List of security profile permissions - Amazon Connect

List of security profile permissions

The security profile permissions in Amazon Connect allow users access to perform specific tasks in Amazon Connect.

The following tables list:

  • UI name: The name of the permission as it appears on the Security profiles page in Amazon Connect.

  • API name: The name of the permission when it is returned by the ListSecurityProfilePermissions API.

  • Use: The functionality granted by the permission.

Routing

UI name API name Use

Routing profiles - Create

RoutingPolicies.Create

Create routing profiles.

Routing profiles - Edit

RoutingPolicies.Edit

Edit routing profiles.

Routing profiles - View

RoutingPolicies.View

View routing profiles.

Quick connects - Create

TransferDestinations.Create

Create quick connects.

Quick connects - Delete

TransferDestinations.Delete

Delete quick connects.

Quick connects - Edit

TransferDestinations.Edit

Edit quick connects.

Quick connects - View

TransferDestinations.View

View quick connects. Agents need this permission so they can view quick connects in the agent application to transfer calls.

Hours of operation - Create

HoursOfOperation.Create

Set hours of operation and timezone for a queue.

HoursOfOperation - Delete

HoursOfOperation.Delete

Delete hours of operation and timezone for a queue.

HoursOfOperation - Edit

HoursOfOperation.Edit

Edit hours of operation and timezone for a queue.

HoursOfOperation - View

HoursOfOperation.View

View hours of operation and timezone for a queue.

Queues - Create

Queues.Create

Create queues.

Queues - Edit

Queues.Edit

Edit information for a queue, such as name, description, and hours of operation.

Queues - Enable / Disable

Queues.EnableAndDisable

Enable and disable queues to quickly control the flow of contacts to queues temporarily.

Queues - View

Queues.View

View a list of queues in your Amazon Connect instance.

Task templates - Create

TaskTemplates.Create

Create task templates.

Task templates - Delete

TaskTemplates.Delete

Delete task templates.

Task templates - Edit

TaskTemplates.Edit

Edit task templates.

Task templates - View

Task templates.View

View task templates.

Numbers and flows

UI name API name Use

Prompts - Create

Prompts.Create

Create prompts.

Prompts - Delete

Prompts.Delete

Delete prompts.

Prompts - Edit

Prompts.Edit

Edit prompts.

Prompts - View

Prompts.View

View a list of available prompts.

ContactFlows - Create

ContactFlows.Create

Create flows.

ContactFlows - Delete

ContactFlows.Delete

Delete flows.

ContactFlows - Edit

ContactFlows.Edit

Edit flows.

ContactFlows - Publish

ContactFlows.Publish

Publish flows.

ContactFlows - View

ContactFlows.View

View flows.

Contact flow modules - Create

ContactFlowModules.Create

Create flow modules for reusable functions.

Contact flow modules - Delete

ContactFlowModules.Delete

Delete flow modules.

Contact flow modules - Edit

ContactFlowModules.Edit

Edit flow modules.

Contact flow modules - Publish

ContactFlowModules.Publish

Publish flow modules.

Contact flow modules - View

ContactFlowModules.View

View flow modules.

Phone numbers - Claim

PhoneNumbers.Claim

Claim phone numbers.

Phone numbers - Edit

PhoneNumbers.Edit

Edit phone numbers. Attach a claimed or ported phone number to a flow.

Phone numbers - Release

PhoneNumbers.Release

Release phone numbers back to inventory.

Phone numbers - View

PhoneNumbers.View

View a list of phone numbers that have been claimed or ported to your Amazon Connect instance.

Chat test mode - Enable/Disable

ChatTestMode

Access a simulated web page so users can test the chat experience. Also grants them the permission to view a list of flows, which is exposed through the Test settings option.

Users and permissions

UI name API name Use

Users - Create

Users.Create

Add users to Amazon Connect. We recommend you limit who has these permissions. They pose a risk to your contact center because they can do the following:

  • Reset passwords, including that of the administrator.

  • Grant other users permission to the Admin security profile. People assigned to the Admin security profile have full access to your contact center.

Doing these things would enable someone to lock out those who need to access Amazon Connect, and allow in others who can steal customer data and damage your business.

Users - Delete

Users.Delete

Delete users from Amazon Connect.

Users - Edit

Users.Edit

View and edit user records. As with Users - Create, limit who has these permissions because they pose a risk to your contact center.

Users - Edit permission

Users.EditPermission

View and edit user records. As with Users - Create, limit who has these permissions because they pose a risk to your contact center.

Users - View

Users.View

View user records.

Agent hierarchy - Create

AgentGrouping.Create

Create agent hierarchies. Add groups, teams, and agents.

