Overview

You can control who has access to what data in Conversational Insights. As an administrator, you can grant individual users access to a specific portion of your Conversational Insights data, without letting them access all the data. This fine-grained access control is possible when you use authorized views.

Authorized views have full access to all the data, and use a filter expression to restrict which data the user can access. If you grant each individual user access to only one authorized view, a user can only access the portion of data that their authorized view's filter allows.

Authorized views

Use authorized views to perform the following tasks:

  • Let a manager view and analyze only conversations for agents in their reporting chain.
  • Allow an agent to view only their own conversations.
  • Retrieve conversation data.
  • Perform analysis.
  • Edit feedback labels.

You can't use authorized views to perform the following tasks:

  • Edit or import conversation data.
  • Train topic models.
  • Create score cards.

View sets

Authorized views are resources with built-in identities and require permissions to access Conversational Insights data. You can group them into authorized view sets, which can help organize permissions for authorized views. For example, you can grant a role to all authorized views in an authorized view set instead of individual authorized views using principal identifiers for sets of resources.

Grant fine-grained access

Follow these steps to grant a user fine-grained access:

  1. Create an authorized view set to group the authorized views.
  2. To allow access to Conversational Insights data, grant a role on the project to the authorized view.
  3. Create an authorized view to define the data restrictions.
  4. To allow a user to perform actions through the authorized view, grant them a different role on the authorized view.

For example, to allow view access to conversations, you can grant the contactcenterinsights.conversations.get permission to the authorized view through the contactcenterinsights/viewer role at the project level. You should also grant the corresponding contactcenterinsights.authorizedConversations.get permission to the user through the contactcenterinsights/authorizedViewer role on the authorized view.

The user only has access based on the combination of the following permissions:

  1. The user has contactcenterinsights.authorizedConversation.get on the authorized view.
  2. The authorized view filter doesn't restrict the conversation they're trying to view.
  3. The authorized view has contactcenterinsights.conversation.get on the project.

What's next?