List of security profile permissions - Amazon Connect

List of security profile permissions

The security profile permissions in Amazon Connect allow users access to perform specific tasks in Amazon Connect.

The following tables list:

  • UI name: The name of the permission as it appears on the Security profiles page in Amazon Connect.

  • API name: The name of the permission when it is returned by the ListSecurityProfilePermissions API.

  • Use: The functionality granted by the permission.

Routing

UI name API name Use

Routing profiles - Create

RoutingPolicies.Create

Create routing profiles.

Routing profiles - Edit

RoutingPolicies.Edit

Edit routing profiles.

Routing profiles - View

RoutingPolicies.View

View routing profiles.

Quick connects - Create

TransferDestinations.Create

Create quick connects.

Quick connects - Delete

TransferDestinations.Delete

Delete quick connects.

Quick connects - Edit

TransferDestinations.Edit

Edit quick connects.

Quick connects - View

TransferDestinations.View

View quick connects. Agents need this permission so they can view quick connects in the agent application to transfer calls.

Hours of operation - Create

HoursOfOperation.Create

Set hours of operation and timezone for a queue.

HoursOfOperation - Delete

HoursOfOperation.Delete

Delete hours of operation and timezone for a queue.

HoursOfOperation - Edit

HoursOfOperation.Edit

Edit hours of operation and timezone for a queue.

HoursOfOperation - View

HoursOfOperation.View

View hours of operation and timezone for a queue.

Queues - Create

Queues.Create

Create queues.

Queues - Edit

Queues.Edit

Edit information for a queue, such as name, description, and hours of operation.

Queues - Enable / Disable

Queues.EnableAndDisable

Enable and disable queues to quickly control the flow of contacts to queues temporarily.

Queues - View

Queues.View

View a list of queues in your Amazon Connect instance.

Task templates - Create

TaskTemplates.Create

Create task templates.

Task templates - Delete

TaskTemplates.Delete

Delete task templates.

Task templates - Edit

TaskTemplates.Edit

Edit task templates.

Task templates - View

TaskTemplates.View

View task templates.

Channels and flows

UI name API name Use

Prompts - Create

Prompts.Create

Create prompts.

Prompts - Delete

Prompts.Delete

Delete prompts.

Prompts - Edit

Prompts.Edit

Edit prompts.

Prompts - View

Prompts.View

View a list of available prompts.

ContactFlows - Create

ContactFlows.Create

Create flows.

ContactFlows - Delete

ContactFlows.Delete

Delete flows.

ContactFlows - Edit

ContactFlows.Edit

Edit flows.

ContactFlows - Publish

ContactFlows.Publish

Publish flows.

ContactFlows - View

ContactFlows.View

View flows.

Flow modules - Create

ContactFlowModules.Create

Create flow modules for reusable functions.

Flow modules - Delete

ContactFlowModules.Delete

Delete flow modules.

Flow modules - Edit

ContactFlowModules.Edit

Edit flow modules.

Flow modules - Publish

ContactFlowModules.Publish

Publish flow modules.

Flow modules - View

ContactFlowModules.View

View flow modules.

Phone numbers - Claim

PhoneNumbers.Claim

Claim phone numbers.

Phone numbers - Edit

PhoneNumbers.Edit

Edit phone numbers. Attach a claimed or ported phone number to a flow.

Phone numbers - Release

PhoneNumbers.Release

Release phone numbers back to inventory.

Phone numbers - View

PhoneNumbers.View

View a list of phone numbers that have been claimed or ported to your Amazon Connect instance.

Communication widget - Enable/Disable

ChatTestMode

Access a simulated web page so users can test the chat experience. Also grant users the Contactflow.View permission so they can view and choose from a list of available flows in the Test settings option.

Views

Views.View

Allow access to Views

Users and permissions

UI name API name Use

Users - Create

Users.Create

Add users to Amazon Connect. We recommend you limit who has these permissions. They pose a risk to your contact center because they can do the following:

  • Reset passwords, including that of the administrator.

