Routing Numbers and flows Users and permissions Contact Control Panel (CCP)Analytics Historical changes Customer Profiles Agent Applications Cases Campaigns

List of security profile permissions

The security profile permissions in Amazon Connect allow users access to perform specific tasks in Amazon Connect.

The following tables list:

UI name: The name of the permission as it appears on the Security profiles page in Amazon Connect.
API name: The name of the permission when it is returned by the ListSecurityProfilePermissions API.
Use: The functionality granted by the permission.

Routing

UI name	API name	Use
Routing profiles - Create	RoutingPolicies.Create	Create routing profiles.
Routing profiles - Edit	RoutingPolicies.Edit	Edit routing profiles.
Routing profiles - View	RoutingPolicies.View	View routing profiles.
Quick connects - Create	TransferDestinations.Create	Create quick connects.
Quick connects - Delete	TransferDestinations.Delete	Delete quick connects.
Quick connects - Edit	TransferDestinations.Edit	Edit quick connects.
Quick connects - View	TransferDestinations.View	View quick connects. Agents need this permission so they can view quick connects in the agent application to transfer calls.
Hours of operation - Create	HoursOfOperation.Create	Set hours of operation and timezone for a queue.
HoursOfOperation - Delete	HoursOfOperation.Delete	Delete hours of operation and timezone for a queue.
HoursOfOperation - Edit	HoursOfOperation.Edit	Edit hours of operation and timezone for a queue.
HoursOfOperation - View	HoursOfOperation.View	View hours of operation and timezone for a queue.
Queues - Create	Queues.Create	Create queues.
Queues - Edit	Queues.Edit	Edit information for a queue, such as name, description, and hours of operation.
Queues - Enable / Disable	Queues.EnableAndDisable	Enable and disable queues to quickly control the flow of contacts to queues temporarily.
Queues - View	Queues.View	View a list of queues in your Amazon Connect instance.
Task templates - Create	TaskTemplates.Create	Create task templates.
Task templates - Delete	TaskTemplates.Delete	Delete task templates.
Task templates - Edit	TaskTemplates.Edit	Edit task templates.
Task templates - View	Task templates.View	View task templates.

Numbers and flows

UI name	API name	Use
Prompts - Create	Prompts.Create	Create prompts.
Prompts - Delete	Prompts.Delete	Delete prompts.
Prompts - Edit	Prompts.Edit	Edit prompts.
Prompts - View	Prompts.View	View a list of available prompts.
ContactFlows - Create	ContactFlows.Create	Create flows.
ContactFlows - Delete	ContactFlows.Delete	Delete flows.
ContactFlows - Edit	ContactFlows.Edit	Edit flows.
ContactFlows - Publish	ContactFlows.Publish	Publish flows.
ContactFlows - View	ContactFlows.View	View flows.
Contact flow modules - Create	ContactFlowModules.Create	Create flow modules for reusable functions.
Contact flow modules - Delete	ContactFlowModules.Delete	Delete flow modules.
Contact flow modules - Edit	ContactFlowModules.Edit	Edit flow modules.
Contact flow modules - Publish	ContactFlowModules.Publish	Publish flow modules.
Contact flow modules - View	ContactFlowModules.View	View flow modules.
Phone numbers - Claim	PhoneNumbers.Claim	Claim phone numbers.
Phone numbers - Edit	PhoneNumbers.Edit	Edit phone numbers. Attach a claimed or ported phone number to a flow.
Phone numbers - Release	PhoneNumbers.Release	Release phone numbers back to inventory.
Phone numbers - View	PhoneNumbers.View	View a list of phone numbers that have been claimed or ported to your Amazon Connect instance.
Chat test mode - Enable/Disable	ChatTestMode	Access a simulated web page so users can test the chat experience. Also grants them the permission to view a list of flows, which is exposed through the Test settings option.

