User account management is moving to the Admin Console. To start user migration, we require all Audience Manager customers to immediately take the necessary measures described in this article: Audience Manager user migration to Admin Console.
After all customers have migrated, the user management sections of this document will go away.
Before you can use RBAC, this feature must be enabled by Adobe for your organization. Please reach out to your account team to request RBAC activation, or contact Customer Care.
The options under the Administration menu let you create Audience Manager users and assign them to groups. You can also view limits (traits, segments, destinations, and models).
Enterprise customers using Audience Manager need one data management platform for all of their data, but must be able to control the visibility of the different data elements to specific business units. You can accomplish this using group permissions, also referred to as Role-Based Access Control (RBAC).
Audience Manager uses groups to assign permissions. Permissions are not assigned at the user level. Group permissions are tied to objects (traits, segments, etc.) and to actions you can perform on those objects (edit, view, etc.). These controls are also available through the Audience Manager REST APIs. See User Management, Group Management, and Permissions Management API methods.
User account management is moving to the Admin Console. To start user migration, we require all Audience Manager customers to immediately take the necessary measures described in this article: Audience Manager user migration to Admin Console.
After all customers have migrated, the user management section of this document will go away.
User account management is moving to the Admin Console. To start user migration, we advise all Audience Manager customers to immediately take the necessary measures described in this article: Audience Manager user migration to Admin Console.
After all customers have migrated, this section will go away.
A group is a collection of users that share access rights to destination, segment, and trait objects. You can limit groups to single objects only or give them broad access to combinations of different objects.
To create a group:
User account management is moving to the Admin Console. To start user migration, we advise all Audience Manager customers to immediately take the necessary measures described in this article: Audience Manager user migration to Admin Console.
After all customers have migrated, this section will go away.
Simplify group rights management with Wild Card Permissions.
Wild Card Permissions give group members automatic access to each data source associated to a segment, destination, or trait. By comparison, regular permissions only let you assign specific data sources to the one of these objects. And, when you add new data sources, group members don’t get access to those new sources.
You have to open the group permissions and assign those new data sources to the group. Wild Card Permissions let you avoid this manual data source update process. Groups with Wild Card Permissions get access to new data sources without explicit authorization.
Read below for a description of what each wildcard permission means:
Trait
MAP_ALL_TRAITS_TO_MODELS
- Users can select traits as the baseline for models.EDIT_ALL_TRAITS
- Users can edit all traits set up within their company account.VIEW_ALL_TRAITS
- Users can view all traits set up within their company account.DELETE_ALL_TRAITS
- Users can delete all traits set up within their company account.CREATE_ALL_ALGO_TRAITS
- Users can create algorithmic traits.MAP_ALL_TO_SEGMENTS
- Users can add any of the traits belonging to their company to segments.CREATE_ALL_TRAITS
- Users can create traits.Models
VIEW_MODELS
- Users have permission to view models belonging to their company.Derived Signals
VIEW_DERIVED_SIGNALS
- Users can view all the derived signals belonging to their company.CREATE_DERIVED_SIGNALS
- Users can create derived signals.EDIT_DERIVED_SIGNALS
- Users can edit all the derived signals belonging to their company.DELETE_DERIVED_SIGNALS
- Users can delete any of the derived signals belonging to their company.Destination
EDIT_ALL_DESTINATIONS
- Users can edit all the destinations set up within their company account.CREATE_DESTINATIONS
- Users can create destinations.VIEW_ALL_DESTINATIONS
- Users can view all the destinations set up within their company account.DELETE_ALL_DESTINATIONS
- Users can delete all the destinations set up within their company account.Tags
VIEW_TAGS
- Users can do everything (view, create, edit, delete) on their Tag Containers.Audience Lab
MANAGE_SEGMENT_TEST_GROUPS
- Users can do everything (view, create, edit, delete) on their Audience Lab test groups.Segment
CREATE_ALL_SEGMENTS
- Users can create segments.DELETE_ALL_SEGMENTS
- Users can delete all the segments set up within their company account.MAP_ALL_TO_DESTINATIONS
- Users can map any of the segments belonging to their company to destinations.EDIT_ALL_SEGMENTS
- Users can edit all the segments set up within their company account.MAP_ALL_SEGMENTS_TO_MODELS
- Users can select segments as the baseline for models.VIEW_ALL_SEGMENTS
- Users can view all the segments set up within their company account.Signals
VIEW_ALL_SIGNALS
- Users can view all signals captured in Data Explorer.Role-Based Access Control can help you monitor user login status, giving you a clear picture of who can access your Audience Manager instance.
Depending on your business requirements, you can enable and disable user accounts as needed.
You can configure Role-Based Access Control at trait, segment, and destination level, for each user group.
This capability helps you manage how your users view, create, read, write, and edit specific data sets, and even restrict users from accessing data sets that should not be available to them.