  • Grant other users permission to the Admin security profile. People assigned to the Admin security profile have full access to your contact center.

Doing these things would enable someone to lock out those who need to access Amazon Connect, and allow in others who can steal customer data and damage your business.

Users - Delete

Users.Delete

Delete users from Amazon Connect.

Users - Edit

Users.Edit

View and edit all user identity information except for security profiles. As with Users - Create, limit who has these permissions because they pose a risk to your contact center.

Users - Edit permission

Users.EditPermission

View and edit user security profiles. As with Users - Create, limit who has these permissions because they pose a risk to your contact center.

Users - View

Users.View

View user records.

Agent hierarchy - Create

AgentGrouping.Create

Create agent hierarchies. Add groups, teams, and agents.

Agent hierarchy - Edit

AgentGrouping.Edit

Edit agent hierarchies.

Agent hierarchy - Enable/Disable

AgentGrouping.EnableAndDisable

View or edit agent hierarchy information.

Agent hierarchy - View

AgentGrouping.View

View the agent's hierarchy information in a real-time metrics report, which can include their location and skill set data.

Security profiles - Create

SecurityProfiles.Create

Create security profiles.

Security profiles - Delete

SecurityProfiles.Delete

Delete security profiles.

Security profiles - Edit

SecurityProfiles.Edit

Update security profiles.

Security profiles - View

SecurityProfiles.View

View security profiles.

Agent status - Create

AgentStates.Create

Create an custom agent status. The status appears in the Contact Control Panel (CCP), such as Break, Lunch, or Training.

Agent status - Edit

AgentStates.Edit

Edit a custom agent status.

Agent status - Enable/Disable

AgentStates.EnableAndDisable

View and edit custom agent states.

Agent status - View

AgentStates.View

View an agent's status in the real-time metrics report and historical metrics report. For example, if they are Available, Offline, or in a custom state. View their status in the Agent activity report.

Contact Control Panel (CCP)

UI name API name Use

Access Contact Control Panel

BasicAgentAccess

Manages access to the Contact Control Panel (CCP). Assign this permission to agents as well as managers who need to monitor live conversations.

Contact Lens data

RealtimeContactLens.View

Enables users to view real-time analytics provided by Contact Lens.

Make outbound calls

OutboundCallAccess

Grants users permissions to make outbound calls. For more information about setting up outbound calling, see Set up outbound calling.

Voice ID

VoiceId.Access

Enables controls in the Contact Control Panel so agents can:

  • View authentication outcomes.

  • Opt-out or re-authenticate a caller.

  • Update SpeakerID.

  • View fraud detection results, rerun fraud analysis (fraud detection decision, fraud type and score).

Restrict task creation

RestrictTaskCreation.Access

Block agents from being able to create tasks.

Audio device settings

AudioDeviceSettings.Access

Choose your preferred device for speaker, microphone, and ringer in the Contact Control Panel (CCP) or agent workspace.

Video calls

VideoContact.Access

Enable agents to use video calling.

Analytics and Optimization

UI name API name Use

Access metrics

AccessMetrics

Manage access to real-time and historical metrics reports.

Real-time metrics

AccessMetrics.RealTimeMetrics.Access

Manage access to the real-time metrics page.

Historical metrics

AccessMetrics.HistoricalMetrics.Access

Manage access to the historical metrics page.

Agent activity audit

AccessMetrics.AgentActivityAudit.Access

Manage access to the agent activity audit within the historical metrics page.

Dashboards

AccessMetrics.Dashboards.Access

Dashboards: View performance insights

Contact Search

ContactSearch.View

Access the Contact search page, which is where users can search for contacts and see results on the Contact details page.

View My Contacts

MyContacts.View

Allows agents to view contacts that they themselves had handled, on Contact search and Contact details pages.

