Required permissions are being added to the user station API endpoints.
Change Category
API
Change Context
Certain user station endpoints that allow viewing, changing, and deleting others' station associations currently do not perform any permissions check. The effect of this is that any authenticated user is currently able to manipulate others' station associations. It is desirable that system administrators be able to lock down such activity by granting or revoking permissions; thus this change.
Change Impact
After the change, the required permissions will be as follows:
GET api/v2/users/{userId}/station - telephony:otherStationAssociation:view
PUT api/v2/users/{userId}/station/associatedstation/{stationId} - telephony:otherStationAssociation:edit
DELETE api/v2/users/{userId}/station/associatedStation - telephony:station:disassociate
DELETE api/v2/stations/{stationId}/associatedUser - telephony:station:disassociate (currently requires telephony:plugin:all)
GET /users/{userId}/callforwarding - conversation:callForwarding:view
A permissions backfill will be performed so that affected users will not lose access to endpoints; system administrators can then revoke permissions as desired.
Date of Change
Apr 16, 2025
Impacted APIs
GET api/v2/users/{userId}/station
PUT api/v2/users/{userId}/station/associatedstation/{stationId}
DELETE api/v2/users/{userId}/station/associatedStation
DELETE api/v2/stations/{stationId}/associatedUser
GET /users/{userId}/callforwarding
A great question to be asking! We use this specific API ourselves and are interested to know if it will be impacted.
Regardless if it will or wont, it looks like all we have to do is update our environment to make sure the new permission is granted if required correct?
You are correct, where the posting said PUT api/v2/users/{userId}/station/{stationId} it should have said PUT api/v2/users/{userId}/station/associatedstation/{stationId}. I've fixed the original post, thanks for calling this out.
Technically it's the opposite: with the permissions backfill (which Genesys will perform immediately before the feature is turned on) users will actually already have the new permission, for continuity of system behavior; at that point admins have the option of revoking the permission from users for whom the permission is not required.
with the permissions backfill (which Genesys will perform immediately before the feature is turned on) users will actually already have the new permission,
How will this backfill be performed?
These new permissions are added in all roles automatically?
The backfill will be performed by Genesys staff using an internal automated process, and yes, the new permissions will be added to roles automatically, i.e. no manual process needed to maintain the abilities a user had before. The manual process will be for sys admins to then revoke the permissions from whoever should not have them - an ability they do not currently have.