Documentation Experience Platform Access Control Guide

Manage permissions for a role

Last update: Tue Jan 30 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Access Control

CREATED FOR:

Admin

IMPORTANT

Access control uses user ID (an internal unique id assigned to a user) for granting permissions. When an organization is migrated from Adobe ID to Business ID, all permissions set for its users will be lost because the user ID changes and access control will use the newly generated user ID. If your organization is migrated to Business ID, please contact your Adobe representative to migrate your user ID from Adobe ID to Business ID.

Permissions is the area of Experience Cloud where administrators can define user roles and access policies to manage access permissions for features and objects within a product application.

Through Permissions, you can create and manage roles, as well as assign the desired resource permissions for these roles. Permissions also allow you to manage the labels, sandboxes, and users associated with a specific role.

Immediately after creating a new role, you are returned to the Roles tab. If you are editing permissions for an existing role, select the role from the Roles tab. Alternatively, use the filter option to filter the results to find a role.

Filter roles

Select the funnel icon ( ) to display a list of filter controls to help narrow results.

flac-filters

The following filters are available for roles in the UI:

Filter

Description

Created between

Select a start date and/or an end date to define a date range to filter results by.

Created by

Filter by role creator by selecting a user from the dropdown.

Modified between

Select a start date and/or an end date to define a date range to filter results by.

Modified by

Filter by role modifier by selecting a user from the dropdown.

To remove a filter, select the “X” on the pill icon for the filter in question, or select Clear all to remove all filters.

flac-clear-filters

Role details

Select the role from the Roles tab, which will open the role’s details page.

flac-details

The details tab provides an overview of the role. The overview displays the role name, role description, the name of the user who created and modified the role, when the role was created and modified, and the permissions attached to the role. The role name, and role description can be modified, if required.

Manage labels for a role

Select the Labels tab to open the roles labels page, then select Add labels to assign labels to the role.

flac-labels

Labels are listed on this page. The list displays the label name, friendly name, category, and its description.

Select the labels from the list you would like to add to the role, then select Save

flac-add-labels

Added labels appear under Labels tab.

flac-added-labels

To remove a label from a role, select the X icon next to the labels’s name.

flac-delete-labels

Managing sandboxes for role

Select the Sandboxes tab to open the roles sandboxes page. Here you can see a list of sandboxes that were added to the role.

flac-sandboxes

To add more sandboxes to a role select Edit.

flac-add-sandboxes

The next screen prompts you to choose which resource permissions that exist in sandboxes to include in the role using the dropdown. When finished, select Save and exit.

flac-add-role-permission

Managing users for role

Select the Users tab to open the roles users page, then select Add Users to assign users to the role.

flac-users

Select the users from the list you would like to add to the role. Alternatively, use the search bar to search for the user by entering their name or email address, then select Save

flac-add-users

Added users appear under Users tab.

flac-added-users

To remove a user from a role, select the X icon next to the users name.

flac-remove-users

The following video is intended to support your understanding of creating a new role and managing users for that role.

https://video.tv.adobe.com/v/336081/?learn=on

Managing API credentials for role manage-api-credentials-for-role

Select the API credentials tab to open the roles API credentials page, then select Add API credentials to assign API credentials to the role.

flac-api-credentials

Select the API credentials from the list you would like to add to the role, then select Save

flac-add-api-credentials

Added API credentials appears under API credentials tab.

flac-added-api-credentials

To remove a API credentials from a role, select the X icon next to the API credential name.

flac-remove-api-credentials

The Remove API credentials dialogue appears, prompting you to confirm deletion.

flac-confirm-api-credentials-delete

You will be returned to the API credentials tab.

Managing user groups for roles

User groups are multiple users that have been grouped together and have the access to execute the same functions.

Select the User groups tab to open the roles user groups page, then select Add Groups to assign user groups to the role.

flac-user-groups

Select the user groups from the list you would like to add to the role. Alternatively, use the search bar to search for the user group by entering the name of the group, then select Save

flac-add-user-groups

Added user group appears under User groups tab.

flac-added-user-groups

To remove a user group from a role, select the X icon next to the user group name.

flac-remove-user-groups

The Remove user group dialogue appears, prompting you to confirm deletion.

flac-confirm-user-groups-delete

You will be returned to the User groups tab.

Adding users to Experience Platform through a role

To add a user to a role, log into the Admin Console and select Add users

product-profile-add-users

The Add users to your team dialogue appears. Enter the users email address, first name (optional) and last name (optional).

Select the pencil icon to select products and user groups, select Adobe Experience Platform, then select AEP-Default-All-Users, then select Save.

product-profile

Next steps

With permissions established, you can proceed to the next step to manage users.

recommendation-more-help

631fcab2-5cb1-46ef-ba66-fe098ac723e0