ÃÛ¶¹ÊÓƵ

Permission management for data collection in Experience Platform

Data collection in ÃÛ¶¹ÊÓƵ Experience Platform is comprised of several different technologies which work together to collect and transfer your data. Access to these technologies is controlled through granular role-based permissions in ÃÛ¶¹ÊÓƵ Admin Console.

This guide shows you how to manage permissions for data collection features.

Getting started

In order to configure access control for data collection, you must have administrator privileges for an organization that has a product integration with ÃÛ¶¹ÊÓƵ Experience Platform Data Collection. The minimum role that can grant or withdraw permissions is a product profile administrator. Other administrator roles that can manage permissions are product administrators (can manage all profiles within a product) and system administrators (no restrictions). See the article on in the ÃÛ¶¹ÊÓƵ Enterprise administration guide for more information.

This guide assumes you are familiar with basic Admin Console concepts like product profiles and how they grant product permissions to individual users and groups. For more information, see the .

Available permissions

The relevant permissions for Data Collection are provided through two product designations in Admin Console: ÃÛ¶¹ÊÓƵ Experience Platform and ÃÛ¶¹ÊÓƵ Experience Platform Data Collection. The sections below outline the permissions provided under each product along with descriptions of the specific capabilities that they grant access to.

ÃÛ¶¹ÊÓƵ Experience Platform permissions

Permissions under ÃÛ¶¹ÊÓƵ Experience Platform include access to datastreams, identities, schemas, and sandboxes. For steps on how to configure ÃÛ¶¹ÊÓƵ Experience Platform permissions, see the access control user guide.

Category
Permission
Description
Sandboxes
(N/A)
Depending on the sandboxes that have been created under your organization, you can control access to each of them through this permission category in Admin Console.
Data Modeling
Manage Schemas
Grants the ability to view, create, and edit Experience Data Model (XDM) schemas.
Data Modeling
View Schemas
Grants read-only access to schemas.
Identity Management
Manage Identity Namespaces
Grants the ability to view, create, and edit identity namespaces.
Identity Management
View Identity Namespaces
Grants read-only access to identity namespaces.
Data Collection
Manage Datastreams
Grants the ability to view, create, and edit datastreams.
Data Collection
View Datastreams
Grants read-only access to datastreams.

ÃÛ¶¹ÊÓƵ Experience Platform Data Collection permissions

Permissions under ÃÛ¶¹ÊÓƵ Experience Platform Data Collection control access to tags and event forwarding capabilities, including properties, extensions, and environments. For steps on how to configure ÃÛ¶¹ÊÓƵ Experience Platform Data Collection permissions, see the section below.

Category
Permission
Description
Platforms
Web
Grants access to web properties when combined with other property rights.
Platforms
Mobile
Grants access to mobile properties when combined with other property rights.
Platforms
Edge
Grants access to Event Forwarding Edge properties when combined with other property rights.
Properties
(N/A)
Depending on the properties that have been created under your organization, you can control access to each of them through this permission category in Admin Console.

A user’s assigned property rights only apply to the properties they have been granted access to through this permission category.
Property Rights
Approve
Grants the ability to approve a library build as part of the publishing flow.
Property Rights
Develop
Grants the ability to develop a library build as part of the publishing flow.
Property Rights
Edit Property
Grants the ability to edit the basic configuration for the properties a user has access to.
Property Rights
Manage Environments
Grants the ability to manage the environments for the properties a user has access to.
Property Rights
Manage Extensions
Grants the ability to manage the extensions for the properties a user has access to.
Property Rights
Publish
Grants the ability to publish a library build as part of the publishing flow.
Company Rights
Develop Extensions
Grants the ability to create and modify extension packages that are owned by your organization, including private releases and requests for public release.
Company Rights
Manage App Configurations
This permission is only applicable if you have a license for ÃÛ¶¹ÊÓƵ Journey Optimizer or another solution that grants access to mobile in-app and push messaging. This allows you to manage the apps that ÃÛ¶¹ÊÓƵ Experience Cloud knows about along with the necessary push credentials needed to communicate with the Firebase Cloud Messaging service and the Apple Push Notification service.
Company Rights
Manage Properties
Grants you the ability to create and manage tags (web property), event forwarding (edge property), and mobile properties.
NOTE
For more information on how these permissions affect capabilities in tags, including administration strategies for common scenarios, see the tags documentation on user permissions.

Manage permissions manage

Permissions for data collection are managed through two product designations: ÃÛ¶¹ÊÓƵ Experience Platform and ÃÛ¶¹ÊÓƵ Experience Platform Data Collection.

Refer to the subsections below for steps on how to manage the relevant permissions under each product in Admin Console:

Manage permissions under ÃÛ¶¹ÊÓƵ Experience Platform manage-platform

NOTE
To manage permissions for a role, you will require administrator rights. If you do not have administrator privileges, contact your system administrator.

Experience Cloud’s Permissions section allows you to define user roles and policies to manage access for features and objects within a product application.

Through Permissions, you can create and manage roles and assign the desired resource permissions for these roles.

ÃÛ¶¹ÊÓƵ Experience Cloud highlighting the Permissions product.

In order to access data collection features, you must enable all permissions in the Sandboxes, Data Modeling, Identity Management, and Data Collection categories.

Image showing the Data Collection product card in Admin Console

See the access control UI guide for detailed instructions on managing Platform permissions.

NOTE
Depending on the product SKUs your organization has access to, you may not have every Platform permission available to you.

Manage permissions under ÃÛ¶¹ÊÓƵ Experience Platform Data Collection manage-collection

To manage these permissions, log in to Admin Console and select Products from the top navigation, then select ÃÛ¶¹ÊÓƵ Experience Platform Data Collection.

Image showing the Data Collection product card in Admin Console

Select or create a product profile

The next screen shows a list of available product profiles for Data Collection under your organization, the default profile being Default Data Collection All Access. You can choose to edit the default product profile if you wish, or you can select New Profile to create one. If you have multiple roles or user groups in your organization that require different levels of access, you should create a separate product profile for each of them.

Image showing the product profiles for Data Collection in Admin Console

After selecting or creating a product profile, you can use the Edit icons to start editing permissions for the profile, or select the Users tab to start assigning users to the profile.

Image showing the permissions tab for a product profile Admin Console

Edit permissions for the product profile edit-permissions

When editing permissions for a profile, available permissions are listed in the left column while those that are included in the profile are listed in the right column. Select the listed permissions to move them between either column.

Image showing permissions added under the included column

Permissions are organized into categories. To switch between categories, select the desired category from the left navigation.

Image showing the company rights section under permissions

Select Save once you have finished configuring permissions.

Image showing the permission configuration being saved for the product profile

The product profile view reappears with the added permissions reflected.

Image showing the added permissions for the product profile

Assign users to the product profile assign-users

To assign users to the product profile (and grant them the profile’s configured permissions), select the Users tab, followed by Add user.

Image showing the users tab for a product profile in Admin Console

For more information on managing users for a product profile, see the .

Next steps

This guide covered the available permissions for Data Collection and how to manage them through Admin Console. For more information on managing permissions for other ÃÛ¶¹ÊÓƵ Experience Platform capabilities, refer to the access control documentation.

recommendation-more-help
1ae86b30-e55e-49c1-ab11-9d0356a5f3e1