Using Eleveo Specific Roles
Overview
To simplify the assignment of roles to your users, and to ensure that role mapping from the Webex CC occurs correctly, it is necessary to create Eleveo specific roles. The creation of the following Eleveo specific roles simplifies the role assignment procedure, as well as satisfies compliance and security requirements:
AGENT
BO_AGENT (back office agent)
TEAM_LEADER
SUPERVISOR
CC_MANAGER
IT_ADMIN
COMPLIANCE_ANALYST
NOTE
It is recommended that each user should start with an Eleveo Specific Role as the primary source of permissions. If additional customization is required beyond the Specific Roles, use Application Roles.
Application Roles should not be the primary source of permissions for the initial setup.
Using Script
Creating Eleveo specific custom roles that simplify access and usage is necessary when Quality Management and Workforce Management are installed and licensed with all additional modules. Custom roles will contain the default application roles, and all required license-based roles. The creation of Eleveo-specific roles can be automated using a dedicated default_keycloak_custom_roles.sh
script.
Prerequisites
all required applications are deployed,
eleveo.license is uploaded.
Running the script
Log in to the server’s command line.
Run the script using the command:
/opt/eleveo/scripts/default_keycloak_custom_roles.sh
The script will verify which applications and licenses were deployed. Based on this information, it will create roles (the example may differ based on applications/licenses):
CODE[root@vm012 ~]# /opt/eleveo/scripts/default_keycloak_custom_roles.sh [HTTP 200] Login - success [HTTP 200] Check existing roles - success [HTTP 200] Evaluate license API - success [HTTP 201] Insert of role AGENT - success [HTTP 201] Insert of role CC_MANAGER - success [HTTP 201] Insert of role SUPERVISOR - success [HTTP 201] Insert of role TEAM_LEADER - success [HTTP 201] Insert of role IT_ADMIN - success [HTTP 201] Insert of role COMPLIANCE_ANALYST - success [HTTP 201] Insert of role BO_AGENT - success [HTTP 201] Insert of role KC_TEMP_HELPER_ROLE - success [HTTP 200] Read eLearning role uuid - success [HTTP 200] Read WFO Analytics role uuids - success [HTTP 200] Read Survey role uuid - success [HTTP 200] Read WFM role uuids - success [HTTP 200] Read LiveMON role uuids - success [HTTP 200] Read Conversation Explorer role uuids - success [HTTP 200] Read SpeechREC role uuids - success [HTTP 200] Read QM reviews role uuids - success [HTTP 200] Read AutoQM role uuids - success [HTTP 200] Read QM shared role uuids - success [HTTP 200] Read ETL role uuids - success [HTTP 200] Read User Management role uuids - success [HTTP 204] Delete of KC_TEMP_HELPER_ROLE role - success [HTTP 204] Set application rights to the role AGENT - success [HTTP 204] Set application rights to the role CC_MANAGER - success [HTTP 204] Set application rights to the role SUPERVISOR - success [HTTP 204] Set application rights to the role TEAM_LEADER - success [HTTP 204] Set application rights to the role IT_ADMIN - success [HTTP 204] Set application rights to the role COMPLIANCE_ANALYST - success [HTTP 204] Set application rights to the role BO_AGENT - success [INFO] Assigning eleveotrain user custom roles [HTTP 200] Get user eleveotrain KC id - success [HTTP 204] Assigning a user AGENT - success [HTTP 204] Assigning a user CC_MANAGER - success [HTTP 204] Assigning a user SUPERVISOR - success [HTTP 204] Assigning a user TEAM_LEADER - success [HTTP 204] Assigning a user IT_ADMIN - success [HTTP 204] Assigning a user COMPLIANCE_ANALYST - success [HTTP 204] Assigning a user BO_AGENT - success [HTTP 204] Logout - success [root@vm012 ~]#
The script can be run multiple times if needed. After any changes to applications or licenses, run it again to ensure that roles are correctly created. All modifications done with default roles will reset as per the below table.
Eleveo Specific Roles