Search contacts by conversation characteristics

ContactSearchWithCharacteristics.Access

Access to the Contact Lens filters that enable users to search by sentiment scores, non-talk time, and category.

Search contacts by conversation characteristics - View

ContactSearchWithCharacteristics.View

View the Contact Lens filters that enable users to search by sentiment scores, non-talk time, and category.

Search contacts by keywords

ContactSearchWithKeywords.Access

Search for contacts by keyword. On the Contact Search page, users can access additional filters that allow them to search Contact Lens transcripts by keywords or phrases, such as "thank you for your business."

Search contacts by keywords - View

ContactSearchWithKeywords.View

Search for contacts by keyword. On the Contact Search page, users can access additional filters that allow them to search Contact Lens transcripts by keywords or phrases, such as "thank you for your business."

Configure searchable contact attributes - View

ConfigureContactAttributes.View

Determine what custom attribute data will be searchable (by people who have the Contact attributes permission). It allows them to access the Searchable custom contact attributes page. For more information, see Search by custom contact attributes.

Restrict contact access

RestrictContactAccessByHierarchy.View

Manage a user's access to results on the Contact search page based on their agent hierarchy group. For more information, see Manage who can search for contacts and access detailed information.

Contact attributes

ContactAttributes.View

View contact attributes. Also controls access to the search filters based on contact attributes. For more information, see Search by custom contact attributes.

Contact Lens - conversational analytics - View

GraphTrends.View

On the Contact details page for a contact, users can view conversational analytics outputs such as graphs (on sentiment, talk time, and other various outputs), sentiment indicators, and contact category labels on conversation recordings and transcripts.

Users can view data on the Contact Lens conversational analytics dashboard.

Contact Lens - custom vocabularies - Edit

ContactLensCustomVocabulary.Edit

Add custom vocabularies.

Contact Lens - custom vocabularies - View

ContactLensCustomVocabulary.View

Download and view custom vocabularies.

Contact Lens - post-contact summary

ContactLensPostContactSummary.View

View post-contact summarization powered by generative artificial intelligence (generative AI) on the Contact Search and Contact Details pages.

Contact Lens - theme detection - Create

ThemeDetection.Create

Create theme detection reports on the Contact search page.

Contact Lens - theme detection - View

ThemeDetection.View

View theme detection reports on the Contact search page.

Contact Lens - theme detection - Delete

ThemeDetection.Delete

Delete theme detection reports on the Contact search page.

Rules - Create

Rules.Create

Create rules.

Rules - Delete

Rules.Delete

Delete rules.

Rules - Edit

Rules.Edit

Edit rules.

Rules - View

Rules.View

View rules.

Recorded conversations (redacted)

RedactedData.View

On the Contact details and Contact search pages for a contact, listen to call recording files and view call transcripts in which the sensitive data has been removed.

Recorded conversations (unredacted) - View

ListenCallRecordings

On the Contact details and Contact search pages for a contact, view unredacted content that contains sensitive data, such as name and credit card information.

  • Original, unredacted chat transcripts

  • Original, unredacted transcripts analyzed by Contact Lens

  • Original, unredacted audio recordings

Important

If you have permissions to both Recorded conversations (redacted) and Recorded conversations (unredacted), note the following behavior:

  • By default only redacted recordings and transcripts are made available on the Contact details and Contact search pages.

  • When no redacted content exists for the contact, or when redacted content cannot be shown to the user, then unredacted content is displayed on the Contact details and Contact search pages.

To access unredacted conversations, remove permissions to Recorded conversations (redacted). This leaves the user with only Recorded conversations (unredacted) permissions.

You cannot access both the redacted and unredacted version of a conversation at the same time.

Recorded conversations (unredacted) - Access

ListenCallRecordings

View the Play icon so they can listen to call recordings by using the Amazon Connect admin website.

Recorded conversations (unredacted) - Enable download button

DownloadCallRecordings

Enables buttons to download and delete call recordings. By default, the Enable download button permission is granted so the user can Download call recordings through the Amazon Connect admin website. To perform a download, however, the user needs permissions to access a Recorded conversation (unredacted).

