Manage permissions for a role manage-role-permissions
Permissions is the area of Experience Cloud where administrators can define user roles and access policies to manage access permissions for features and objects within a product application.
Through Permissions, you can create and manage roles, as well as assign the desired resource permissions for these roles. Permissions also allow you to manage the labels, sandboxes, and users associated with a specific role.
Immediately after creating a new role, you are returned to the Roles tab. If you are editing permissions for an existing role, select the role from the Roles tab. Alternatively, use the filter option to filter the results to find a role.
Filter roles
Select the funnel icon (
The following filters are available for roles in the UI:
To remove a filter, select the “X” on the pill icon for the filter in question, or select Clear all to remove all filters.
Role details role-details
Select the role from the Roles tab, which will open the role’s Details dashboard.
The Details dashboard provides an overview of the role. The overview displays the role name, description, creator, and last modifier, along with the creation and modification dates. It also shows the permissions attached to the role and the list of assigned sandboxes. The role name and description can be modified, if required.
Manage labels for a role
Select the Labels tab to open the roles labels workspace, then select Add labels to assign labels to the role.
The Apply Access and Data Governance Labels dialog is displayed, presenting a list of labels. The list displays the label name, friendly name, category, and its description.
Select the labels from the list you would like to add to the role, then select Save
Added labels appear under Labels tab.
To remove a label from a role, select the label and then select Remove Labels.
Manage sandboxes for a role
Select the Details tab and navigate to the Sandboxes section. Select View All to see the complete list of sandboxes added to the role.
To add more sandboxes to a role, select Edit from the top-right of the UI.
The next screen prompts you to choose which sandboxes resources to include in the role using the dropdown. When finished, select Save and then Close.
Manage users for a role
Select the Users tab to open the roles Users workspace, then select Add Users to assign users to the role.
The Add Users dialog appears. Select the users from the list you would like to add to the role. Alternatively, use the search bar to search for the user by entering their name or email address, then select Save
Added users appear under Users tab.
To remove a user from a role, select the X icon next to the user’s name.
The following video is intended to support your understanding of creating a new role and managing users for that role.
In this video, we’ll cover how to add a user to Adobe Experience platform-based applications, like Realtime Customer Data Platform and Journey Optimizer, and how to configure permissions for features and sandboxes for that user. While this process largely takes place within the platform interface, there are some prerequisite steps that need to be done in Adobe Admin Console first. So we’ll start there. To accomplish our required tasks in Admin Console, we need to be System Admin or a Product Level Admin for Experience Platform. To start, I’ll select Products at the top of the screen, and we can see the Adobe products that we have access to. Next, I’ll select the product page for Experience Platform. We first land on the Product Profiles tab, showing the available product profiles for Platform, including their number of entitled users and admins. You will likely only have one product profile called AEP Default All Users. As the name suggests, this is the default product profile for Experience Platform. For any user to get access to any set of platform features, regardless of their role, that user must be added to this default product profile first. So, I’ll click into the product profile, and I’ll navigate to the Users tab, and then I’ll select Add User. In the dialog that appears, I’ll add the email addresses of the users that I want to grant platform permissions to. If the email is associated with an Adobe ID or a Federated ID, further details about the user are auto-populated. If the email is not associated with an Adobe account, we’re given the option to manually enter their details instead. I’ll select Save, and now these users are added to the product profile. However, doing this alone did not grant the new users permissions to any specific features within Platform. To do that, we’ll go to the next step and hop into the Experience Platform UI.
