CTICloud Account Hierarchy System

CTICloud platform employs a sophisticated three-tier account hierarchy system designed to support enterprise-scale deployments with proper organizational structure and resource isolation. This document provides a comprehensive overview of the account system architecture, user roles, and access controls.

Overview

CTICloud's multi-tenant architecture organizes enterprise accounts into a hierarchical structure that mirrors real-world corporate organizational structures. This design enables efficient resource management, security isolation, and administrative control across different organizational levels.

Account Hierarchy Levels

graph TD
    A[Organization<br/>集团级账户] --> B1[Division 1<br/>分支机构]
    A --> B2[Division 2<br/>分支机构]
    A --> B3[Division N<br/>分支机构]
    
    B1 --> C1[Tenant 1<br/>部门租户]
    B1 --> C2[Tenant 2<br/>部门租户]
    
    B2 --> C3[Tenant 3<br/>部门租户]
    B2 --> C4[Tenant 4<br/>部门租户]
    
    B3 --> C5[Tenant N<br/>部门租户]
    
    C1 --> D1[Agents<br/>坐席]
    C1 --> D2[Queues<br/>队列]
    C1 --> D3[Extensions<br/>分机]
    C1 --> D4[TelGroups<br/>电话组]
    
    style A fill:#ff6b6b,color:#fff
    style B1 fill:#4ecdc4,color:#fff
    style B2 fill:#4ecdc4,color:#fff
    style B3 fill:#4ecdc4,color:#fff
    style C1 fill:#45b7d1,color:#fff
    style C2 fill:#45b7d1,color:#fff
    style C3 fill:#45b7d1,color:#fff
    style C4 fill:#45b7d1,color:#fff
    style C5 fill:#45b7d1,color:#fff

1. Organization Level (集团级)

Organizations represent the highest level of the account hierarchy, typically corresponding to enterprise groups or large corporations.

Key Characteristics

Top-level Entity: Root of the entire account structure
Global Scope: Encompasses all subsidiaries and business units
Strategic Oversight: Provides consolidated view and control across all divisions
Resource Allocation: Manages high-level resource distribution and policies

Capabilities

Create and manage multiple divisions
Set organization-wide policies and configurations
Monitor consolidated metrics across all divisions and tenants
Manage enterprise-level security and compliance settings

2. Division Level (分支机构级)

Divisions represent mid-level organizational units such as subsidiaries, regional offices, or major business units within an organization.

Key Characteristics

Organizational Structure: Bridges organization and tenant levels
Regional/Functional Grouping: Typically organized by geography or business function
Administrative Control: Provides focused management for related business units
Resource Management: Controls resources for multiple related tenants

Capabilities

Create and manage multiple tenants within the division
Configure division-specific policies and settings
Monitor aggregated performance across division tenants
Manage division-level user access and permissions

3. Tenant Level (部门级租户)

Tenants are the smallest logical units in the CTICloud architecture, representing individual departments or business units with completely isolated resources.

Key Characteristics

Complete Isolation: Full data and resource separation from other tenants
Operational Unit: Where actual contact center operations take place
Resource Ownership: All contact center resources belong to specific tenants
Business Context: Primary scope for all API operations and business logic

Core Resources

Each tenant contains isolated instances of:

graph LR
    T[Tenant] --> A[Agents]
    T --> Q[Queues]
    T --> E[Extensions]
    T --> IV[IVR]
    T --> PN[Phone Numbers]
    T --> TG[Telephone Groups]
    T --> R[Routing Rules]
    T --> CR[Call Records]
    T --> RP[Reports]
    T --> CF[Configurations]

User Access Control System

CTICloud implements a role-based access control system aligned with the account hierarchy, ensuring appropriate access levels for different user types.

