Customer Journey Analytics Access Control

Customer Journey Analytics is governed by three levels of access or three roles: Product Admin role, Product Profile Admin role, and user-level access. This topic explains these roles in more detail.

In addition, we discuss more granular ways to limit access, such as Workspace curation and row-level as well as value-level access control.

Product Admin role

Users who are assigned the Product Admin role are given the necessary permissions to perform most tasks within Customer Journey Analytics by default. However, some tasks require additional permissions.

To add a user as a Product Admin:

  1. Go to the Admin Console.

  2. Select Customer Journey Analytics > Admins tab > Add Admin.

    The users that you added are given the Product Admin default permissions. You can also grant them additional permissions if needed.

Product Admin default permissions

Product Admins have permissions to complete most tasks within Customer Journey Analytics.

Product admins are granted the necessary permissions to perform the following tasks by default:

  • Create, update, and delete data views
  • Update and delete projects, filters, calculated metrics, audiences, annotations, or filters created by other users
  • Share Workspace projects to all users
  • Manage reporting activity in the Reporting Activity Manager
  • Export full tables from Analysis Workspace

Product Admin additional permissions

In addition to being added as a Product Admin in the Customer Journey Analytics Product Profile in the Admin Console, additional permission are required in order to complete the following tasks within Customer Journey Analytics:

  • Create, update, and delete data Connections

    In order to perform this task, users must be part of an Experience Platform Product Profile that provides the following permissions:

    • Data Modeling: View Schemas, Manage Schemas

    • Data Management: View Datasets, Manage Datasets

    • Data Ingestion: Manage Sources

    • View Identity Namespaces

      For more information on Experience Platform permissions, see Access control in Adobe Experience Platform.

  • Export datasets to cloud Destinations

    In order to perform this task, users need the following Experience Platform permissions:

    • Manage Destinations

    • Activate Destinations

      For more information on Experience Platform Destinations permissions, see Destinations overview.

Product Profile Admin role

A product profile is a set of permissions. Product Profile Admins can

  • Create and manage individual product profiles, such as adding new users or managing user groups and their associated product profiles.

  • In Customer Journey Analytics, edit data views that are part of a product profile that they manage. They cannot create new data views.

User-level access

The matrix below outlines the main access permissions for different Customer Journey Analytics capabilities for non-product admins and CJA product admins. Understanding these permissions helps users effectively navigate and utilize CJA based on their role and responsibilities within the organization.

CJA Product Functionality
Non-Product Admins (Users)
Product Admins
Data views
Cannot view/update/create/delete
Can create/update/delete
Cannot view/update/create/delete
Can create/update/delete
Can create
Can create
Can create
Can create/update/delete
Can create with special permissions in Admin Console
Can create
Calculated metrics
Can create with special permissions in Admin Console
Can create

Workspace project curation

Another level of access control can be used at the Workspace reporting level. You can limit access to specific components for certain users. For more information on how to limit components (dimensions, metrics, filters, date ranges) at the Workspace project level, and how curation is tied to data views, see Curate projects.

Grant access to individual metrics or dimensions

You cannot grant or deny permissions for individual metrics or dimensions in Customer Journey Analytics like you can in traditional Adobe Analytics. Metrics and dimensions can be modified in data views and are thus subject to change in Customer Journey Analytics. Changing them also retroactively changes reporting.

Use cases

Here are a few use cases that illustrate how access control can be used in real-life scenarios.

Third-party access

A third party that your company works with has a team lead that can be made Product Profile admin. This admin then can add users on his team to this product profile. This admin can give access to specific data views and add other users to this product profile. They can also modify those data views over which they have control to fit their team’s needs.

Row-level access control

Let’s say you wanted to give users access to data from one day only. Here is how you would limit access to those specific rows:

  1. Create a filter in Customer Journey Analytics where Day equals the date you want them to have data access to.
  2. In Data views > Settings, add that filter to the data view.
  3. Save the data view and it auto-applies the filter to the dataset. Any rows that don’t fit the filter definition are now automatically excluded from the edited data view.
  4. Create a new Product profile in Admin Console, add users to it and limit their access to this data view.

Value-level access control

Users who have access to a data view can only work with the metrics and dimensions that the Admin has included in this data view. Admins can use the Include/Exclude functionality in data views to, for example, exclude certain dimension values from a data view.

Here is a healthcare-related example: Let’s say you create a metric called “Hypertension” in a data view, from a dataset that includes this data. The fact that it’s a metric would allow you to see the aggregate value of this metric, but not the individual patients who fall under it.

Customer Journey Analytics permissions in Admin Console

The Permissions tab is part of each product profile in Admin Console. You can add users to specific product profiles. Then you assign rights to specific data views and specify which permissions the users in a product profile have. Here are the Customer Journey Analytics-specific permissions:

admin console permissions

Data Views
If you toggle Auto-Include to On, users that are part of this product profile can view all existing and newly created data views. If this setting is set to Off, you can select specific data views that users have access to.
Reporting Tools:
Audit Logs Access
This permission enforces the permission check on the API and the audit logs UI.
Analysis Workspace Access
Lets users access Analysis Workspace in Customer Journey Analytics.
Guided Analysis Access
Lets users create Guided Analysis projects.
Lets users access Forecasting feature in Analysis Workspace
Reporting Usage Admin
Lets users view and delete any report running in their company.
Reporting Usage View
Lets users see all of the concurrent reporting requests.
Full Table Export
Lets users export full tables to the cloud.
Calculated Metrics Creation
Lets users create calculated metrics.
Filter Creation
Lets users create filters.
Labs Access
Lets users access the Labs tab in Customer Journey Analytics.
Annotation Creation
Lets users create annotations.
Audience Creation
Lets users create audiences.
Audience View
Lets users view audiences.
Share Project Links With Anyone
Lets users share projects with anyone.
Data View Tools:
Full Table Export
Lets users export full tables to the cloud.
SQL Query Service Access
Lets users access Query Service in AEP.