Application Roles
Security Role List
N2ACD uses a granular list of roles that are mapped to user groups based on the authentication configuration for each of the application GUIs. For more information on how to map user groups to these roles, see the application security page.
| Application | Security Group | Admin? | Comment |
|---|---|---|---|
| Shared | admin_read |
Y | Read access to the entire application. |
| Shared | admin_write |
Y | Write access to the entire application. |
| Shared | customer_read |
N | Read access to customer data. |
| Shared | flow_read |
N | Read access to flow data. |
| Shared | internal_user |
N | Indicates an internal user (I.e. a user within the operator’s company). |
| Shared | external_user |
N | Indicates an external user (e.g. a wholesale user, agent or external customer user). |
| Shared | report_execute:<report_tag_auth_group> |
N | Read the report tag authentication group section. |
| Shared | service_number_fields_read |
N | Read access to service number fields that aren’t configured with a specific auth_group. |
| Shared | service_number_fields_update |
N | Write access to service number fields that aren’t configured with a specific auth_group. |
| Shared | service_number_fields_read:<auth_group> |
N | Read access to service number fields configured with the corresponding auth_group value. |
| Shared | service_number_fields_update:<auth_group |
N | Write access to service number fields configured with the corresponding auth_group value. |
| N2ACD Admin | account_code_read |
N | Read access to account code setting data. |
| N2ACD Admin | account_code_write |
N | Write access to account code setting data. |
| N2ACD Admin | announcement_language_read |
N | Read access to announcement languages data. |
| N2ACD Admin | announcement_language_write |
N | Write access to announcement languages data. |
| N2ACD Admin | announcement_read |
N | Read access to announcement data. |
| N2ACD Admin | announcement_write |
N | Write access to announcement data. |
| N2ACD Admin | config_read |
N | Read access to site-specific configuration data. |
| N2ACD Admin | config_write |
N | Write access to site-specific configuration data. |
| N2ACD Admin | customer_write |
N | Write access to customer data. |
| N2ACD Admin | flow_node_restriction_read |
N | Read access to flow node restriction set data. |
| N2ACD Admin | flow_node_restriction_write |
N | Write access to flow node restriction set data. |
| N2ACD Admin | flow_node_type_read |
N | Read access to enabled flow nodes data. |
| N2ACD Admin | flow_write |
N | Write access to flow data. |
| N2ACD Admin | geography_read |
N | Read access to geography data. |
| N2ACD Admin | geography_write |
N | Write access to geography data. |
| N2ACD Admin | holiday_read |
N | Read access to holiday data. |
| N2ACD Admin | holiday_write |
N | Write access to holiday data. |
| N2ACD Admin | service_read |
N | Read access to service number data. |
| N2ACD Admin | service_write |
N | Write access to service number data. |
| N2ACD Admin | speed_dial_read |
N | Read access to speed dial data. |
| N2ACD Admin | speed_dial_write |
N | Write access to speed dial data. |
| N2ACD Admin | srp_read |
N | Read access to SRF definition data. |
| N2ACD Admin | srp_write |
N | Write access to SRF definition data. |
| N2ACD Admin | prefix_mapping_read |
N | Read access to prefix mapping data. |
| N2ACD Admin | prefix_mapping_write |
N | Write access to prefix mapping data. |
| N2ACD Admin | termination_number_range_read |
N | Read access to termination number range data. |
| N2ACD Admin | termination_number_range_write |
N | Write access to termination number range data. |
| N2ACD Admin | user_read |
N | Read access to N2ACD user data. |
| N2ACD Admin | user_search |
N | Read access for searching users. |
| N2ACD Admin | user_write |
N | Write access to N2ACD user data. |
| N2ACD Admin | report_read |
N | Full administrative read access to report data. |
| N2ACD Admin | report_write |
N | Write access to report data. |
| N2ACD FE | audit_read |
N | See last change user and last change date information. |
| N2ACD FE | audit_read_limited |
N | See last change date information. |
| N2ACD FE | customer_create |
N | Write (create) access to customer data. |
| N2ACD FE | customer_update |
N | Write (update) access to customer data. |
| N2ACD FE | flow_create |
N | Write (create) access to flow data. |
| N2ACD FE | flow_delete |
N | Write (delete) access to flow data. |
| N2ACD FE | flow_update |
N | Write (update) access to flow data. |
| N2ACD FE | external_id_read |
N | Read access to external flow identifiers (MFIDs). |
| N2ACD FE | external_id_update |
N | Write access to existing external flow identifiers (MFIDs). |
| N2ACD FE | alternative_number_read |
N | Read access to alternative termination number activation. |
| N2ACD FE | alternative_number_update |
N | Write access to alternative termination number activation. |
| N2ACD FE | alternative_flow_update |
N | Write access to alternative flow change and activation. |
| N2ACD FE | service_data_read |