Access Control Matrix

User Level	Access Scope	Permissions	Typical Use Cases
Organization Admin	All divisions and tenants	Full administrative access across entire organization	Enterprise-wide policy management, strategic oversight
Division Admin	Subordinate divisions and tenants	Manage divisions and their tenants	Regional management, business unit oversight
Tenant Admin	Current tenant only	Full access within tenant scope	Department operations, local configuration
Tenant User	Current tenant (limited)	Operational access within tenant	Daily operations, agent activities

Detailed Access Levels

Organization Level Users

Visibility: Can view all divisions and their subordinate tenants
Control: Can create, modify, and delete divisions
Reporting: Access to organization-wide analytics and reports
Configuration: Set enterprise-wide policies and standards

Division Level Users

Visibility: Can view subordinate divisions and tenants within their scope
Control: Can create, modify, and delete subordinate tenants
Reporting: Access to division-level aggregated reports
Configuration: Set division-specific policies

Tenant Level Users

Visibility: Can only view their own tenant resources and data
Control: Full operational control within tenant boundaries
Reporting: Access to tenant-specific reports and analytics
Configuration: Manage tenant-specific settings and preferences

API Design Principles

CTICloud's API architecture is designed around the tenant-centric model, with the following key principles:

Tenant-Centric Operations

Primary Context: tenantId serves as the primary context identifier for all API operations
Resource Scoping: All business resources are scoped within tenant boundaries
Unique Identifiers: Business identifiers (agentNo, queueNo, tgno) are unique within tenant scope

Multi-Tenant Security

Isolation Enforcement: APIs automatically enforce tenant isolation
Context Validation: All operations validate proper tenant context
Resource Protection: Cross-tenant access is prevented at the API level

Business Identifier Design

CTICloud uses a structured approach to business identifiers that aligns with the account hierarchy:

Identifier Scope and Uniqueness

graph TD
    O[Organization] --> |Contains| D[Division]
    D --> |Contains| T[Tenant]
    T --> |Scopes| R[Business Resources]
    
    R --> A[agentNo: 2000]
    R --> Q[queueNo: 1000] 
    R --> TG[tgno: 3000]
    R --> E[exten: 2000]
    
    style O fill:#ff6b6b,color:#fff
    style D fill:#4ecdc4,color:#fff
    style T fill:#45b7d1,color:#fff
    style R fill:#96ceb4,color:#fff

Key Design Principles

Tenant-Level Uniqueness: Business identifiers are unique within each tenant
String Format: Uses string-based identifiers (e.g., "2000") rather than numeric IDs
Business Semantics: Identifiers have clear business meaning and context
Migration Friendly: Support cross-platform data migration without ID conflicts

Implementation Guidelines

Account Setup Process

Organization Creation: CTICloud platform personnel create the top-level organization account
Division Setup: Divisions are added under the organization through the management system
Tenant Provisioning: Tenants are created under appropriate divisions
Resource Configuration: Business resources (agents, queues, etc.) are configured within tenants

Best Practices

Hierarchical Planning: Design the account structure to mirror organizational structure
Resource Planning: Plan tenant resources based on actual departmental needs
Access Control: Assign user roles based on organizational responsibilities
Monitoring: Implement appropriate monitoring at each hierarchical level

Security and Compliance

Data Isolation

Tenant Boundaries: Complete data isolation between tenants
Access Controls: Role-based access aligned with organizational hierarchy
Audit Trails: Comprehensive logging of cross-level access and operations

Compliance Features

Data Residency: Tenant data remains within configured boundaries
Privacy Protection: Personal data is isolated within tenant scope
Regulatory Alignment: Architecture supports various compliance frameworks

Benefits of the Hierarchical System

For Organizations

Centralized Control: Unified management across all business units
Scalability: Easy addition of new divisions and tenants
Visibility: Comprehensive view of enterprise-wide operations
Policy Consistency: Standardized policies across the organization

For Divisions

Focused Management: Targeted oversight of related business units
Regional Flexibility: Adapt configurations to local requirements
Aggregated Reporting: Combined analytics across division tenants
Resource Optimization: Efficient allocation within division scope

For Tenants

Operational Independence: Complete autonomy within tenant boundaries
Security Isolation: Protected from other tenant activities
Customization: Tailored configurations for specific departmental needs
Performance: Optimized resources for departmental operations

This account hierarchy system provides CTICloud customers with enterprise-grade organizational structure, security isolation, and flexible management capabilities while maintaining operational simplicity at each level.