- Newest
- Most votes
- Most comments
To set up fine-granular tag-based access control for agents in Amazon Connect, you can use resource tags and access control tags. This approach allows you to apply granular access to users, queues, and routing profiles for both real-time and historical metrics.
For your specific use case with department managers, you can implement the following tagging strategy:
- Tag the queues:
- Sales queue: con_department = "Sales"
- Support queue: con_department = "Support"
- Backoffice queue: con_department = "Backoffice"
- Tag the managers:
- Manager1: con_department = "Sales"
- Manager2: con_department = "Support"
- Manager3: con_department = ["Sales", "Support"]
To allow Manager2 and Manager3 access to multiple departments, you can use a list of values for the tag. This way, Manager3 can have access to both Sales and Support queues.
After applying these tags, you need to configure the appropriate security profile permissions for each manager. Ensure they have the necessary permissions to access metrics and the specific resources they need to view.
For real-time metrics, managers need:
- "Analytics and Optimization - Access metrics - Access" permission
- Access to the specific user, queue, and routing profile resources they should be able to view
For historical metrics reports, managers need:
- "Analytics and Optimization - Historical metrics - Access" permission
- Access to the tagged resources (users, queues, and routing profiles) they should be able to view in the reports
Remember that tag-based access control is not supported for dashboards and login/logout reports. Also, there are some limitations to be aware of, such as the inability to filter or group by multiple resources and limitations on the number of resources that can be filtered.
To implement this system, you'll need to use either the Amazon Connect admin website or the TagResource API to configure the tag-based access controls. Make sure to apply the resource tags and access control tags before assigning the required security profile permissions to users.
While there isn't a specific walkthrough provided in the official documentation for this exact scenario, you can follow the general guidelines for adding tags to resources and configuring tag-based access control in Amazon Connect to implement this solution.
Sources
Agent activity audit tag-based access control in Amazon Connect - Amazon Connect
Real-time metrics tag-based access control in Amazon Connect - Amazon Connect
Apply granular access control to historical metrics reports in Amazon Connect - Amazon Connect
Amazon Connect launches more granular access controls (using tags) for your instances
When specifying the value of the key for the manager tag, use the format "test1, test2" as the value or use the format test4, test 5. They both worked for me. Note the space after the comma.
Relevant content
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
Thanks for the auto-generated AI answer but in Amazon Connect in the user management where I try to add a tag value in the format ["Sales","Support"] i got the error message : Invalid value send for field tagValue. It seems not to accept arrays or structs