Customer Journey Analytics Access Control
Three levels of access or three roles govern Customer Journey Analytics: Product Admin role, Product Profile Admin role, and user-level access. This topic explains these roles in more detail.
In addition, this article discusses more granular ways to limit access, such as Workspace curation and row-level as well as value-level access control.
Product Admin role
Users who are assigned the Product Admin role are given the necessary permissions to perform most tasks within Customer Journey Analytics by default. However, some tasks require additional permissions.
To add a user as a Product Admin:
-
Go to the Admin Console.
-
Select Customer Journey Analytics > Admins tab > Add Admin.
The users that you added are given the Product Admin default permissions. You can also grant them additional permissions if needed.
Product Admin default permissions
Product Admins have permissions to complete most tasks within Customer Journey Analytics.
Product admins are granted the necessary permissions to perform the following tasks by default:
- Create, update, and delete data views
- Update and delete projects, filters, calculated metrics, audiences, annotations, or filters created by other users
- Share Workspace projects to all users
- Manage reporting activity in the Reporting Activity Manager
- Export full tables from Analysis Workspace
Product Admin additional permissions
In addition to being added as a Product Admin in the Customer Journey Analytics Product Profile in the Admin Console, additional permissions are required to complete the following tasks within Customer Journey Analytics:
-
Create, update, and delete data Connections
To perform this task, users must be part of an Experience Platform Product Profile that provides the following permissions:
-
Data Modeling: View Schemas, Manage Schemas
-
Data Management: View Datasets, Manage Datasets
-
Data Ingestion: Manage Sources
-
View Identity Namespaces
For more information on Experience Platform permissions, see Access control in Adobe Experience Platform.
-
-
Export datasets to cloud Destinations
In order to perform this task, users need the following Experience Platform permissions:
-
Manage Destinations
-
Activate Destinations
For more information on Experience Platform Destinations permissions, see Destinations overview.
-
-
Use the BI extension
For users to use the BI extension, a Product Admin
-
must ensure the Experience Platform permissions for the user include a role that has the Query Service resource with the Manage Queries and Manage Query Service Integration options. See Manage permissions for a product profile.
-
must ensure the proper Customer Journey Analytics permissions for the user:
- permission to access to the relevant data views. See Data Views in Customer Journey Analytics permissions in Admin Console.
- permission to access the CJA BI extension. See Data View tools in Customer Journey Analytics permissions in Admin Console.
-
Product Profile Admin role
A product profile is a set of permissions. Product Profile Admins can
-
Create and manage individual product profiles. Such as adding new users or managing user groups and their associated product profiles.
-
In Customer Journey Analytics, edit data views that are part of a product profile that they manage. They cannot create new data views.
User-level access
The matrix below outlines the main access permissions for different Customer Journey Analytics capabilities for non-product admins and Customer Journey Analytics product admins. Understanding these permissions helps users effectively navigate and use Customer Journey Analytics based on their role and responsibilities within the organization.
Workspace project curation
Another level of access control can be used at the Workspace reporting level. You can limit access to specific components for certain users. For more information on how to limit components (dimensions, metrics, filters, date ranges) at the Workspace project level, and how curation is tied to data views, see Curate projects.
Grant access to individual metrics or dimensions
You cannot grant or deny permissions for individual metrics or dimensions in Customer Journey Analytics like you can in traditional Adobe Analytics. Metrics and dimensions can be modified in data views and are thus subject to change in Customer Journey Analytics. Changing them also retroactively changes reporting.
Use cases
Here are a few use cases that illustrate how access control can be used in real-life scenarios.
Third-party access
A third party that your company works with has a team lead that can be made Product Profile admin. This admin can add users on the company’s team to this product profile. This admin can give access to specific data views and add other users to this product profile. They can also modify those data views over which they have control to fit their team’s needs.
Row-level access control
Let’s say you wanted to give users access to data from one day only. Here is how you would limit access to those specific rows:
- Create a filter in Customer Journey Analytics where Day equals the date you want them to have data access to.
- In Data views > Settings, add that filter to the data view.
- Save the data view and it auto-applies the filter to the dataset. Any rows that don’t fit the filter definition are now automatically excluded from the edited data view.
- Create a new Product profile in Admin Console, add users to it and limit their access to this data view.
Value-level access control
Users who have access to a data view can only work with the metrics and dimensions that the Admin has included in this data view. Admins can use the Include/Exclude functionality in data views to, for example, exclude certain dimension values from a data view.
Here is a healthcare-related example: Let’s say you create a metric called “Hypertension” in a data view, from a dataset that includes this data. The fact that it’s a metric would allow you to see the aggregate value of this metric, but not the individual patients who fall under it.
Customer Journey Analytics permissions in Admin Console
The Permissions tab is part of each product profile in Admin Console. You can add users to specific product profiles. Then you assign rights to specific data views and specify which permissions the users in a product profile have. Here are the Customer Journey Analytics-specific permissions: