You can control who has access to what data in Conversational Insights. As an administrator, you can grant individual users access to a specific portion of your Conversational Insights data, without letting them access all the data. This fine-grained access control is possible when you use authorized views.
Authorized views have full access to all the data, and use a filter expression to restrict which data the user can access. If you grant each individual user access to only one authorized view, a user can only access the portion of data that their authorized view's filter allows.
Authorized views
Use authorized views to perform the following tasks:
- Let a manager view and analyze only conversations for agents in their reporting chain.
- Allow an agent to view only their own conversations.
- Retrieve conversation data.
- Perform analysis.
- Edit feedback labels.
You can't use authorized views to perform the following tasks:
- Edit or import conversation data.
- Train topic models.
- Create score cards.
View sets
Authorized views are resources with built-in identities and require permissions to access Conversational Insights data. You can group them into authorized view sets, which can help organize permissions for authorized views. For example, you can grant a role to all authorized views in an authorized view set instead of individual authorized views using principal identifiers for sets of resources.
Grant fine-grained access
Follow these steps to grant a user fine-grained access:
- Create an authorized view set to group the authorized views.
- To allow access to Conversational Insights data, grant a role on the project to the authorized view.
- Create an authorized view to define the data restrictions.
- To allow a user to perform actions through the authorized view, grant them a different role on the authorized view.
For example, to allow view access to conversations, you can grant the contactcenterinsights.conversations.get
permission to the authorized view through the contactcenterinsights/viewer
role at the project level.
You should also grant the corresponding contactcenterinsights.authorizedConversations.get
permission to the user through the
contactcenterinsights/authorizedViewer
role on the authorized view.
The user only has access based on the combination of the following permissions:
- The user has
contactcenterinsights.authorizedConversation.get
on the authorized view. - The authorized view filter doesn't restrict the conversation they're trying to view.
- The authorized view has
contactcenterinsights.conversation.get
on the project.