N | Read access to account code, geography, holiday, announcement, announcement language, speed dial, prefix mapping, and termination range data. |
| N2ACD FE | service_number_read |
N | Read access to service number data. |
| N2ACD FE | service_number_create |
N | Write (create) access to service number data. |
| N2ACD FE | service_number_delete |
N | Write (delete) access to service number data. |
| N2ACD FE | service_number_update |
N | Write (update) access to service number data. |
| N2ACD FE | service_number_schedule_read |
N | Read access to service number schedule data. |
| N2ACD FE | service_number_schedule_update |
N | Write access to service number schedule data. |
| N2ACD FE | report_schedule_read |
N | Read access to the list of their schedules for reports within the N2ACD-FE GUI. |
| N2ACD FE | report_schedule_update |
N | Create, update and delete access to the user’s own report schedules for reports within the N2ACD-FE GUI. |
| N2ACD FE | report_execute |
N | Adds the ability for the user to execute reports within the N2ACD-FE GUI. |
| N2ACD FE | report_execute:<report_tag_auth_group> |
N | Read the report tag authentication group section. |
| N2ACD FE | flow_operation_update:<flow_node_type> |
N | Read the flow operation update group section. |
Minimum Role List
Each UI requires several roles to be granted to a user before usable access can be achieved. Without the minimum role list being granted, the user will be logged out automatically on attempting to log in - i.e. the user may be authorised, but due to missing roles, access to the UI will be rejected immediately.
Administration GUI
The minimum list of roles for an administration GUI user must include the following roles:
announcement_language_readcustomer_readflow_node_restriction_readflow_readservice_readtermination_number_range_read
Each user must additionally be given one of the two roles:
external_userinternal_user
Flow Editor GUI
The minimum list of roles for a flow editor GUI user must include the following roles:
customer_readflow_readservice_number_readservice_data_read
Each user must additionally be given one of the two roles:
external_userinternal_user
Flow Update Operation Group
N2ACD-FE supports granular controls for the update of singular node types within a flow.
For users that do not possess the flow_update group the flow_operation_update:<flow_node_type> group may be used.
Enabling a flow operation update group when flow_update is not present will allow users to make targeted changes to only the flow node types specified when editing a flow. When saving changed flows in this mode only the configuration changes for the changed node type will be persisted.
This allows for restricted editing such as restricting a user to only change AttemptTerminate node types within a more complex flow.
Available flow operation update groups:
flow_operation_update:AccountCodeEntryflow_operation_update:AdjustEventCounterflow_operation_update:AdjustLoopCounterflow_operation_update:AttemptTerminateflow_operation_update:BreakoutDialingflow_operation_update:BusinessHoursflow_operation_update:CallerLocationRoutingflow_operation_update:CallingPartyflow_operation_update:CallingPartyCategoryflow_operation_update:CallingPresentationflow_operation_update:CellsiteRoutingflow_operation_update:DayOfWeekflow_operation_update:DayOfYearflow_operation_update:DialledNumberflow_operation_update:Endflow_operation_update:Expressionflow_operation_update:ExtensionDialingflow_operation_update:FirstCallersflow_operation_update:FollowMeflow_operation_update:Linkflow_operation_update:LocationRoutingflow_operation_update:LookupDialingflow_operation_update:LoopCounterBranchingflow_operation_update:LoopLimitflow_operation_update:Menuflow_operation_update:MobileLocationRoutingflow_operation_update:NumberMatchingflow_operation_update:OriginalCalledPartyflow_operation_update:PinAuthorisationflow_operation_update:PlayAnnouncementflow_operation_update:ProportionalDistributionflow_operation_update:ReleaseCallflow_operation_update:ReterminateServiceflow_operation_update:ServiceNumberHandoverflow_operation_update:SetEventCounterflow_operation_update:SetExpressionflow_operation_update:SetLoopCounterflow_operation_update:SetTariffCodeflow_operation_update:SpeedDialflow_operation_update:Startflow_operation_update:SuburbRoutingflow_operation_update:Switchflow_operation_update:TableLookupflow_operation_update:TimeOfDayflow_operation_update:UserInput
Report Tag Authentication Group
To help restrict the viewing and executing of reports, the ability to assign reports via the authentication group was added. Assigning an authentication group with a valid report tag authentication group will allow the user (with said authentication groups) to be able to view reports assigned to the report tag authentication group.
The structure of the report tag authentication groups are as follows:
<security_role>:<report_tag_auth_group>
Report Tag Auth Group
The report_tag_auth_group value is used to match again the system’s report tags, if a valid match is found then the user is able to see all reports assigned to the report tag matching the report_tag_auth_group.