Divisions (Access Controls)
Divisions are logical boundaries within a single Genesys Cloud organization. They allow you to group configuration objects — queues, flows, users, scripts, schedules — and then control who can see and manage them by scoping roles to specific divisions. This page covers how divisions work, what objects they control, their limits, and how they interact with roles.
Navigation Path
| Task | Path |
|---|---|
| Create and manage divisions | Admin → People & Permissions → Divisions |
| Move objects between divisions | Admin → People & Permissions → Divisions → select division → relevant object tab |
| Assign a division to a user's role | Admin → People & Permissions → People → select user → Edit Person → Roles tab → select role → Divisions box |
| Assign a division to a group's role | Admin → Directory → Groups → select group → Roles tab → Assign Roles → select division |
1. What Divisions Are
A division is a logical container inside your Genesys Cloud organization. You can organize them by business unit, office location, country, brand, or any classification that fits your org structure.
📌 Key concept: Divisions do not create separate organizations. Everything still lives inside one Genesys Cloud org. Divisions just control who can see and manage what within that org.
The access control model:
Role + Division = Scoped Access
Example:
Supervisor role + Indianapolis division
= Can only supervise agents and queues in Indianapolis
= Cannot see or modify anything in San Francisco division
2. Limits & Rules
| Item | Value / Behavior |
|---|---|
| Maximum divisions per org | 50 |
| Division name character limit | 500 characters |
| Objects per division | An object can belong to only one division at a time |
| Divisions per user | No limit — a user can have roles scoped to multiple divisions simultaneously |
| Home division | Every org has exactly one — cannot be deleted, can be renamed |
| Default for new objects | All new configuration objects are assigned to the Home division (also referred to as "All division") by default |
3. The Home Division
Every Genesys Cloud organization starts with a single division called the Home division.
| Behavior | Detail |
|---|---|
| Cannot be deleted | The Home division is permanent |
| Can be renamed | You can rename it to fit your naming convention (e.g., "Global", "Corporate") |
| Default assignment | All new objects — queues, flows, users, schedules — are assigned to Home by default when created |
| Access scope | A role assigned to "All divisions" covers the Home division plus all divisions you create |
⚠️ Operational note: When an admin creates a new configuration object, it automatically lands in the Home division. If that object should be restricted to a specific division, you must move it manually. New objects in Home are visible to anyone with org-wide access.
4. What Objects Can Be Assigned to a Division
Divisions control access to two categories of objects: configurable and transactional.
Configurable Objects (admin-placed)
These are objects you explicitly assign or move to a division:
| Category | Objects |
|---|---|
| Routing | Queues, Flows (Architect), Call routing, Message routing, Schedules, Schedule groups, Emergency groups |
| People | Users, Groups |
| Outbound | Contact lists, Campaigns, DNC lists, Rule sets |
| Quality & WFM | Scripts, Coaching appointments, Learning modules, Management units, Wrap-up codes |
| Data | Data tables |
Transactional Objects (auto-tagged)
These objects are automatically associated with divisions as they move through the system. You do not manually assign them.
| Transactional Object | How Division Is Applied |
|---|---|
| Voice, callback, chat, email, message conversations | Tagged with the divisions the interaction encounters as it routes |
| Recordings | Inherit the division of the interaction |
| Presence history | Associated with the user's division |
| Audit data | Tagged with the division of the object being modified |
📌 Reporting impact: Analytics views display data scoped to the user's division access. If Diane Able only has access to the Indianapolis division, she only sees metrics for conversations that touched Indianapolis queues or agents — even if those conversations also touched other divisions.
5. How Roles + Divisions Work Together
A role defines what a user can do. A division defines where they can do it.
Example org: Three divisions — Indianapolis, San Francisco, Corporate
| User | Role | Division | What They Can Access |
|---|---|---|---|
| Ellen Templar | Manager | All divisions | All queues, users, and flows across all three divisions |
| Diane Able | Supervisor | Indianapolis only | Only Indianapolis queues, users, and flows |
| Dex Cooper | Supervisor | San Francisco only | Only San Francisco queues, users, and flows |
📌 Important distinction: Ellen Templar's user object lives in the Indianapolis division (that's where her profile data resides). But Ellen's role access is scoped to all divisions. These are two separate things — the division an object belongs to vs. the divisions a user's role can access.
6. Assigning Divisions to Roles
When you assign a role to a user, you also select which division(s) that role applies to.
Via user profile:
Admin → People → Edit Person → Roles tab → select role → click Divisions box → type and select division → Save
Via role membership (bulk):
Admin → Roles/Permissions → locate role → More → Change Membership → select users → Save
📌 When assigning roles via a group, the division assignment is set on the group's Roles tab. All group members inherit that role+division combination. You cannot edit individual members' division assignments when inherited from a group — you must edit the group itself or remove the member from the group.
7. Moving Objects Between Divisions
Because every object must belong to exactly one division, moving objects is the primary way to organize your access control structure.
Admin → People & Permissions → Divisions → select target division → click the relevant object tab (Queues, Flows, Users, etc.) → add objects
⚠️ Exception — External Contacts: You cannot reassign existing External Contacts or External Organizations to a different division after they are created. If a contact is misconfigured into the wrong division, you must delete it and recreate it in the correct division.
8. Transfer & Search Restrictions by Division
By default, agents can search for and transfer interactions to users and queues in any division. You can restrict this so agents can only transfer within their own division.
Permission to restrict cross-division transfers:
Conversation > Communication > Target
Granting this permission to a user's role limits their search and transfer capabilities to only users and queues within the divisions assigned to their role.
| Without Target permission | With Target permission |
|---|---|
| Agent can search/transfer to any user or queue org-wide | Agent can only search/transfer within their assigned divisions |
9. Division-Aware Role Management
This is an org-level setting (see Security & Compliance page) that changes how role grants are controlled.
| Setting | Effect |
|---|---|
| Disabled (default) | Any admin can assign any role to any user regardless of division |
| Enabled | Admins can only grant roles within divisions they themselves have access to. An Indianapolis admin cannot grant roles that scope to San Francisco. |
⚠️ This is an architectural decision. Enabling Division-Aware Role Management is a significant change — all role assignments become division-scoped operations. Coordinate with your access control design before enabling.
10. Limitations
| Limitation | Detail |
|---|---|
| Not full data isolation | Divisions restrict access but do not provide 100% data separation. Some resources are shared org-wide regardless of division. |
| Edge devices are shared | Edge devices (telephony hardware/software) are shared across all divisions and cannot be scoped to a single division. |
| Max 50 divisions | Plan your division structure carefully — you cannot exceed 50 in a single org. |
| Need complete isolation? | If you require total data isolation for legal or high-security reasons (e.g., separate business entities), Genesys recommends creating separate organizations rather than divisions. |
Quick Reference: Build Order for Divisions
When setting up divisions for a new org, follow this sequence:
| Step | Action |
|---|---|
| 1 | Plan your division structure (by BU, location, brand, etc.) |
| 2 | Create divisions under Admin → People & Permissions → Divisions |
| 3 | Create your configuration objects (queues, flows, users) and assign them to the correct division at creation time |
| 4 | Move any existing objects from Home to their appropriate division |
| 5 | Assign roles to users with the correct division scope |
| 6 | Enable Division-Aware Role Management (optional — only if your org requires admin-level division scoping) |
📌 Cross-reference: Division assignment is part of the Architectural Build Order page — divisions belong in Phase 1 (Global Foundation) and must be created before queues and flows so objects can be assigned to the right division at creation time.
Last verified against Genesys Cloud Resource Center – March 2026