Agent hierarchy - Edit

AgentGrouping.Edit

Edit agent hierarchies.

Agent hierarchy - Enable/Disable

AgentGrouping.EnableAndDisable

View or edit agent hierarchy information.

Agent hierarchy - View

AgentGrouping.View

View the agent's hierarchy information in a real-time metrics report, which can include their location and skill set data.

Security profiles - Create

SecurityProfiles.Create

Create security profiles.

Security profiles - Delete

SecurityProfiles.Delete

Delete security profiles.

Security profiles - Edit

SecurityProfiles.Edit

Update security profiles.

Security profiles - View

SecurityProfiles.View

View security profiles.

Agent status - Create

AgentStates.Create

Create an custom agent status. The status appears in the Contact Control Panel (CCP), such as Break, Lunch, or Training.

Agent status - Edit

AgentStates.Edit

Edit a custom agent status.

Agent status - Enable/Disable

AgentStates.EnableAndDisable

View and edit custom agent states.

Agent status - View

AgentStates.View

View an agent's status in the real-time metrics report and historical metrics report. For example, if they are Available, Offline, or in a custom state. View their status in the Agent activity report.

Contact Control Panel (CCP)

UI name API name Use

Access Contact Control Panel

BasicAgentAccess

Manages access to the Contact Control Panel (CCP). Assign this permission to agents as well as managers who need to monitor live conversations.

Contact Lens data

RealtimeContactLens.View

Enables users to view real-time analytics provided by Contact Lens.

Make outbound calls

OutboundCallAccess

Grants users permissions to make outbound calls. For more information about setting up outbound calling, see Set up outbound communications.

Voice ID

VoiceId.Access

Enables controls in the Contact Control Panel so agents can:

  • View authentication outcomes.

  • Opt-out or re-authenticate a caller.

  • Update SpeakerID.

  • View fraud detection results, rerun fraud analysis (fraud detection decision, fraud type and score).

Restrict task creation

RestrictTaskCreation.Access

Block agents from being able to create tasks.

Analytics

UI name API name Use

Access metrics

AccessMetrics

Manage access to real-time and historical metrics reports.

Real-time metrics

RealTimeMetrics.Access

Manage access to the real-time metrics page.

Historical metrics

HistoricalMetrics.Access

Manage access to the historical metrics page.

Agent activity audit

AgentActivityAudit.Access

Manage access to the agent activity audit within the historical metrics page.

Contact Search

ContactSearch.View

Access the Contact search page, which is where users can search for contacts and see results on the Contact details page.

Search contacts by conversation characteristics

ContactSearchWithCharacteristics.Access

Access to the Contact Lens filters that enable users to search by sentiment scores, non-talk time, and category.

Search contacts by conversation characteristics - View

ContactSearchWithCharacteristics.View

View the Contact Lens filters that enable users to search by sentiment scores, non-talk time, and category.

Search contacts by keywords

ContactSearchWithKeywords.Access

Search for contacts by keyword. On the Contact Search page, users can access additional filters that allow them to search Contact Lens transcripts by keywords or phrases, such as "thank you for your business."

Search contacts by keywords - View

ContactSearchWithKeywords.View

Search for contacts by keyword. On the Contact Search page, users can access additional filters that allow them to search Contact Lens transcripts by keywords or phrases, such as "thank you for your business."

Configure searchable contact attributes - View

ConfigureContactAttributes.View

Determine what custom attribute data will be searchable (by people who have the Contact attributes permission). It allows them to access the Searchable custom contact attributes page. For more information, see Search by custom contact attributes.

Restrict contact access

ContactRecording.Access

If your organization isn't using Contact Lens for Amazon Connect, use this permission to manage who can listen to recordings, access the corresponding URLs that are generated in S3, and delete recordings. For more information, see Assign permissions to review recordings of past conversations.

Checking this box limits a user's access to contacts based on their agent hierarchy. The user will only have access to contacts handled by agent within their own hierarchy.

Restrict contact access

RestrictContactAccessByHierarchy.View

Manage a user's access to results on the Contact search page based on their agent hierarchy group. For more information, see Manage who can search for contacts and access detailed information.

Contact attributes

ContactAttributes.View

View contact attributes. Also controls access to the search filters based on contact attributes. For more information, see Search by custom contact attributes.

Contact Lens speech analytics - View

GraphTrends.View

On the Contact Details page for a contact, users can view graphs that summarize speech analytics, such as customer sentiment trend, sentiment, and talk time.

Contact Lens - custom vocabularies - Edit

ContactLensCustomVocabulary.Edit

Add custom vocabularies.

Contact Lens - custom vocabularies - View

ContactLensCustomVocabulary.View

Download and view custom vocabularies.

Rules - Create

Rules.Create

Create rules.

