DocumentationCustomer Journey AnalyticsCustomer Journey Analytics Guide

Customer Journey Analytics Access Control

Last update: Tue Jun 25 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Admin

Three levels of access or three roles govern Customer Journey Analytics: Product Admin role, Product Profile Admin role, and user-level access. This topic explains these roles in more detail.

In addition, this article discusses more granular ways to limit access, such as Workspace curation and row-level as well as value-level access control.

Product Admin role

Users who are assigned the Product Admin role are given the necessary permissions to perform most tasks within Customer Journey Analytics by default. However, some tasks require additional permissions.

To add a user as a Product Admin:

  1. Go to the Admin Console.

  2. Select Customer Journey Analytics > Admins tab > Add Admin.

    The users that you added are given the Product Admin default permissions. You can also grant them additional permissions if needed.

Product Admin default permissions

Product Admins have permissions to complete most tasks within Customer Journey Analytics.

Product admins are granted the necessary permissions to perform the following tasks by default:

  • Create, update, and delete data views
  • Update and delete projects, filters, calculated metrics, audiences, annotations, or filters created by other users
  • Share Workspace projects to all users
  • Manage reporting activity in the Reporting Activity Manager
  • Export full tables from Analysis Workspace

Product Admin additional permissions

In addition to being added as a Product Admin in the Customer Journey Analytics Product Profile in the Admin Console, additional permissions are required to complete the following tasks within Customer Journey Analytics:

  • Create, update, and delete data Connections

    To perform this task, users must be part of an Experience Platform Product Profile that provides the following permissions:

    • Data Modeling: View Schemas, Manage Schemas

    • Data Management: View Datasets, Manage Datasets

    • Data Ingestion: Manage Sources

    • View Identity Namespaces

      For more information on Experience Platform permissions, see Access control in Adobe Experience Platform.

  • Export datasets to cloud Destinations

    In order to perform this task, users need the following Experience Platform permissions:

    • Manage Destinations

    • Activate Destinations

      For more information on Experience Platform Destinations permissions, see Destinations overview.

  • Use the BI extension

    For users to use the BI extension, a Product Admin

Product Profile Admin role

A product profile is a set of permissions. Product Profile Admins can

  • Create and manage individual product profiles. Such as adding new users or managing user groups and their associated product profiles.

  • In Customer Journey Analytics, edit data views that are part of a product profile that they manage. They cannot create new data views.

User-level access

The matrix below outlines the main access permissions for different Customer Journey Analytics capabilities for non-product admins and Customer Journey Analytics product admins. Understanding these permissions helps users effectively navigate and use Customer Journey Analytics based on their role and responsibilities within the organization.

Product Functionality
Non-Product Admins (Users)
Product Admins
Data views
Cannot view/update/create/delete
Can create/update/delete
Connections
Cannot view/update/create/delete
Can create/update/delete
Filters
Can create
Can create
Projects
Can create
Can create/update/delete
Audiences
Can create with special permissions in Admin Console
Can create
Calculated metrics
Can create with special permissions in Admin Console
Can create

Workspace project curation

Another level of access control can be used at the Workspace reporting level. You can limit access to specific components for certain users. For more information on how to limit components (dimensions, metrics, filters, date ranges) at the Workspace project level, and how curation is tied to data views, see Curate projects.

Grant access to individual metrics or dimensions

You cannot grant or deny permissions for individual metrics or dimensions in Customer Journey Analytics like you can in traditional Adobe Analytics. Metrics and dimensions can be modified in data views and are thus subject to change in Customer Journey Analytics. Changing them also retroactively changes reporting.

Use cases

Here are a few use cases that illustrate how access control can be used in real-life scenarios.

Third-party access

A third party that your company works with has a team lead that can be made Product Profile admin. This admin can add users on the company’s team to this product profile. This admin can give access to specific data views and add other users to this product profile. They can also modify those data views over which they have control to fit their team’s needs.

Row-level access control

Let’s say you wanted to give users access to data from one day only. Here is how you would limit access to those specific rows:

  1. Create a filter in Customer Journey Analytics where Day equals the date you want them to have data access to.
  2. In Data views > Settings, add that filter to the data view.
  3. Save the data view and it auto-applies the filter to the dataset. Any rows that don’t fit the filter definition are now automatically excluded from the edited data view.
  4. Create a new Product profile in Admin Console, add users to it and limit their access to this data view.

Value-level access control

Users who have access to a data view can only work with the metrics and dimensions that the Admin has included in this data view. Admins can use the Include/Exclude functionality in data views to, for example, exclude certain dimension values from a data view.

Here is a healthcare-related example: Let’s say you create a metric called “Hypertension” in a data view, from a dataset that includes this data. The fact that it’s a metric would allow you to see the aggregate value of this metric, but not the individual patients who fall under it.

Customer Journey Analytics permissions in Admin Console

The Permissions tab is part of each product profile in Admin Console. You can add users to specific product profiles. Then you assign rights to specific data views and specify which permissions the users in a product profile have. Here are the Customer Journey Analytics-specific permissions:

admin console permissions

Permission
Definition
Data Views
If you toggle Auto-Include to On, users that are part of this product profile can view all existing and newly created data views. If this setting is set to Off, you can select specific data views that users have access to.
Reporting Tools:
Audit Logs Access
This permission enforces the permission check on the API and the audit logs UI.
Analysis Workspace Access
Let users access Analysis Workspace in Customer Journey Analytics.
Guided Analysis Access
Let users create Guided Analysis projects.
Forecasting
Let users access the Forecasting feature in Analysis Workspace
Reporting Usage Admin
Let users view and delete any report running in their company.
Reporting Usage View
Let users see all concurrent reporting requests.
Full Table Export
Let users export full tables to the cloud.
Calculated Metrics Creation
Let users create calculated metrics.
Filter Creation
Let users create filters.
Labs Access
Let users access the Labs tab in Customer Journey Analytics.
Annotation Creation
Let users create annotations.
Audience Creation
Let users create audiences.
Audience View
Let users view audiences.
Share Project Links With Anyone
Let users share projects with anyone.
Data View Tools:
Full Table Export
Let users export full tables to the cloud.
CJA BI Extension
Let users use the BI extension.
recommendation-more-help
080e5213-7aa2-40d6-9dba-18945e892f79