The introduction of a number of agent roles ) has resulted in a new Console capability: the ability to assign multiple roles to a single user. Why would you even want to assign more than one role to a user? Well, by design, the new roles tend to be highly-granular: they typically give the role-holder a very limited set of permissions. For example, someone with the User Profile Viewer can’t do much more than search for and look at user profiles and user records:
- View full user records
- View the schema
- Read audit logs for a specific profile
- Search for profiles in the Console
- View profiles in Customer Care Portal
- Count profiles
That’s the way the role is intended to work: it’s aimed at agents who need to be look at user records, but who don’t need (and thus shouldn’t have) the ability to create, modify, or delete user records.
Similarly, an Application Configuration Viewer role-holder has the ability to look at, but not to change, global settings and API client (property) settings:
- View the schema
- View API clients
- View API client settings
- View global settings
- Count profiles
And what’s wrong with that? Nothing. Again, that’s exactly what the role is intended for.
That said, however, you might have agents who need the ability to look at user records and to look at global/property settings. So which Console role provides read-only access to that set of items? Well, to be honest, none of them. But that’s OK. If you have agents who need to combine the User Profile Viewer role and the Application Configuration Viewer role, then just assign those agents both roles.
Best of all, there’s no trick involved in assigning a user multiple roles: you just, well, assign that user multiple roles. For example, to assign a user both the User Profile Viewer role and the Application Configuration Viewer role, complete the following procedure:
From the Manage Agents page, click the name of the agent to be assigned the two roles:
On the Edit Agent page, and if necessary, clear any roles currently assigned to the user (unless, of course, that role is one of the roles you want assigned to the user). Why do you have to do this? Well, suppose the user is currently a Customer Care Portal Editor, and, without clearing that role, you assign him or her two new roles. Because you did not clear the old role, the user will now have three assigned roles: Customer Care Portal Editor, User Profile Viewer, and Application Configuration Viewer.
Select Application Configuration Viewer and User Profiles Viewer, and then click Save:
The user will now be assigned two roles:
If you’re wondering what that all means, well, here’s the answer: Marie Fuentes will now have the permissions found in both roles. In other words:
|User Profile Viewer Permissions||Application Configuration Viewer Permissions||Combined Permissions Set|
|View full user records||View full user records|
|View the schema||View the schema||View the schema|
|Read audit logs for a specific profile||Read audit logs for a specific profile|
|Search for profiles in the Console||Search for profiles in the Console|
|View profiles in Customer Care Portal||View profiles in Customer Care Portal|
|Count profiles||Count profiles||Count profiles|
|View API clients||View API clients|
|View API client settings||View API client settings|
|View global settings||View global settings|
Updated 9 months ago