Under the Administration section in the left nav, select Permissions. The Permissions page offers several tools to help us control granular access to data and features in Platform. Since we’ve added new users to Platform’s default product profile in Admin Console, those users will now be available in this tab for permission assignment. Specifically, we want to add these new users to a role, so I’ll select Roles in the left panel here. And here we have a list of roles for our organization. In Platform, a role is a specific set of permissions for features and sandboxes that can be granted to a user. You can capture many variations of permission sets by creating multiple roles in the system, and each user can be assigned to one or more of these roles. If I click into one of these roles, I can see more details about it, including a basic description and the full set of permissions and sandboxes it grants access to. If I click Users, I can see which users in my organization have been assigned to this role and manage them if I wish. Now, we could simply add the users we set up in Admin Console earlier to this existing role, but let’s say we wanted to create an entirely new set of permissions for these users. To do that, I’ll head back to the Roles tab, and then I’ll select Create Role. I’ll give this new role a name, and optionally a description as well. And after confirming, I’m brought to the Permission Configuration view for the role. In the main part of the screen, we have our canvas, where we can drag and drop the permissions we want this role to grant. You can see that one category has already been added by default, which is Sandboxes. Each role needs to grant access to one or more sandboxes, so this category cannot be removed or left blank. Right now, this is granting access to the Production sandbox, but I can choose whichever combination of sandboxes I like. I can use the drop-down menu to add sandboxes to the category, and remove any previously added sandboxes with a single click. Now that I’m happy with my sandboxes, I can start adding feature permissions to this role. On the left side of the screen, I have a list of permission categories to choose from. Each category is based on a specific service and experience platform, such as data modeling and ingestion, or a feature in a platform-based application, such as Journeys in Adobe Journey Optimizer. A single category can contain multiple individual permissions. To add a permission category to the role, I can drag and drop it onto the canvas, or I can click the plus icon for the category in question. I’ll start by adding data modeling, and I’m prompted to select at least one permission for the category using the drop-down menu. I can choose to add individual permissions to the role, or I can simply add them all if I wish. As I continue to add new permission categories to my role, I can also remove categories by selecting the X icon on the respective container in the canvas, which also removes any permissions that may have been added under that category. I’ll continue going through the categories to add the permissions I need, and once I’ve finished, I’ll select save. Once it’s saved, I’ll select properties to navigate back to the details page for the role, and I can see that the resource and sandbox permissions I selected earlier have been added. Now, all I have left to do is to add some users to this role to grant them access to the permissions I’ve just configured. I’ll select the Users tab, then select Add Users. In the dialog that appears, I’ll select the users that I want to add to this role from the list. I can also use the search bar to narrow down the list of names if I need to. Remember that in order for a user in your organization to be available in this list, you need to add them to the default product profile in Admin Console first, as we showed earlier. Once I’ve added all the users I want, I’ll select save, and now these users are granted access to the permissions I’ve configured for this role. So, that’s the process of granting access to Experience Platform capabilities and sandboxes, which includes adding users to the default product profile for Experience Platform in Admin Console, and configuring permissions for a role in the platform UI. For the latest information on the available permissions in Experience Platform, please refer to the documentation. Thanks for watching.
Manage API credentials for a role manage-api-credentials-for-role
To use Experience Platform APIs as a user or developer, a system administrator needs to add API credentials in addition to a role’s given set of permissions. For a complete guide on creating and assigning API credentials, as well as the permissions needed, refer to the step-by-step tutorial in authenticate and access Experience Platform APIs.
Select the API credentials tab to open the roles API credentials workspace, then select Add API credentials to assign API credentials to the role.
The Add API credentials dialog appears. Select API credentials from the list to add to the role and then select Save
Added API credentials appear under API credentials tab.
To remove an API credential from a role, select the X icon next to the API credential name.
The Remove API credentials dialog appears, prompting you to confirm deletion. Select Confirm to finish removing the selected credential.
You will be returned to the API credentials tab.
Manage user groups for a role manage-user-groups
User groups are multiple users that have been grouped together and have access to execute the same functions.
Select the User groups tab to open the role’s user groups workspace and then select Add Groups to assign user groups to the role.
The Add Groups dialog appears. Select the user groups from the list you would like to add to the role. Alternatively, use the search bar to search for the user group by entering the name of the group, then select Save
Added user group appears under User groups tab.
To remove a user group from a role, select the X icon next to the user group name.
The Remove user group dialog appears, prompting you to confirm deletion. Select Confirm to remove the selected user group.
You will be returned to the User groups tab.
Add users to Experience Platform
As a system administrator, you may grant developer access to a user so they can create integrations in the Adobe Developer Console.
To add a user Experience Platform, log in to the Admin Console and select Add users.
The Add users to your team dialog appears. Enter the user’s email address, first name (optional) and last name (optional). Then select Products.
The Select products dialogu appears. Select Adobe Experience Platform.
The Select product profiles dialog appears. Select AEP-Default-All-Users then select Save.
Review the information and then select Save to add the user.
Next steps
With permissions established, you can proceed to the next step to manage users.