Skip to main content

User Guide for Workspace Role Based Access Control in Verbex - Feature Request From Japan

Accessing Role Based Access Control

When users first interact with theRole Management screen, they will be greeted with a Workspace Selector at the top, as shown in the screenshot below:
  • Workspace Dropdown: This allows users to select the active workspace for which they want to manage roles and users. By default, it shows the current workspace and can be switched for managing other workspaces.
  • Roles Section: This section lists the available roles with the option to add new roles.
  • Users Section: Below the roles, a list of users associated with the workspace will be displayed. For each user, their name, email, role, status, and joined date are visible and update the role if needed.
UI Flow:
  1. Select Workspace: The user starts by selecting the workspace they want to manage from the workspace dropdown.
  2. View Roles: All available roles are displayed, such as the WORKSPACE_MEMBER (default), with the associated permissions. Users can then manage roles and users based on the selected workspace.

Adding a New Role

To add a new role, users will click the Add New Role button, which opens a modal for creating new roles.
  • Role Name: Users must enter a unique name for the role.
  • Role Description: A brief description explaining the role’s responsibilities.
  • Permissions: Users can then select from a list of available permissions, such as “View Concurrency”, “Create AI Agent”, or “Delete AI Agent”. These permissions govern the actions users in that role can perform.
UI Flow:
  1. Click Add New Role: A modal opens, where the user inputs the Role Name and Description.
  2. Select Permissions: The user can then choose the permissions associated with this role by using the Permissions dropdown list. This includes various permissions like View Concurrency, Create AI Agent, Delete AI Agent, and more.
Example Roles:
  • Call Logs: Limited to actions like viewing call logs and managing calls.

Updating an Existing Role

If the user needs to modify an existing role, they can click on the role’s name in the Roles Section. This brings up the Role Details screen.
  • Role Details: Shows the role’s name, description, and a list of permissions currently assigned to the role.
  • System-Generated Roles: Certain roles, like WORKSPACE_MEMBER, are automatically generated by the system and cannot be edited. These roles are essential for defining access at the workspace level.
UI Flow:
  1. Click on Role Name: The user clicks on an existing role to modify it.
  2. Modify Permissions: Permissions can be added or removed using checkboxes, and the role can be saved once changes are made.

Inviting a User to the Workspace

Users can invite others to the workspace by clicking Invite User. In this screen:
  • Email Input: The user enters the email address of the person they wish to invite.
  • Role Assignment: After entering the email, the user can assign a role to the invitee. This determines the level of access they will have in the workspace.
UI Flow:
  1. Click Invite User: A modal opens where the user enters the email of the person to invite.
  2. Assign Role: The user assigns a predefined role to the invitee.
  3. Send Invitation: The invitation is sent, and the new user will receive an email to join the workspace.

Managing Permissions and Access Control

As part of Role-Based Access Control (RBAC), each role has specific permissions that define what actions a user can perform. The permissions list includes actions like:
  • Create/Manage Workspaces
  • Create/Manage AI Agents
  • View Usage & Invoices
  • Set Phone Number Concurrency etc.
Permissions are linked to roles in a way that users can only perform actions based on their assigned role. For example:
  • Workspace Owners have full control over workspace settings, including adding members and managing roles.
  • Workspace Members may have limited permissions, such as operating agents or viewing usage, but cannot modify workspace settings or roles.
UI Flow:
  1. Assign Permissions to Roles: Users can select which permissions each role will have, ensuring that only the appropriate level of access is granted.
  2. Enforce RBAC: Verbex automatically applies these permissions based on the role, ensuring a secure environment where users only access the tools and data necessary for their work.