Users and permissions

UI name	API name	Use
Users - Create	Users.Create	Add users to Amazon Connect. We recommend you limit who has these permissions. They pose a risk to your contact center because they can do the following: Reset passwords, including that of the administrator. Grant other users permission to the Admin security profile. People assigned to the Admin security profile have full access to your contact center. Doing these things would enable someone to lock out those who need to access Amazon Connect, and allow in others who can steal customer data and damage your business.
Users - Delete	Users.Delete	Delete users from Amazon Connect.
Users - Edit	Users.Edit	View and edit user records. As with Users - Create, limit who has these permissions because they pose a risk to your contact center.
Users - Edit permission	Users.EditPermission	View and edit user records. As with Users - Create, limit who has these permissions because they pose a risk to your contact center.
Users - View	Users.View	View user records.
Agent hierarchy - Create	AgentGrouping.Create	Create agent hierarchies. Add groups, teams, and agents.
Agent hierarchy - Edit	AgentGrouping.Edit	Edit agent hierarchies.
Agent hierarchy - Enable/Disable	AgentGrouping.EnableAndDisable	View or edit agent hierarchy information.
Agent hierarchy - View	AgentGrouping.View	View the agent's hierarchy information in a real-time metrics report, which can include their location and skill set data.
Security profiles - Create	SecurityProfiles.Create	Create security profiles.
Security profiles - Delete	SecurityProfiles.Delete	Delete security profiles.
Security profiles - Edit	SecurityProfiles.Edit	Update security profiles.
Security profiles - View	SecurityProfiles.View	View security profiles.
Agent status - Create	AgentStates.Create	Create an custom agent status. The status appears in the Contact Control Panel (CCP), such as Break, Lunch, or Training.
Agent status - Edit	AgentStates.Edit	Edit a custom agent status.
Agent status - Enable/Disable	AgentStates.EnableAndDisable	View and edit custom agent states.
Agent status - View	AgentStates.View	View an agent's status in the real-time metrics report and historical metrics report. For example, if they are Available, Offline, or in a custom state. View their status in the Agent activity report.

Contact Control Panel (CCP)

UI name	API name	Use
Access Contact Control Panel	BasicAgentAccess	Manages access to the Contact Control Panel (CCP). Assign this permission to agents as well as managers who need to monitor live conversations.
Contact Lens data	RealtimeContactLens.View	Enables users to view real-time analytics provided by Contact Lens.
Make outbound calls	OutboundCallAccess	Grants users permissions to make outbound calls. For more information about setting up outbound calling, see Set up outbound communications.
Voice ID	VoiceId.Access	Enables controls in the Contact Control Panel so agents can: View authentication outcomes. Opt-out or re-authenticate a caller. Update `SpeakerID`. View fraud detection results, rerun fraud analysis (fraud detection decision, fraud type and score).
Restrict task creation	RestrictTaskCreation.Access	Block agents from being able to create tasks.