Recorded conversations (unredacted) - Delete

DeleteCallRecordings

Delete call recordings. By default, the Enable download button permission is granted too so the user can delete recordings through the Amazon Connect admin website.

Login/Logout report - View

AgentTimeCard.View

View Login/Logout reports.

Real-time contact barge-in - Enable/Disable

ManagerBargeIn

Enables supervisors and managers to barge into live conversations between agents and customers. To learn more about Barge for live conversations, see Barge live voice and chat conversations.

Real-time contact monitoring- Enable/Disable

ManagerListenIn

Monitor live conversations and listen to recordings of past conversations. Be sure to assign managers to the Agent security profile so they can access the Contact Control Panel (CCP). This enables them to monitor the conversation through the CCP.

Saved reports (admin)

MetricsReports.Admin

View and delete all saved reports in your instance, including those not created by you.

Saved reports - View

MetricsReports.View

View a shared report.

Saved reports - Create

MetricsReports.Create

MetricsReports.Share

Create and share reports.

Saved reports - Edit

MetricsReports.Edit

Edit save reports.

Saved reports - Delete

MetricsReports.Delete

Delete saved reports.

Saved reports - Publish

MetricsReports.Publish

Publish reports.

Saved reports - Schedule

MetricsReports.Schedule

MetricsReports.Publish

ReportSchedules.Create

ReportSchedules.Delete

ReportSchedules.Edit

ReportSchedules.View

Schedule a saved report. By default, the user gets permission to create, delete, edit, and view a saved report.

Evaluation forms - perform evaluations

Evaluation.Create

Evaluation.View

Evaluation.Edit

Evaluation.Delete

Evaluate performance.

Evaluation forms - manage form definitions

EvaluationForms.Create

EvaluationForms.View

EvaluationForms.Edit

EvaluationForms.Delete

Create and manage evaluation forms.

Evaluation forms - ask AI assistant

EvaluationAssistant.Access

Access the Ask AI button while performing evaluations, enabling the user to get generative AI-powered recommendations for answers to questions in evaluation forms.

Voice ID - attributes and search

VoiceIdAttributesAndSearch.View

Search for and view Voice ID results on the Contact detail page.

Voice ID - attributes and search

VoiceIdAttributesAndSearch.View

Search for and view Voice ID results on the Contact detail page.

Forecasting - View

Forecasting.View

Review contact volume and average handle time forecasts.

Forecasting - Edit

Forecasting.Edit

Create and edit contact volume and average handle time forecasts.

Forecasting - Publish

Forecasting.Publish

Publish a forecast.

Forecast and schedule interval - Edit and View

ForecastScheduleInterval.Edit

ForecastScheduleInterval.View

Set the forecast and schedule interval.

Capacity planning - View

Capacity.View

Review capacity plan output.

Capacity planning - Edit

Capacity.Edit

Create capacity planning scenarios.

Capacity planning - Publish

Capacity.Publish

Publish a capacity plan.

Screen recording - Access

ScreenRecording.Access

Access the screen recording media player and view videos.

Important

Screen recording merges the screen recording video with the unredacted call recording file. If users have permission to view screen recordings, they can listen to the unredacted audio.

Contact Actions

UI name API name Use

Transfer Contact

TransferContact.Enabled

Transfer contacts on Analytics and optimization pages. Currently transfer of task contacts to quick connects is supported on the Contact details page.

End contact

StopContact.Enabled

End contacts on Analytics and optimization pages. Currently supported on the Contact details page.

Reschedule contact

UpdateContactSchedule.Enabled

Reschedule previously scheduled contact on Analytics and optimization pages. Currently supported on the Contact details page for task contacts only.

Historical changes

UI name API name Use

View historical changes

HistoricalChanges.View

View historical changes on all Amazon Connect admin website pages that support historical changes.