Troubleshooting and Best Practices

  • Role Conflicts: If a user has multiple roles, Verbex will automatically apply the highest privileged role. Ensure that role assignments are clear to avoid conflicts.
  • Permission Denials: If a user tries to access a feature not granted by their role’s permissions, they will receive an error with a clear message explaining the restriction.
Permission List - APIs (Default)
APIKeysService (4 permissions)
  • CREATE_API_KEY
  • GET_API_KEY
  • LIST_API_KEYS
  • REVOKE_API_KEY

AiAgentService (4 permissions)

  • DELETE_AI_AGENT
  • GET_AI_AGENT
  • LIST_AI_AGENTS
  • UPDATE_AI_AGENT

AuthorizationService (8 permissions)

  • ORGANIZATION_OWNER_PERMISSIONS_LIST_GET
  • ORGANIZATION_ROLE_DETAILS_GET
  • ORGANIZATION_ROLE_LIST_GET
  • ORGANIZATION_WORKSPACE_ROLE_ADD_PERMISSIONS
  • ORGANIZATION_WORKSPACE_ROLE_CREATE
  • ORGANIZATION_WORKSPACE_ROLE_DELETE
  • ORGANIZATION_WORKSPACE_ROLE_REMOVE_PERMISSIONS
  • ORGANIZATION_WORKSPACE_ROLE_UPDATE

CallService (6 permissions)

  • CALL_DETAILS
  • CALL_LOGS
  • CREATE_WEB_CALL
  • DIAL_OUTBOUND_CALL
  • DYNAMIC_DATA_GET
  • VIEW_CONCURRENCY

PhoneNumbers (5 permissions)

  • PHONE_NUMBERS_CREATE
  • PHONE_NUMBERS_GET
  • PHONE_NUMBER_DELETE
  • PHONE_NUMBER_GET
  • PHONE_NUMBER_PATCH

PhoneService (1 permission)

  • PHONE_NUMBER_GET_WITHOUT_SLASH

PostCallAnalysis (5 permissions)

  • POST_CALL_ANALYSIS_CREATE
  • POST_CALL_ANALYSIS_DELETE
  • POST_CALL_ANALYSIS_GET
  • POST_CALL_ANALYSIS_GET_RESULT
  • POST_CALL_ANALYSIS_PUT

ToolsService (10 permissions)

  • AI_AGENT_BUILTIN_TOOLS
  • CREATE_AI_AGENT_BUILTIN_TOOL
  • CREATE_AI_AGENT_CUSTOM_TOOL
  • DELETE_AI_AGENT_BUILTIN_TOOL
  • DELETE_AI_AGENT_CUSTOM_TOOL
  • GET_AI_AGENT_BUILTIN_TOOL
  • GET_CUSTOM_TOOL
  • LIST_AI_AGENT_CUSTOM_TOOLS
  • UPDATE_AI_AGENT_BUILTIN_TOOL
  • UPDATE_AI_AGENT_CUSTOM_TOOL

WebhookService (6 permissions)

  • WEBHOOK_CREATE
  • WEBHOOK_DELETE
  • WEBHOOK_DETAILS_GET
  • WEBHOOK_GET
  • WEBHOOK_ORGANIZATION_GET
  • WEBHOOK_UPDATE

WorkspaceService (12 permissions)

  • ASSIGN_WORKSPACE_MEMBER
  • CREATE_WORKSPACE
  • DELETE_ASSIGN_MEMBER_FROM_WORKSPACE
  • DELETE_WORKSPACE
  • GET_WORKSPACE_ALL_ENDPOINT
  • GET_WORKSPACE_DETAILS
  • GET_WORKSPACE_ID
  • GET_WORKSPACE_MEMBERS
  • GET_WORKSPACE_USER
  • UPDATE_ASSIGN_WORKSPACE_MEMBER
  • UPDATE_WORKSPACE
  • VIEW_WORKSPACE_LIST

     

Verbex’s RBAC implementation ensures the following:
  1. Granular Role Management: Each role has a unique set of permissions that dictate what actions can be performed.
  2. Clear Separation of Responsibilities: Owners have full control, while members are restricted to tasks appropriate for their roles.
  3. Security and Compliance: By enforcing RBAC at every level of the system, Verbex ensures secure access to sensitive data and operations.