ÃÛ¶¹ÊÓƵ

Manage permissions for Privacy Service

Access to ÃÛ¶¹ÊÓƵ Experience Platform Privacy Service is controlled through granular role-based permissions in ÃÛ¶¹ÊÓƵ Admin Console. By creating product profiles that assign permissions to groups of users, you can determine who has access to which features in the Privacy Service UI and API.

NOTE
When creating an integration for the Privacy Service API, you must select an existing product profile in order to determine what features or actions that integration has permissions for. See the guide on getting started with the Privacy Service API for more information.

This guide shows you how to manage permissions for Privacy Service.

Getting started

In order to configure access control for Privacy Service, you must have administrator privileges for an organization that has a product integration with ÃÛ¶¹ÊÓƵ Experience Platform Privacy Service. The minimum role that can grant or withdraw permissions is a product profile administrator. Other administrator roles that can manage permissions are product administrators (can manage all profiles within a product) and system administrators (no restrictions). See the article on in the ÃÛ¶¹ÊÓƵ Enterprise administration guide for more information.

This guide assumes you are familiar with basic Admin Console concepts like product profiles and how they grant product permissions to individual users and groups. For more information, see the .

Available permissions

The following table outlines the available permissions for Privacy Service with descriptions of the specific capabilities that they grant access to:

NOTE
All Privacy Service and Opt Out of Sale permissions are distinct and separate from one another with no functional overlap. This is possible as the Privacy Service API is considered idempotent.
Category
Permission
Description
Privacy Service Permissions
Privacy Read Permission
Determines whether the user can view existing access and delete requests, along with their details.
Privacy Service Permissions
Privacy Write Permission
Determines whether a user can create new access and delete requests.
Privacy Service Permissions
Read (Access) Content Delivery Permission
When an access request is processed by Privacy Service, a ZIP file containing the customer’s data is sent to that customer. When looking up the details of an access request, this permission determines whether the user can access the download link for the request’s ZIP file.
Opt Out of Sale Permissions
Read Permission - Opt Out of Sale
Determines whether the user can view existing opt-out-of-sale requests, along with their details.
Opt Out of Sale Permissions
Write Permission - Opt Out of Sale
Determines whether a user can create new opt-out-of-sale requests.

Manage permissions manage

To manage Privacy Service permissions, log in to and select Products from the top navigation. From here, select ÃÛ¶¹ÊÓƵ Experience Platform Privacy Service.

The Admin Console with the Privacy Service product card highlighted.

Select or create a product profile

The next screen shows a list of available product profiles for Privacy Service under your organization. If no product profiles exist, select New Profile to create one. If you have multiple roles or user groups in your organization that require different levels of access, you should create a separate product profile for each of them.

The Admin Console with the Privacy Service product profile highlighted.

After selecting a product profile, you can use the Permissions tab to start editing permissions for the profile, or select the Users tab to start assigning users to the profile.

The permissions tab for a product profile Admin Console.

Edit permissions for the profile edit-permissions

On the Permissions tab, select any of the displayed permission categories to access the permission editing view.

When editing permissions for a profile, available permissions are listed in the left column while those that are included in the profile are listed in the right column. Select the listed permissions to move them between either column.

The available and included permission columns.

Permissions are organized into categories. To switch between categories, select the desired category from the left navigation.

The Opt Out of Sale section under permissions.

Select Save once you have finished configuring permissions.

The permission configuration for the product profile with Save highlighted.

The product profile view reappears with the added permissions reflected.

The added permissions for the product profile.

Assign users to the profile assign-users

To assign users to the product profile (and grant them the profile’s configured permissions), select the Users tab, followed by Add user.

The Users tab for a product profile in Admin Console.

For more information on managing users for a product profile, see the .

Migrate legacy API credentials to the profile migrate-tech-accounts

NOTE
This section only applies to existing API credentials that were created before Privacy Service permissions were integrated into ÃÛ¶¹ÊÓƵ Admin Console. For new credentials, product profiles (and their permissions) are assigned through instead.

See the section on assigning product profiles to a project in the Privacy Service API getting started guide for more information.

Previously, technical accounts did not require a product profile for integration and permissions. However, due to recent improvements in Privacy Service permissions, it is now necessary to migrate legacy API credentials to the product profile. This update allows for granular permissions to be granted to technical account holders. Follow the steps provided below to update technical account permissions for Privacy Service.

Update technical account permissions update-tech-account-permissions

The first step in assigning a permission set for your technical account is to navigate to the and create a new product profile for Privacy Service.

From the Admin Console UI, select Products from the navigation bar, followed by Experience Cloud and ÃÛ¶¹ÊÓƵ Experience Platform Privacy Service in the left sidebar. The Product Profiles tab appears. Select New Profile to create a new product profile for Privacy Service.

The Experience Platform Privacy Service Product Profiles tab in ÃÛ¶¹ÊÓƵ Admin Console with New Profile highlighted.

The Create a new product profile dialog appears. Full instructions on how to create a product profile can be found in the UI guide to create profiles.

After you have saved your new product profile, navigate to the and log into that product or that project. Select Projects from the top navigation, followed by the card for your project.

NOTE
You may have to clear your cache and/or wait some time for the new project to appear in your list of Developer Console projects.

After you have logged into your project, select the Privacy Service API integration from the left sidebar.

The Projects tab of the ÃÛ¶¹ÊÓƵ Developer Console with Projects and Privacy Service API highlighted.

The Privacy Service API integration dashboard appears. From this dashboard, you can edit the product profile associated with that project. Select Edit product profiles to begin the process. The Configure API dialog appears.

The Privacy Service API integration dashboard in the ÃÛ¶¹ÊÓƵ Developer Console with Edit product Profiles highlighted

The Configure API dialog shows the available product profiles that currently exist in the service. They correlate to the product profiles created in the admin console. From the list of available product profiles, select the checkbox for the new product profile you created for the technical account in the admin console. This automatically associates this technical account with the permissions in the selected product profile. Select Save configured API to confirm your settings.

NOTE
If a technical account is already associated with a product profile, one of the checkboxes from the list of available product profiles will already be selected.

The Configure API dialog in ÃÛ¶¹ÊÓƵ Developer Console with a product profile checkbox and Save configured API highlighted.

Confirm your settings have been applied confirm-applied-settings

To confirm that your settings have been applied to the account. Return to the and navigate to your newly created product profile. Select the API Credentials tab to see a list of associated projects. The project used in Developer Console where you assigned the product profile to the technical account is displayed in the list of credentials. The name of each API credential is composed of the project name with a randomly generated number suffixed to the end. Select a credential to open the Details panel.

A product profile in the Admin Console with the API credentials tab and a row of project credentials highlighted.

The Details panel contains information on the API credential including the associated technical ID, the API key, created and last modified date, as well as associated ÃÛ¶¹ÊÓƵ Products.

The highlighted Details panel of an API credential within Admin Console.

Next steps

This guide covered the available permissions for Privacy Service and how to manage them through Admin Console.

For steps on how to create a new API integration after setting up product profiles, see the getting started guide for the Privacy Service API. For more information on managing permissions for other ÃÛ¶¹ÊÓƵ Experience Platform capabilities, refer to the access control documentation.

recommendation-more-help
9cbf7061-a312-49f7-aaf8-a10885d53580