Customer Profiles

UI name API name Use

Customer profiles - Create

CustomerProfiles.Create

Create customer profiles in the agent application.

Customer profiles - Edit

CustomerProfiles.Edit

Edit customer profiles in the agent application.

Customer profiles - View

CustomerProfiles.View

View customer profiles in the agent application.

Customer profiles Calculated Attributes - Create

CustomerProfiles.CalculatedAttributes.Create

Create calculated attributes.

Customer profiles Calculated Attributes - Edit

CustomerProfiles.CalculatedAttributes.Edit

Edit calculated attributes.

Customer profiles Calculated Attributes - Delete

CustomerProfiles.CalculatedAttributes.Delete

Delete calculated attributes.

Customer profiles Calculated Attributes - View

CustomerProfiles.CalculatedAttributes.View

View calculated attributes.

Scheduling

UI name API name Use

Schedule manager - View

Scheduling.View

View generated staff schedules in the Schedule manager user experience.

Schedule manager - Edit

Scheduling.Edit

Create, edit schedule configuration and publish generated staff schedules.

Schedule manager - Publish

Scheduling.Publish

Publish a schedule by using Schedule Manager.

Published schedule calendar

Scheduling.View

View a schedule.

Time off requests - Approve, Edit, View

TimeOff.Approve

TimeOff.Edit

TimeOff.View

Time off management.

Time off balance - Edit, View

TimeOffBalance.Edit

TimeOffBalance.View

Time off management.

Team calendar

TeamCalendar.View

View published staff schedules in the Published Calendar user experience.

Team calendar

TeamCalendar.Edit

Edit published staff schedules in the Published Calendar user experience.

Agent Applications

UI name API name Use

Agent application schedule calendar

StaffCalendar.View

StaffCalendar.Edit

Ability for agents to view their schedules. The Edit permission is required for agents to view and use the Time off widget on their schedule that they use to request time off. If they only have View permission, the Time off widget will not appear on their schedule.

For an example image that shows the Time off widget on an agent's schedule, see Agent initiated time off request.

Custom views

CustomViews.Access

Use the Agent Workspace guided experience guide.

Amazon Q in Connect

Wisdom.View

View real-time recommendations in the agent application.

<3p app name> - Access

<3p app name>.Access

Allows agents to access a third-party application.

Content Management - Quick responses - Create

ContentManagement.Create

Set up a knowledge base to store quick responses. Create, import, and view the import history of quick responses that are displayed in the agent application.

Content Management - Quick responses - Edit

ContentManagement.Edit

Edit, import, and view the import history of quick responses that are displayed in the agent application.

Content Management - Quick responses - View

ContentManagement.View

View a list of quick responses in the Amazon Connect admin website.

Content Management - Quick responses - Delete

ContentManagement.Delete

Delete quick responses by using the Amazon Connect admin website.

Cases

UI name API name Use

Audit History - View

CaseHistory.View

View the audit history of cases in the agent application.

Cases - Create

Cases.Create

Create cases in the agent application.

Cases - View

Cases.View

View cases in the agent application.

Cases - Edit

Cases.Edit

Edit cases in the agent application.

Case Fields - Create

CaseFields.Create

Create case fields.

Case Fields - View

CaseFields.View

View case fields.

Case Fields - Edit

CaseFields.Edit

Edit case fields.

Case Templates - Create

CaseTemplates.Create

Create case templates.

Case Templates - View

CaseTemplates.View

View case templates.

Case Templates - Edit

CaseTemplates.Edit

Edit case templates.

Campaigns

UI name API name Use

Campaigns - Create

Campaigns.Create

Create outbound campaigns.

Campaigns - Delete

Campaigns.Delete

Delete outbound campaigns.

Campaigns - Edit

Campaigns.Edit

Edit outbound campaigns.

Campaigns - Manage

Campaigns.Delete

Manage outbound campaigns.

Campaigns - View

View outbound campaigns.