Newly created custom roles should have default application roles assigned based on the table below.
This example is the configuration needed for a complete Eleveo installation (including all available modules).
Roles are created within User Management when applications are deployed. If an application was not deployed, no roles exist in the system for that particular application.
If an application has more modules, all roles for all dependent modules are added when the application is deployed (even if there is no plan to deploy the modules and obtain licenses for them). When configuring Eleveo specific roles, do not add roles for the modules not used in your particular installation (because no licenses are present and, as a result, such roles cannot be assigned to users).
The detailed scope of the application roles can be found on the relevant pages:
ETL Management Roles (by default the eleveo.admin, eleveotrain or it.admin users have ETL Management roles assigned- these roles are not usually assigned to other users)
Application/Application role |
|
|
|
|
|
|
|
---|---|---|---|---|---|---|---|
QM - shared roles/DEFAULT_AGENT | x | x | |||||
QM - shared roles/DEFAULT_TEAM_LEADER | x | ||||||
QM - shared roles/DEFAULT_SUPERVISOR | x | ||||||
QM - shared roles/DEFAULT_CC_MANAGER | x | ||||||
QM - shared roles/DEFAULT_IT_ADMINISTRATOR | x | ||||||
QM - shared roles/DEFAULT_COMPLIANCE_ANALYST | x | ||||||
Conversation Explorer/VIEW_CONVERSATION_SCREEN | x | x | x | x | x | x | |
QM/VIEW_REVIEWS | x | x | x | x | x | ||
Surveys/VIEW_SURVEYS | x | x | x | x | |||
Automated QM/AUTOMATED_RULES_MANAGE | x | ||||||
Speech Generative AI/AI_PROCESSING_ENABLED | x | ||||||
Speech Generative AI/AI_OUTPUTS_VIEW | x | x | x | x | x | ||
Speech Generative AI/AI_RATING_VIEW | x | x | x | ||||
Speech Generative AI/AI_FLAGS_TOPICS_MANAGE | x | ||||||
eLearning/VIEW_TRAININGS | x | x | x | x | |||
SpeechREC/VIEW_TRANSCRIPTION | x | x | x | x | x | ||
WFM/WFM_AGENT | x | ||||||
WFM/WFM_ANALYST | x | ||||||
WFM/WFM_SCHEDULER | x | ||||||
ETL Management/All relevant Application Roles | x | ||||||
User Management/MANAGE-GROUPS | x | ||||||
User Management/MANAGE-LICENCES | x | ||||||
User Management/MANAGE-CUSTOM-ROLES | x | ||||||
User Management/MANAGE-USERS | x | ||||||
User Management/VIEW-CUSTOM-ROLES | x | ||||||
User Management/MANAGE-EVENTS | x | ||||||
User Management/VIEW-REALM | x | ||||||
User Management/VIEW-USERS | x | ||||||
SEGS/RULES_MANAGE | x |
*- should be added manually.
Adding Custom Roles Manually
Alternatively, roles can be added manually by following the steps described below.
To manually add a new role, click User management > Roles within the navigation tree on the left. The Roles screen will display. Then click the Add new button.

In the Add role pane, on the Role Details tab, fill in the Name value. Optionally, provide a description. Click Save to create a role (alternatively, click Cancel to abandon changes).

Go to the Role mappings tab. Click the Assign application roles button.

Based on the table above, select an Application and then check all roles that need to be added. Then click Assign.

Repeat the same for all applications and roles, as per the table above.
Further details about adding, editing, or removing custom roles can be found on the Managing Custom Roles page.
Assigning Roles to Users
Custom roles are assigned automatically during the import of users from Webex CC servers based on the configured role mappings. If the new custom roles are named differently than we have suggested on this page, correct the default YAML configuration of User Data Importer.
To assign the newly created roles to users manually, follow the steps described on the Assigning Roles page.
Before assigning new custom roles to users, make sure there is an available license for the given module!
The below diagram illustrates the example of creating a new custom AGENT
role and assigning it to a user.