Understanding Access Scopes in the NetSapiens Platform: A Guide

What Are User Scopes in NetSapiens?

Scopes in the NetSapiens platform define the boundaries of user permissions and access privileges. They determine what actions users can perform, what data they can view, and what settings they can modify. The scope system follows a descending hierarchical structure, with each level providing different degrees of control and visibility.

The NetSapiens platform uses a variety of scopes for different users to manage access to various levels of the entire system. What follows is a disambiguation of the different scope levels and how they fit into the hierarchy of access, as well as their general usage from an API user's perspective. Additional information can be found on our general documentation site, here:

https://documentation.netsapiens.com/user-manuals/854626-user-scopes-and-views

The NetSapiens Scope Hierarchy

1. Super User

• Description: The highest level of access in the NetSapiens platform
• Typical Users: System administrators and platform managers
• Capabilities:
  • Access to all domains, organizations, and user accounts
  • Ability to configure system-wide settings
  • Management of global resources and services
  • License management and allocation
  • Network and infrastructure configuration

2. Reseller

• Description: Access limited to a specific domain within the platform
• Typical Users: Domain administrators and IT managers
• Capabilities:
  • Management of all customers created under them
  • User account administration for the domain
  • Feature enablement and configuration
  • Resource allocation within the domain
  • Call routing and dial plan management

3. Office Manager

• Description: Access limited to a specific domain
• Typical Users: Office administrators and team leaders
• Capabilities:
  • Management of departments and groups within the organization
  • User account administration for the organization
  • Basic feature configuration
  • Call flow management

4. Site Manager

• Description: Access limited to a specific department or site within an organization
• Typical Users: Department/location managers and team supervisors
• Capabilities:
  • Basic user management within the department/group
  • Limited feature configuration
  • Call monitoring for the location department/group members
  • Basic reporting capabilities

5. Call Center Supervisor

• Description: A specialized user scope which sits above normal user scopes
• Typical Users: Team managers and call center supervisors
• Capabilities:
  • Basic Call Queue and Call Center management tasks
  • The same trunking and Timeframe management of all prior scopes
  • Limited active call management options

6. User scope (All 4 types)

• Description: The most limited scope, providing access only to personal settings
• Typical Users: End users
• Capabilities:
  • Personal voicemail management
  • Individual call history and logs
  • Personal preference configuration
  • Limited feature access based on assigned permissions

Scopes in the context of the API

Important details to note

User scopes for actual human users are determined as usual in a security framework as other user access levels are assigned. Scope levels are typically assigned based on user roles within the organization. The process involves:

1. Identifying the appropriate scope level based on job responsibilities
2. Creating the user account with the designated scope
3. Configuring specific permissions within that scope
4. Regular review and adjustment of scope assignments

Inheritance and Overrides

The NetSapiens scope system implements inheritance, where settings from higher scopes cascade down to lower scopes. However, specific settings can be overridden at lower levels when necessary:

• Global settings apply to all domains unless overridden
• Domain settings apply to all organizations unless overridden
• Organization settings apply to all departments unless overridden

Common Scenarios and Use Cases

Multi-Tenant Service Providers

Service providers hosting multiple clients on the NetSapiens platform typically implement:

• Global scope for service provider administrators
• Domain scope for each client organization
• Organization scope for departments within client organizations

Enterprise Deployments

Large enterprises with multiple departments typically implement:

• Global or Domain scope for IT administrators
• Organization scope for business unit leaders
• Department scope for team managers
• User scope for individual employees

Troubleshooting Scope-Related Issues

Common Problems

• Access Denied Errors: Often indicate insufficient scope level
• Missing Features: May indicate feature not enabled at the current scope
• Configuration Limitations: Restrictions based on current scope level

How this relates to API usage:

Understanding the NetSapiens scope hierarchy is essential for effective platform administration and security management. Beyond that, when developing applications which make use of the API, tbere are some important points to note, particularly in regards to Web Responder applications.

When creating users via the API, please keep in mind:

If you create a user with NDP user scope, as of April 2025 the NDP scope will now have access to the domain object as a read-only capacity. This is important due to the NDP user scope and API users potentially interacting with user devices and endpoints.

More information about creating and updating user scopes are available in the endpoint documentation, respectively, here:

https://docs.ns-api.com/reference/createuser

https://docs.ns-api.com/reference/updateuser

Additional information

Please see the following article on our general documentation site for more information;

https://documentation.netsapiens.com/user-manuals/1277364-user-manual

User Scopes on the NetSapiens Platform