AnsweredAssumed Answered

Is there such a thing as a permission system for the finesse api?

Question asked by stephan.steiner on Feb 1, 2016
Latest reply on Mar 2, 2016 by stephan.steiner



Lacking information in the documentation I went on the way to try and figure out how permission work for the finesse api by trial & error.


The results are.. well, I can't find a pattern yet.


Here's what I found


If I configure any user as an agent, I can then use that user's credentials to extract some information.


here's what worked and what didn't (the user has no skills, is not a supervisor or has any other role other than being an agent)


This works:


  • Extracting a given team if I know its I.
  • Extracting the list of queues
  • Extracting queues for any agent user if I know its userid (loginId)
  • Extracting my own user object
  • Extracting a list of dialogs of any agent user if I know its userid (loginId)


And here's what doesn't work

  • Extracting a list of teams
  • Extracting any agent other than the user whose credentials I'm using
  • Extracting the user list


Does that make sense? I'd argue no.. imho generic list operations (users, teams, etc.) should be constrained. An admin should be able to do them all, a supervisor should be able to do it for their teams (where he's a supervisor.. for all teams depending on system configuration). Extracting lists below users (e.g. a user's queues, a user's dialog) should follow the same rule.


Clearly that's not the case.



I then proceeded to the notification interface that I'm accessing via XMPP. Note that the user is still only an agent, and is not part of any team or has any other role.


Here's what works

  • Subscribing for user notifications for any user
  • Subscribing for team notifications for any team
  • Subscribing for dialog notifications for any user


Here's what doesn't work

  • Nothing


Am I wrong to have expected some kind of permission system that has to do with a user's roles? e.g. I'd expect an admin to be able to do everything, a supervisor to be able to do operations that affect his team and team members, and a regular agent only being able to see himself.