Manage roles

In this video, we’ll cover how to add a user to Adobe Experience platform-based applications, like Realtime Customer Data Platform and Journey Optimizer, and how to configure permissions for features and sandboxes for that user. While this process largely takes place within the platform interface, there are some prerequisite steps that need to be done in Adobe Admin Console first. So we’ll start there. To accomplish our required tasks in Admin Console, we need to be System Admin or a Product Level Admin for Experience Platform. To start, I’ll select Products at the top of the screen, and we can see the Adobe products that we have access to. Next, I’ll select the product page for Experience Platform. We first land on the Product Profiles tab, showing the available product profiles for Platform, including their number of entitled users and admins. You will likely only have one product profile called AEP Default All Users. As the name suggests, this is the default product profile for Experience Platform. For any user to get access to any set of platform features, regardless of their role, that user must be added to this default product profile first. So, I’ll click into the product profile, and I’ll navigate to the Users tab, and then I’ll select Add User. In the dialog that appears, I’ll add the email addresses of the users that I want to grant platform permissions to. If the email is associated with an Adobe ID or a Federated ID, further details about the user are auto-populated. If the email is not associated with an Adobe account, we’re given the option to manually enter their details instead. I’ll select Save, and now these users are added to the product profile. However, doing this alone did not grant the new users permissions to any specific features within Platform. To do that, we’ll go to the next step and hop into the Experience Platform UI.

Under the Administration section in the left nav, select Permissions. The Permissions page offers several tools to help us control granular access to data and features in Platform. Since we’ve added new users to Platform’s default product profile in Admin Console, those users will now be available in this tab for permission assignment. Specifically, we want to add these new users to a role, so I’ll select Roles in the left panel here. And here we have a list of roles for our organization. In Platform, a role is a specific set of permissions for features and sandboxes that can be granted to a user. You can capture many variations of permission sets by creating multiple roles in the system, and each user can be assigned to one or more of these roles. If I click into one of these roles, I can see more details about it, including a basic description and the full set of permissions and sandboxes it grants access to. If I click Users, I can see which users in my organization have been assigned to this role and manage them if I wish. Now, we could simply add the users we set up in Admin Console earlier to this existing role, but let’s say we wanted to create an entirely new set of permissions for these users. To do that, I’ll head back to the Roles tab, and then I’ll select Create Role. I’ll give this new role a name, and optionally a description as well. And after confirming, I’m brought to the Permission Configuration view for the role. In the main part of the screen, we have our canvas, where we can drag and drop the permissions we want this role to grant. You can see that one category has already been added by default, which is Sandboxes. Each role needs to grant access to one or more sandboxes, so this category cannot be removed or left blank. Right now, this is granting access to the Production sandbox, but I can choose whichever combination of sandboxes I like. I can use the drop-down menu to add sandboxes to the category, and remove any previously added sandboxes with a single click. Now that I’m happy with my sandboxes, I can start adding feature permissions to this role. On the left side of the screen, I have a list of permission categories to choose from. Each category is based on a specific service and experience platform, such as data modeling and ingestion, or a feature in a platform-based application, such as Journeys in Adobe Journey Optimizer. A single category can contain multiple individual permissions. To add a permission category to the role, I can drag and drop it onto the canvas, or I can click the plus icon for the category in question. I’ll start by adding data modeling, and I’m prompted to select at least one permission for the category using the drop-down menu. I can choose to add individual permissions to the role, or I can simply add them all if I wish. As I continue to add new permission categories to my role, I can also remove categories by selecting the X icon on the respective container in the canvas, which also removes any permissions that may have been added under that category. I’ll continue going through the categories to add the permissions I need, and once I’ve finished, I’ll select save. Once it’s saved, I’ll select properties to navigate back to the details page for the role, and I can see that the resource and sandbox permissions I selected earlier have been added. Now, all I have left to do is to add some users to this role to grant them access to the permissions I’ve just configured. I’ll select the Users tab, then select Add Users. In the dialog that appears, I’ll select the users that I want to add to this role from the list. I can also use the search bar to narrow down the list of names if I need to. Remember that in order for a user in your organization to be available in this list, you need to add them to the default product profile in Admin Console first, as we showed earlier. Once I’ve added all the users I want, I’ll select save, and now these users are granted access to the permissions I’ve configured for this role. So, that’s the process of granting access to Experience Platform capabilities and sandboxes, which includes adding users to the default product profile for Experience Platform in Admin Console, and configuring permissions for a role in the platform UI. For the latest information on the available permissions in Experience Platform, please refer to the documentation. Thanks for watching.