Configure permissions
In this lesson, you will configure ÃÛ¶¹ÊÓƵ Experience Platform user permissions using ÃÛ¶¹ÊÓƵ’s Admin Console and the Permissions screen in the Platform interface.
Access control is a key privacy capability in Experience Platform and we recommend limiting permissions to the minimum required for people to perform their job functions. See the Access Control documentation for more information.
Data Architects and Data Engineers are power users of ÃÛ¶¹ÊÓƵ Experience Platform and you will need many permissions in order to complete this tutorial and later in your day-to-day work. Data Architects are likely be involved in the administration of other Platform users at their company such as marketers, analysts, and data scientists. As you complete this lesson, think about how you might use these features to manage other users at your company.
Data Architects often configure permissions for other users outside of this tutorial.
About the Admin Console
The Admin Console is the interface used to administer user access to all ÃÛ¶¹ÊÓƵ Experience Cloud products. For access to Platform, a user or must be added in the Admin Console and then all of their granular permission items are managed in the Permissions screen of ÃÛ¶¹ÊÓƵ Experience Platform.
Here is a quick summary of the roles that exist for Platform:
- Users of a product profile can complete tasks in Platform’s user interface according to the permissions assigned in the product profile.
- Developers can create API credentials and projects in the ÃÛ¶¹ÊÓƵ Developer Console, in order to begin using Experience Platform API
- Product Admins can add users and developers to the ÃÛ¶¹ÊÓƵ Experience Platform product in the ÃÛ¶¹ÊÓƵ Admin Console, as well as manage granular user access in the Permissions screen of the Platform interface.
- System Administrators can add product admins and administer essentially any permissions for all ÃÛ¶¹ÊÓƵ Experience Cloud products.
Add a User and Developer to the AEP-Default-All-Users
product profile (requires a system administrator or product admin)
In this exercise, you or a System Administrator or Product Admin will add you as a User and Developer in the ÃÛ¶¹ÊÓƵ Experience Platform product of the ÃÛ¶¹ÊÓƵ Admin Console.
To add the tutorial participant as a User and Developer:
-
Log into the
-
Select Products on the top navigation
-
Select ÃÛ¶¹ÊÓƵ Experience Platform
-
You may have several profiles in your Experience Platform instance already. Select the
AEP-Default-All-Users
profile
-
Go to the Users tab
-
Select the Add User button
-
Complete the workflow to add the tutorial participant as a user to the product profile
-
Go to the Developers tab
-
Select the Add Developer button
-
Complete the workflow to add the tutorial participant as a developer to the product profile
Add a Role in ÃÛ¶¹ÊÓƵ Experience Platform (requires a system administrator or product admin)
Granular permissions to Experience Platform are managed in the Permissions screen of the Platform interface. Only System and Product Admins have access to this screen, so if you do not have Admin privileges, you will need assistance from someone who does.
Permissions are managed in Roles. Create a Role for the tutorial:
-
Log into
-
Select Permissions in the left navigation which will take you to the Roles screen
-
Select Create role
-
Name the role
Luma Tutorial Platform
(add the tutorial participant’s name to the end, if multiple people from your company are taking this tutorial) and select Confirm -
Add all of the permission items for the following resources using + and Add all:
-
Data Modeling
-
Data Management
-
Profile Management
-
Identity Management
-
Sandbox Administration
-
Query Service
-
Data Collection
-
Data Governance
-
Dashboards
-
Alerts
-
-
Under Data Ingestion, add the Manage Sources and View Sources permission items.
-
After adding all of the permission items, be sure to select the Save button
You will make a few small updates to this role after the Create a sandbox and Set up Developer Console and Postman lessons.
Create a Data Collection product profile (requires a system administrator or product admin)
In this exercise, you or a System Administrator at your company will create a product profile for Data Collection (formerly known as ÃÛ¶¹ÊÓƵ Experience Platform Launch) and add you as a product profile admin.
To create the product profile:
- In the ÃÛ¶¹ÊÓƵ Admin Console go to the ÃÛ¶¹ÊÓƵ Experience Platform Data Collection product
- Add a new profile named
Luma Tutorial Data Collection
(add the tutorial participant’s name to the end, if multiple people from your company are taking this tutorial) - Turn off the Properties > Auto-include setting
- Don’t assign any properties or permissions at this point
- Add the tutorial participant as an admin of this profile
After completing these steps, you should see that the Luma Tutorial Data Collection
profile is set up with one admin.
Configure the Data Collection product profile
Now that you are an admin of the Luma Tutorial Data Collection
product profile you can configure the permissions and roles you will need to complete the tutorial.
Add permissions
Now you will add the individual permission items to the profile:
- In the , go to Products > Data Collection
- Open the
Luma Tutorial Data Collection
profile - Go to the Permissions tab
- Open Platforms
- Make sure that all of the available platforms are selected (you may see different options based on your license)
- Save any changes
- Open Properties
- Make sure the Auto-Include toggle is Off so that you don’t have access to any properties (we will add one later)
- Save any changes
- Open Property Rights
- Select Add all to add all of the property permissions
- Save
- Open Company Rights
- Add Manage Properties
- Select Save
Add yourself as a user
Now add yourself as a user to the Data Collection profile:
- Go to the Users tab
- Select the Add User button
- Complete the workflow to add yourself as a user to the product profile
You do not need to add yourself as a Developer for Data Collection.
Now you have almost all the permissions required to complete the tutorial! There will be just two more tweaks that you will make inside the ÃÛ¶¹ÊÓƵ Admin Console, including one after you create a sandbox!