Rules - Delete

Rules.Delete

Delete rules.

Rules - Edit

Rules.Edit

Edit rules.

Rules - View

Rules.View

View rules.

Recorded conversations (redacted)

RedactedData.View

On the Contact details and Contact search pages for a contact, listen to call recording files and view call transcripts in which the sensitive data has been removed.

Recorded conversations (unredacted) - View

ListenCallRecordings

On the Contact details and Contact search pages for a contact, view unredacted content that contains sensitive data, such as name and credit card information.

  • Original, unredacted chat transcripts

  • Original, unredacted transcripts analyzed by Contact Lens

  • Original, unredacted audio recordings

Important

If you have permissions to both Recorded conversations (redacted) and Recorded conversations (unredacted), note the following behavior:

  • By default only redacted recordings and transcripts are made available on the Contact details and Contact search pages.

  • When no redacted content exists for the contact, or when redacted content cannot be shown to the user, then unredacted content is displayed on the Contact details and Contact search pages.

To access unredacted conversations, remove permissions to Recorded conversations (redacted). This leaves the user with only Recorded conversations (unredacted) permissions.

You cannot access both the redacted and unredacted version of a conversation at the same time.

Recorded conversations (unredacted) - Access

ListenCallRecordings

View the Play icon so they can listen to call recordings by using the Amazon Connect user interface.

Recorded conversations (unredacted) - Enable download button

DownloadCallRecordings

Download call recordings. By default, the Enable download button permission is granted too so the user can download recordings through the user interface.

Recorded conversations (unredacted) - Delete

DeleteCallRecordings

Delete call recordings. By default, the Enable download button permission is granted too so the user can delete recordings through the user interface.

Login/Logout report - View

AgentTimeCard.View

View Login/Logout reports.

Manager monitor - Enable/Disable

ManagerListenIn

Monitor live conversations and listen to recordings of past conversations. Be sure to assign managers to the Agent security profile so they can access the Contact Control Panel (CCP). This enables them to monitor the conversation through the CCP.

Saved reports - View

MetricsReports.View

View a shared report.

Saved reports - Create

MetricsReports.Create

MetricsReports.Share

Create and share reports.

Saved reports - Edit

MetricsReports.Edit

Edit save reports.

Saved reports - Delete

MetricsReports.Delete

Delete saved reports.

Saved reports - Publish

MetricsReports.Publish

Publish reports.

Saved reports - Schedule

MetricsReports.Schedule

MetricsReports.Publish

ReportSchedules.Create

ReportSchedules.Delete

ReportSchedules.Edit

ReportSchedules.View

Schedule a saved report. By default, the user gets permission to create, delete, edit, and view a saved report.

Evaluation forms - perform evaluations

Evaluation.Create

Evaluation.View

Evaluation.Edit

Evaluation.Delete

Evaluate performance.

Evaluation forms - manage form definitions

EvaluationForms.Create

EvaluationForms.View

EvaluationForms.Edit

EvaluationForms.Delete

Create and manage evaluation forms.

Voice ID - attributes and search

VoiceIdAttributesAndSearch.View

Search for and view Voice ID results on the Contact detail page.

Historical changes

UI name API name Use

View historical changes

HistoricalChanges.View

On the User management page, view historical changes to user records.

Customer Profiles

UI name API name Use

Customer profiles - Create

CustomerProfiles.Create

Create customer profiles in the agent application.

Customer profiles - Edit

CustomerProfiles.Edit

Edit customer profiles in the agent application.

Customer profiles - View

CustomerProfiles.View

Edit customer profiles in the agent application.

Agent Applications

UI name API name Use

Wisdom - View

Wisdom.View

View real-time recommendations in the agent application.

Cases

UI name API name Use

Cases - Create

Cases.Create

Create cases in the agent application.

Cases - View

Cases.View

View cases in the agent application.

Cases - Edit

Cases.Edit

Edit cases in the agent application.

Case Fields - Create

CaseFields.Create

Create case fields.

Case Fields - View

CaseFields.View

View case fields.

Case Fields - Edit

CaseFields.Edit

Edit case fields.

Case Templates - Create

CaseTemplates.Create

Create case templates.

Case Templates - View

CaseTemplates.View

View case templates.

Case Templates - Edit

CaseTemplates.Edit

Edit case templates.

Campaigns

UI name API name Use

Campaigns - Create

Campaigns.Create

Create outbound campaigns.

Campaigns - Delete

Campaigns.Delete

Delete outbound campaigns.

Campaigns - Edit

Campaigns.Edit

Edit outbound campaigns.

Campaigns - Manage

Campaigns.Delete

Manage outbound campaigns.

Campaigns - View

View outbound campaigns.