Would someone who is setup as an administrator be able to monitor calls and status within Finesse? It seems like to make them an Administrator I have to remove their status as a Supervisor which would eliminate this ability. All the permissions are related to CCE access and not Finesse, though I may be missing something.
I've looked at it a lot more and don't think I'm missing anything. It's a weird situation that I'm asking for. I need people to be able to login to Finesse and CUIC and get all the normal info from there a Supervisor gets. However, I need to restrict their access to the CCE Admin side so that they can't change skill groups. Setting them as an admin removes their Supervisor ability per this "bug" https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp90589/?rfs=iqvred
"If user with both supervisor(username) & administrator rights(firstname.lastname@example.org), no one will be able to change the user attribute, skills, teams in SPOG. System returns with Error occurred "Username: The Active Directory account has already been associated with another Administrator; "
This is working as per the design with the assumption that admins and supervisors were two specific roles performed by separate individuals."
So setting up admins with limited access doesn't resolve the issue from what I'm seeing so far. It will help with giving others the ability to look at agents in CCE Admin, but doesn't seem to offer Supervisor abilities in Finesse and CUIC. My solution was to tell the managers to not use CCE Admin, but there is fear that they will continue to without authorization. So I need a tech solution if at all possible.
* What specifically are they looking to do in Finesse? You mentioned watching, but then you also mentioned other supervisor roles. If they are only looking in Finesse for agent status/calls in queue, etc., they can do this via CUIC and don't need to log into Finesse.
* Have you considered keeping the access they have but then going back and looking to see if you see these users making configuration changes in the logs that they're not supposed to, and then if they are, address it with them?