# Security profile permissions for Amazon Connect Customer Profiles
Assign permissions for your agents' security profiles so that they can perform such tasks as searching for profiles and viewing customer details, associating contact records to profiles, editing profiles, and creating and saving new profiles. The topics in the section help you assign permissions by updating permissions for agents, flows, and calculated attributes. There is also information to help you troubleshoot an error should you happen to encounter it while updating permissions.
**Topics**
+ [Update Customer Profiles permissions for agents](security-profile-customer-profile-agent.md)
+ [Update Customer Profiles permissions for flows](security-profile-customer-profile-contact-flows.md)
+ [Update permissions for calculated attributes](security-profile-customer-profile-calc-attribs.md)
+ [Security profile permissions for customer segments](security-profile-customer-profile-segmentation.md)
+ [Assign new Customer Profiles permissions in case of error](security-profile-customer-profile-issues.md)
# Update Customer Profiles permissions for agents
Assign the following **Customer profiles** permissions as needed to the agent's security profile:
+ **View**: Enables agents to see the Customer profiles application. They can:
+ View profiles that are autopopulated in the agent app.
+ Search for profiles.
+ View details stored in customer profiles (for example, Name, Address).
+ Associate contact records to profiles, as shown in the following image.
![\[The Customer profiles tab in the agent workspace, the Associate button.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/customer-profiles-associate.png)
+ **Edit**: Enables agents to edit details in the customer profile (for example, change address). They inherit **View** permissions by default.
+ **Create**: Enables agents to create and save a new profile. They inherit **View** permissions by default, but don't inherit **Edit** permissions.
For information about how to add more permissions to an existing security profile, see [Update security profiles in Amazon Connect](update-security-profiles.md).
By default, the **Admin** security profile already has permissions to perform all Customer profiles activities.
# Update Customer Profiles permissions for flows
1. Go to the Security profiles page, choose the security profile you would like to edit, or choose **Add new security profile**.
![\[Security profiles page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/security-profile-customer-profile-contact-flows-1.png)
1. Select the **View** permission for Customer Profiles.
![\[Select view permissions in the security profiles page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/security-profile-customer-profile-contact-flows-2.png)
1. Choose **Save**. You can now navigate to the **User management** section and provide this security profile to the users of your choice.
# Update permissions for calculated attributes in Amazon Connect Customer Profiles
1. Go to the Security profiles page, choose the security profile you would like to edit, or choose **Add new security profile**.
![\[Security profiles page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/security-profile-customer-profile-contact-flows-1.png)
1. Select **All** or **View**,**Edit**, **Create**, and **Delete** permission for calculated attributes.
![\[Select view, edit, create and delete permissions in the security profiles console.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/security-profile-customer-profile-calc-attribs-2.png)
1. Choose **Save**. You can now navigate to the **User management** section and provide this security profile to the users of your choice.
# Assign security profile permissions to manage customer segments
Assign the following customer segments permissions as needed to the user’s security profile. For more details on security profiles, see [Security profiles for Amazon Connect and Contact Control Panel (CCP) access](connect-security-profiles.md).
1. Go to the Security Profiles page, choose the security profile you would like to edit, or choose **Add new security profile**.
![\[The Security Profiles page, the Customer Profiles section.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/how-to-update-permissions-for-customer-segments-1.png)
1. Select **All** or **View**, **Create**, **Delete**, and **Export** permission for customer segments.
![\[The Customer segments permission set to All.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/how-to-update-permissions-for-customer-segments-2.png)
1. Choose **Save**. You can now navigate to the **User management** section and provide this security profile to the users of your choice.
# Assign new Customer Profiles permissions in case of error
1. In order to update permissions in case of a 403 forbidden call error for any of the backend APIs, navigate to the domain section of the Amazon Connect Customer Profiles console and choose **View details**.
![\[The domain section of the Amazon Connect Customer Profiles console.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/security-profile-customer-profile-issues-403-1.png)
1. Choose **Update Permissions** in the view domain details section.
![\[Update permissions button appears here if any outstanding permissions need to be updated.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/security-profile-customer-profile-issues-403-2.png)
1. After this is done, the permissions will be successfully updated and the **Update Permissions** button will no longer be visible in the domain details section. This will mitigate the 403 forbidden error issue and you will be able to make API calls successfully.
![\[Update permissions button disappears after the action has completed successfully.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/security-profile-customer-profile-issues-403-3.png)