ÃÛ¶¹ÊÓƵ

Configure permissions

In this lesson, you will configure ÃÛ¶¹ÊÓƵ Experience Platform user permissions using ÃÛ¶¹ÊÓƵ’s Admin Console and the Permissions screen in the Platform interface.

Access control is a key privacy capability in Experience Platform and we recommend limiting permissions to the minimum required for people to perform their job functions. See the Access Control documentation for more information.

Data Architects and Data Engineers are power users of ÃÛ¶¹ÊÓƵ Experience Platform and you will need many permissions in order to complete this tutorial and later in your day-to-day work. Data Architects are likely be involved in the administration of other Platform users at their company such as marketers, analysts, and data scientists. As you complete this lesson, think about how you might use these features to manage other users at your company.

Data Architects often configure permissions for other users outside of this tutorial.

IMPORTANT
A System Administrator of ÃÛ¶¹ÊÓƵ Experience Cloud products must complete some of the steps in this lesson, which is called out in the section headings. If you are not System Administrator, please reach out to one at your company and ask them complete these tasks. There is also a task they need to complete during the Set up Developer Console and Postman lesson.

About the Admin Console

The Admin Console is the interface used to administer user access to all ÃÛ¶¹ÊÓƵ Experience Cloud products. For access to Platform, a user or must be added in the Admin Console and then all of their granular permission items are managed in the Permissions screen of ÃÛ¶¹ÊÓƵ Experience Platform.

Here is a quick summary of the roles that exist for Platform:

  • Users of a product profile can complete tasks in Platform’s user interface according to the permissions assigned in the product profile.
  • Developers can create API credentials and projects in the ÃÛ¶¹ÊÓƵ Developer Console, in order to begin using Experience Platform API
  • Product Admins can add users and developers to the ÃÛ¶¹ÊÓƵ Experience Platform product in the ÃÛ¶¹ÊÓƵ Admin Console, as well as manage granular user access in the Permissions screen of the Platform interface.
  • System Administrators can add product admins and administer essentially any permissions for all ÃÛ¶¹ÊÓƵ Experience Cloud products.

Add a User and Developer to the AEP-Default-All-Users product profile (requires a system administrator or product admin)

In this exercise, you or a System Administrator or Product Admin will add you as a User and Developer in the ÃÛ¶¹ÊÓƵ Experience Platform product of the ÃÛ¶¹ÊÓƵ Admin Console.

NOTE
If you are a System Administrator assisting a colleague taking this tutorial, consider adding your colleague as a Product Administrator for ÃÛ¶¹ÊÓƵ Experience Platform. As a Product Administrator, they would be able to complete these steps on their own and administrate other Experience Platform users in the future.

To add the tutorial participant as a User and Developer:

  1. Log into the

  2. Select Products on the top navigation

  3. Select ÃÛ¶¹ÊÓƵ Experience Platform
    Select ÃÛ¶¹ÊÓƵ Experience Platform

  4. You may have several profiles in your Experience Platform instance already. Select the AEP-Default-All-Users profile
    Select Add New Profile

  5. Go to the Users tab

  6. Select the Add User button
    Select Add User

  7. Complete the workflow to add the tutorial participant as a user to the product profile

  8. Go to the Developers tab

  9. Select the Add Developer button
    Select Add User

  10. Complete the workflow to add the tutorial participant as a developer to the product profile

Add a Role in ÃÛ¶¹ÊÓƵ Experience Platform (requires a system administrator or product admin)

Granular permissions to Experience Platform are managed in the Permissions screen of the Platform interface. Only System and Product Admins have access to this screen, so if you do not have Admin privileges, you will need assistance from someone who does.

Permissions are managed in Roles. Create a Role for the tutorial:

  1. Log into

  2. Select Permissions in the left navigation which will take you to the Roles screen

  3. Select Create role

    Create a role in Experience Platform

  4. Name the role Luma Tutorial Platform (add the tutorial participant’s name to the end, if multiple people from your company are taking this tutorial) and select Confirm

    Create a role in Experience Platform

  5. Add all of the permission items for the following resources using + and Add all:

    1. Data Modeling

    2. Data Management

    3. Profile Management

    4. Identity Management

    5. Sandbox Administration

    6. Query Service

    7. Data Collection

    8. Data Governance

    9. Dashboards

    10. Alerts

      Add Permission items

  6. Under Data Ingestion, add the Manage Sources and View Sources permission items.

  7. After adding all of the permission items, be sure to select the Save button
    Save permission items

You will make a few small updates to this role after the Create a sandbox and Set up Developer Console and Postman lessons.

Create a Data Collection product profile (requires a system administrator or product admin)

In this exercise, you or a System Administrator at your company will create a product profile for Data Collection (formerly known as ÃÛ¶¹ÊÓƵ Experience Platform Launch) and add you as a product profile admin.

NOTE
If you are a System Administrator assisting a colleague with this tutorial, consider adding them as a Product Administrator for Data Collection. As a Product Administrator, they will be able to complete these steps on their own and administrate other users of Data Collection in the future.

To create the product profile:

  1. In the ÃÛ¶¹ÊÓƵ Admin Console go to the ÃÛ¶¹ÊÓƵ Experience Platform Data Collection product
  2. Add a new profile named Luma Tutorial Data Collection (add the tutorial participant’s name to the end, if multiple people from your company are taking this tutorial)
  3. Turn off the Properties > Auto-include setting
  4. Don’t assign any properties or permissions at this point
  5. Add the tutorial participant as an admin of this profile

After completing these steps, you should see that the Luma Tutorial Data Collection profile is set up with one admin.
Data Collection profile created

Configure the Data Collection product profile

Now that you are an admin of the Luma Tutorial Data Collection product profile you can configure the permissions and roles you will need to complete the tutorial.

Add permissions

Now you will add the individual permission items to the profile:

  1. In the , go to Products > Data Collection
  2. Open the Luma Tutorial Data Collection profile
  3. Go to the Permissions tab
  4. Open Platforms
  5. Make sure that all of the available platforms are selected (you may see different options based on your license)
  6. Save any changes
    Add platforms
  7. Open Properties
  8. Make sure the Auto-Include toggle is Off so that you don’t have access to any properties (we will add one later)
  9. Save any changes
    Remove properties
  10. Open Property Rights
  11. Select Add all to add all of the property permissions
  12. Save
    Remove properties
  13. Open Company Rights
  14. Add Manage Properties
  15. Select Save
    Remove properties

Add yourself as a user

Now add yourself as a user to the Data Collection profile:

  1. Go to the Users tab
  2. Select the Add User button
    Select Add User
  3. Complete the workflow to add yourself as a user to the product profile

You do not need to add yourself as a Developer for Data Collection.

Now you have almost all the permissions required to complete the tutorial! There will be just two more tweaks that you will make inside the ÃÛ¶¹ÊÓƵ Admin Console, including one after you create a sandbox!

recommendation-more-help
513160b6-bf42-4c58-abdd-4f817b1cccad