Flex Conversations use Conversations API roles to manage participant permissions when adding participants to a Conversation or when using the Conversations SDK to connect.
The Role Resource represents what a User (e.g. agent, admin, supervisor) can do within the Conversation Service and individual Conversations. Roles are scoped to either a Service or a Conversation.
Flex Conversation Service
Users are assigned a Role at the Service level. This determines what they can do within the Conversation Service instance, such as creating and destroying Conversations within the Service.
Participants are assigned a Role at the Conversation level. This determines what they are able to do within a particular Conversation, such as inviting Participants to be members of the Conversation, posting Messages, and removing other Participants from the Conversation.
Which Roles does Flex create out-of-the-box?
Flex creates the Conversation Service and adds the following Service and Conversation Roles during the initial Flex account setup.
Service Roles
Role: admin
Default Permissions:
joinConversation
deleteConversation
addParticipant
removeParticipant
editConversationAttributes
editOwnUserInfo
editAnyUserInfo
Role: supervisor
Default Permissions:
joinConversation
addParticipant
removeParticipant
editOwnUserInfo
Conversation Roles
Role: guest [DEFAULT]
Default Permissions:
sendMessage
sendMediaMessage
Role: agent
Default Permissions:
editConversationAttributes
sendMessage
sendMediaMessage
leaveConversation
editOwnMessage
editOwnMessageAttributes
deleteOwnMessage
Role: admin
Default Permissions:
editConversationAttributes
sendMessage
sendMediaMessage
leaveConversation
editOwnMessage
editOwnMessageAttributes
deleteOwnMessage
editAnyMessage
editAnyMessageAttributes
deleteAnyMessage
Role: supervisor
Default Permissions:
editConversationAttributes
sendMessage
sendMediaMessage
leaveConversation
editOwnMessage
editOwnMessageAttributes
deleteOwnMessage
editAnyMessage
editAnyMessageAttributes
deleteAnyMessage
How does Flex use these Roles?
The first time a worker logs in, Flex creates a corresponding Conversation User.
For workers authenticating through the Twilio Console, the corresponding Flex Conversation Service User will be created with the admin role.
For workers authenticating via a third-party IdP (identity provider), Flex creates a corresponding Conversation Service User according to their
SSO role
: agent, supervisor, or admin.
Once a worker logs in successfully, the Flex UI initializes the Conversations SDK with a token that includes the grants:
The token includes Flex Roles grants based on the user role (
agent/supervisor/admin
) that is set in the IdP.
The Conversation User
Service Role
is updated (in the Conversations Users database) based on the Flex Role grants (an agent can be promoted to a supervisor, or vice versa).
Known limitations
Regardless of what role you have as a Flex user, Flex Conversations uses the default configured role —
guest
— when adding the user to a Conversation or Chat Task.