default visibility for 1:1s, Action Item Categories, and all other settings found on this page
Coaching & Performance ManagementView PerformanceRoles with this permission can see & access the Performance Dashboard from the navbar.
Company Settings & Admin ToolsAdminister PasswordsRoles with this permission can access & initiate the Reset Password flow on User Profiles and can access the Reset Passwords page, accessible under Bulk Actions on the Manage Team page.
Company Settings & Admin ToolsApprove Pending ProfilesRoles with this permission should have access to approve a profile in Pending status after profile changes have been made and access the Pending Profiles page under the Bulk Actions dropdown on the Manage Team page.
Company Settings & Admin ToolsManage UsersRoles with this permission have access to the Manage Team page and have access to create/edit/deactivate other users under the Actions column. Please note that you must have at least one user with access to Manage Users at all times.
Company Settings & Admin ToolsView UsersRoles with this permission can access the Manage Team page to view the list of users, scoped to their permission, but do not have access to create/edit/deactivate other users or see the Roles & Groups tabs
Company Settings & Admin ToolsBulk Create/Update UsersRoles with this permission should have access to the Bulk Create/Update Users under the Bulk Actions dropdown on the Manage Team page. Users who can Bulk Create/Bulk Edit can do so for all users in the Company.
Company Settings & Admin ToolsContact Medallia SupportRoles with this permission can access the 'Contact Us' option to connect with Medallia's Support Team via chat.
Company Settings & Admin ToolsView & Manage Team SettingsRoles with this permission can access the Team Settings options on the Manage Team page. Team Settings include Profile Guideline Text and Profile Photo & Image settings. Please note team settings are applied globally across users.
Company Settings & Admin ToolsFulfill RewardsRoles with this permission can access the Rewards Reports navigation and fulfill rewards agents have earned if Rewards are enabled.
Company Settings & Admin ToolsManage Company SettingsRoles with this permission have access to the Company Info tile in Settings where they can edit a number of company-wide configurations.
Company Settings & Admin ToolsManage GroupsRoles with this permission have access to the Groups UI on the Manage Team page where they are able to create new Groups, rename Groups, edit Groups membership, and duplicate/archive Groups. On the Users table, users with this permission should have access to use the Add to Group shortcut dropdown menu item
Company Settings & Admin ToolsManage IntegrationsUsers with this permission have access to the Integrations tile from Settings where they can find Test and Production API keys and download the company's Secret key, along with the ability to set Error Email Address and Test Email Address
Company Settings & Admin ToolsManage MetricsRoles with this permission have the ability to see the Metric Configuration Settings tile and edit metric configurations for the company, including Metric Sets, Leaderboard configuration, and more.
Company Settings & Admin ToolsManage Roles & PermissionsRoles with this permission can access the Roles UI via the Manage Team page, which gives them access to create a new role via the UI and update permissions belonging to existing roles. Please note that you must have at least one user with access to Manage Roles & Permissions at all times.
Company Settings & Admin ToolsManage SurveysRoles with this permission have access to the Survey Builder tile via Settings where they can make changes to their company's survey. This also includes access to see and edit Rewards/Areas of Excellence, Areas of Improvement, Marketing, and Service Recovery.
Company Settings & Admin ToolsView Rewards ReportsRoles with this permission can access the Rewards Reports via navigation (based on whether they have Thresholds enabled they will see 1 report or 3), but users with ONLY this rewards permission do not explicitly have permission to fulfill rewards
SocialQA MessagingRoles with this permission can use "@" to mention someone in the chat module on the QA review page. Please note that the QA Messaging feature will be visible whether this permission is enabled or disabled.
SocialView LeaderboardRoles with this permission can access Leaderboard from navigation.