Analytics

UI name	API name	Use
Access metrics	AccessMetrics	Manage access to real-time and historical metrics reports.
Real-time metrics	RealTimeMetrics.Access	Manage access to the real-time metrics page.
Historical metrics	HistoricalMetrics.Access	Manage access to the historical metrics page.
Agent activity audit	AgentActivityAudit.Access	Manage access to the agent activity audit within the historical metrics page.
Contact Search	ContactSearch.View	Access the Contact search page, which is where users can search for contacts and see results on the Contact details page.
Search contacts by conversation characteristics	ContactSearchWithCharacteristics.Access	Access to the Contact Lens filters that enable users to search by sentiment scores, non-talk time, and category.
Search contacts by conversation characteristics - View	ContactSearchWithCharacteristics.View	View the Contact Lens filters that enable users to search by sentiment scores, non-talk time, and category.
Search contacts by keywords	ContactSearchWithKeywords.Access	Search for contacts by keyword. On the Contact Search page, users can access additional filters that allow them to search Contact Lens transcripts by keywords or phrases, such as "thank you for your business."
Search contacts by keywords - View	ContactSearchWithKeywords.View	Search for contacts by keyword. On the Contact Search page, users can access additional filters that allow them to search Contact Lens transcripts by keywords or phrases, such as "thank you for your business."
Configure searchable contact attributes - View	ConfigureContactAttributes.View	Determine what custom attribute data will be searchable (by people who have the Contact attributes permission). It allows them to access the Searchable custom contact attributes page. For more information, see Search by custom contact attributes.
Restrict contact access	ContactRecording.Access	If your organization isn't using Contact Lens for Amazon Connect, use this permission to manage who can listen to recordings, access the corresponding URLs that are generated in S3, and delete recordings. For more information, see Assign permissions to review recordings of past conversations. Checking this box limits a user's access to contacts based on their agent hierarchy. The user will only have access to contacts handled by agent within their own hierarchy.
Restrict contact access	RestrictContactAccessByHierarchy.View	Manage a user's access to results on the Contact search page based on their agent hierarchy group. For more information, see Manage who can search for contacts and access detailed information.
Contact attributes	ContactAttributes.View	View contact attributes. Also controls access to the search filters based on contact attributes. For more information, see Search by custom contact attributes.
Contact Lens speech analytics - View	GraphTrends.View	On the Contact Details page for a contact, users can view graphs that summarize speech analytics, such as customer sentiment trend, sentiment, and talk time.
Contact Lens - custom vocabularies - Edit	ContactLensCustomVocabulary.Edit	Add custom vocabularies.
Contact Lens - custom vocabularies - View	ContactLensCustomVocabulary.View	Download and view custom vocabularies.
Rules - Create	Rules.Create	Create rules.
Rules - Delete	Rules.Delete	Delete rules.
Rules - Edit	Rules.Edit	Edit rules.
Rules - View	Rules.View	View rules.
Recorded conversations (redacted)	RedactedData.View	On the Contact details and Contact search pages for a contact, listen to call recording files and view call transcripts in which the sensitive data has been removed.
Recorded conversations (unredacted) - View	ListenCallRecordings	On the Contact details and Contact search pages for a contact, view unredacted content that contains sensitive data, such as name and credit card information. Original, unredacted chat transcripts Original, unredacted transcripts analyzed by Contact Lens Original, unredacted audio recordings Important If you have permissions to both Recorded conversations (redacted) and Recorded conversations (unredacted), note the following behavior: By default only redacted recordings and transcripts are made available on the Contact details and Contact search pages. When no redacted content exists for the contact, or when redacted content cannot be shown to the user, then unredacted content is displayed on the Contact details and Contact search pages. To access unredacted conversations, remove permissions to Recorded conversations (redacted). This leaves the user with only Recorded conversations (unredacted) permissions. You cannot access both the redacted and unredacted version of a conversation at the same time.
Recorded conversations (unredacted) - Access	ListenCallRecordings	View the Play icon so they can listen to call recordings by using the Amazon Connect user interface.
Recorded conversations (unredacted) - Enable download button	DownloadCallRecordings	Download call recordings. By default, the Enable download button permission is granted too so the user can download recordings through the user interface.
Recorded conversations (unredacted) - Delete	DeleteCallRecordings	Delete call recordings. By default, the Enable download button permission is granted too so the user can delete recordings through the user interface.
Login/Logout report - View	AgentTimeCard.View	View Login/Logout reports.
Manager monitor - Enable/Disable	ManagerListenIn	Monitor live conversations and listen to recordings of past conversations. Be sure to assign managers to the Agent security profile so they can access the Contact Control Panel (CCP). This enables them to monitor the conversation through the CCP.
Saved reports - View	MetricsReports.View	View a shared report.
Saved reports - Create	MetricsReports.Create MetricsReports.Share	Create and share reports.
Saved reports - Edit	MetricsReports.Edit	Edit save reports.
Saved reports - Delete	MetricsReports.Delete	Delete saved reports.
Saved reports - Publish	MetricsReports.Publish	Publish reports.
Saved reports - Schedule	MetricsReports.Schedule MetricsReports.Publish ReportSchedules.Create ReportSchedules.Delete ReportSchedules.Edit ReportSchedules.View	Schedule a saved report. By default, the user gets permission to create, delete, edit, and view a saved report.
Evaluation forms - perform evaluations	Evaluation.Create Evaluation.View Evaluation.Edit Evaluation.Delete	Evaluate performance.
Evaluation forms - manage form definitions	EvaluationForms.Create EvaluationForms.View EvaluationForms.Edit EvaluationForms.Delete	Create and manage evaluation forms.
Voice ID - attributes and search	VoiceIdAttributesAndSearch.View	Search for and view Voice ID results on the Contact detail page.

Historical changes

UI name	API name	Use
View historical changes	HistoricalChanges.View	On the User management page, view historical changes to user records.

Customer Profiles

UI name	API name	Use
Customer profiles - Create	CustomerProfiles.Create	Create customer profiles in the agent application.
Customer profiles - Edit	CustomerProfiles.Edit	Edit customer profiles in the agent application.
Customer profiles - View	CustomerProfiles.View	Edit customer profiles in the agent application.

Agent Applications

UI name	API name	Use
Wisdom - View	Wisdom.View	View real-time recommendations in the agent application.

Cases

UI name	API name	Use
Cases - Create	Cases.Create	Create cases in the agent application.
Cases - View	Cases.View	View cases in the agent application.
Cases - Edit	Cases.Edit	Edit cases in the agent application.
Case Fields - Create	CaseFields.Create	Create case fields.
Case Fields - View	CaseFields.View	View case fields.
Case Fields - Edit	CaseFields.Edit	Edit case fields.
Case Templates - Create	CaseTemplates.Create	Create case templates.
Case Templates - View	CaseTemplates.View	View case templates.
Case Templates - Edit	CaseTemplates.Edit	Edit case templates.

Campaigns

UI name	API name	Use
Campaigns - Create	Campaigns.Create	Create outbound campaigns.
Campaigns - Delete	Campaigns.Delete	Delete outbound campaigns.
Campaigns - Edit	Campaigns.Edit	Edit outbound campaigns.
Campaigns - Manage	Campaigns.Delete	Manage outbound campaigns.
Campaigns - View		View outbound campaigns.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

About inherited permissions

Default security profiles