Designing Advanced Cross-Division Call Routing with Granular Access Controls

How-To-Articles
1

Designing Advanced Cross-Division Call Routing with Granular Access Controls

What This Guide Covers

  • Architecting call flows and routing logic across strict organizational boundaries using Genesys Cloud Divisions.
  • Implementing granular role-based access controls (RBAC) to allow specific cross-division transfers while strictly prohibiting unauthorized visibility into other departments’ queues, data, and personnel.
  • The end result is a highly compartmentalized environment (typically used by Business Process Outsourcers or multi-national conglomerates) where callers can be seamlessly routed between distinct business units without compromising data security or agent privacy.

Prerequisites, Roles & Licensing

  • Licensing: Genesys Cloud CX 1, 2, or 3.
  • Permissions: Directory > Division > Edit, Routing > Queue > Edit, Architect > Flow > Edit.
  • Infrastructure: Multiple configured Divisions with designated Home divisions for distinct agent groups.

The Implementation Deep-Dive

1. The Challenge of Strict Multi-Tenancy

Divisions in Genesys Cloud are the primary mechanism for data segregation. By default, an agent in the Sales division cannot see, transfer to, or report on queues, flows, or users in the Support division.

The Trap:
A caller reaches the Sales queue, but asks a technical question. The Sales agent needs to blind-transfer the caller to the Support queue. Because the Sales agent’s role is strictly limited to the Sales division, the Support queue does not appear in their transfer search box. If you naively grant the Sales agent the Routing > Queue > Search permission in the All Divisions scope to fix this, you have just violated the principle of least privilege, exposing the names and metrics of every queue in the company to the Sales floor.

2. Architecting the “Transfer Bridge” Flow

To maintain strict division boundaries while allowing specific transfers, do not expose the destination Queue directly to the source Agent. Instead, use an Architect Inbound Call Flow as a bridge.

Implementation Steps:

  1. The Bridge Flow: In Architect, create a new Inbound Call Flow named Xfer_To_Support.
  2. Assign this flow to the Sales Division (or a shared ‘Bridge’ division that Sales has access to).
  3. Inside this flow, add a Transfer to ACD action.
  4. Set the destination of the transfer to the Support Queue.
  5. The Magic Step: Ensure the Architect Flow has the necessary permissions. The Flow itself executes with system privileges, meaning it can transfer the caller across division boundaries even if the agent who invoked the flow cannot.
  6. Agent Experience: The Sales agent clicks “Transfer”, searches for the Flow Xfer_To_Support (which they have permission to see because it lives in the Sales division), and completes the transfer. The caller hits the flow, which instantly bridges them into the Support queue.

3. Granular Cross-Division Role Assignments

If you must allow direct Queue-to-Queue transfers without a Bridge Flow, you must design highly specific Custom Roles.

Architectural Reasoning:
Never use the default “Agent” role and apply it globally. Break your roles down by division mapping.

Implementation Steps:

  1. Navigate to Admin > Roles / Permissions.
  2. Create a custom role named CrossDiv_Xfer_To_Support.
  3. Add only the following permissions:
    • Routing > Queue > Search
    • Routing > Queue > Transfer
  4. Division Assignment: When assigning this role to the Sales agents (or their Group), do not select All Divisions. Explicitly select the Support division.
  5. The Sales agent can now search for and transfer to queues within the Support division, but they cannot view historical metrics, modify the queue, or see agents within that division.

Validation, Edge Cases & Troubleshooting

Edge Case 1: Participant Data Leakage

  • The Failure Condition: A caller is transferred from the Healthcare_BPO division to the Retail_BPO division. The agent in the Retail division looks at the Interaction Details tab and sees custom Participant Data containing HIPAA-sensitive medical notes from the Healthcare interaction.
  • The Root Cause: Participant Data (attributes) persists for the entire lifecycle of the conversation, across all transfers and divisions. Divisions restrict access to configuration objects (queues, flows), not to the conversation object itself. If an agent has the right to view a conversation, they see all attributes attached to it.
  • The Solution: Use an Architect Bridge Flow for the transfer. Before transferring the call to the Retail division, use a Set Participant Data action to overwrite the sensitive keys with empty strings or "REDACTED".

Edge Case 2: Outbound Caller ID Spoofing across Divisions

  • The Failure Condition: A Sales agent accidentally selects the Support department’s main toll-free number as their Outbound Caller ID when making a manual call.
  • The Root Cause: The Support department’s DID/Toll-Free number is assigned to a DID Pool in All Divisions or a shared division.
  • The Solution: DIDs and Number Plans are also division-aware. Ensure that the DID Pool containing the Support numbers is strictly assigned to the Support division. The Sales agent’s Workspace configuration will then physically prevent them from selecting it from the Caller ID dropdown.

Official References