Administration (RBAC Controls)
The options under the Administration menu let you create Audience Manager users and assign them to groups. You can also view limits (traits, segments, destinations, and models).
Enterprise customers using Audience Manager need one data management platform for all of their data, but must be able to control the visibility of the different data elements to specific business units. You can accomplish this using group permissions, also referred to as Role-Based Access Control (RBAC).
Audience Manager uses groups to assign permissions. Permissions are not assigned at the user level. Group permissions are tied to objects (traits, segments, etc.) and to actions you can perform on those objects (edit, view, etc.). These controls are also available through the Audience Manager REST APIs. See User Management , Group Management , and Permissions Management API methods.
Create users in Audience Manager and specify user details, login status, and assign users to groups.
- Click Administration > Users .
- Click to display the Create New User page.
- Under User Details , fill in the fields:
- Username: Specify a unique username for Audience Manager.
- First Name: Specify the user's first name.
- Last Name: Specify the user's last name.
- Email Address: Specify the user's email address. Audience Manager does not send regular notification to users. Audience Manager administrators have access to users' email addresses and can manually email users as needed. For example, if a user forgets his or her password, the email address specified in this field is used to send a temporary password and instructions to reset the password.
- Phone Number: Specify the user's phone number.
- Is Admin: Specify if this user is an Audience Manager administrator. Admin users can manage users (create, edit, etc.) and groups (create, assign permissions, etc.). Non-admin users can control only their own user profiles, including editing their email addresses and resetting their own passwords. For more information, see Edit Your Account Settings .
- Under Login , select the desired status:
- Active: Active users can access Audience Manager and have the permissions granted by group membership.
- Deactivated: Deactivated users cannot access Audience Manager and do not have any permissions. If you deactivate users, their user information remains in Audience Manager and you can simple reactivate them, if necessary. If you remove users, you must re-create them if they need to use Audience Manager again in the future.
- Expired: A user's password is older than 90 days.
- Pending: The user has a temporary password, either as after a password reset or as a brand new account, and they have not yet set a permanent password.
- Locked Out: 5 incorrect login attempts will lock out a user.
- Under Assigned Groups , from the drop-down list, select the desired groups to which you want to assign this user. For more information about groups and permissions, see Create a Group .
- Click Save .
Create a Group
A group is a collection of users that share access rights to destination, segment, and trait objects. You can limit groups to single objects only or give them broad access to combinations of different objects.
To create a group:
- Click Administration > Groups .
- Click to open the Group Settings page.
- In Group Details:
- Name the group.
- Provide a brief group description.
- In Group Members, click a user from Add Users options to add them to the group.
- Select the check box for the permissions you want group members to have.
- (Optional) Assign Wild Card Permissions to the group.
- Click Save Group .
Understanding Wild Card Permissions
Simplify group rights management with Wild Card Permissions.
Wild Card Permissions give group members automatic access to each data source associated to a segment, destination, or trait. By comparison, regular permissions only let you assign specific data sources to the one of these objects. And, when you add new data sources, group members don't get access to those new sources.
You have to open the group permissions and assign those new data sources to the group. Wild Card Permissions let you avoid this manual data source update process. Groups with Wild Card Permissions get access to new data sources without explicit authorization.
Read below for a description of what each wildcard permission means:
- MAP_ALL_TRAITS_TO_MODELS - Users can select traits as the baseline for models.
- EDIT_ALL_TRAITS - Users can edit all traits set up within their company account.
- VIEW_ALL_TRAITS - Users can view all traits set up within their company account.
- DELETE_ALL_TRAITS - Users can delete all traits set up within their company account.
- CREATE_ALL_ALGO_TRAITS - Users can create algorithmic traits.
- MAP_ALL_TO_SEGMENTS - Users can add any of the traits belonging to their company to segments.
- CREATE_ALL_TRAITS - Users can create traits.
- PTRREPORTS - This wildcard permission refers to outdated functionality and will be removed from the Audience Manager UI shortly.
- VIEW_MODELS - Users have permission to view models belonging to their company.
- VIEW_DERIVED_SIGNALS - Users can view all the derived signals belonging to their company.
- CREATE_DERIVED_SIGNALS - Users can create derived signals.
- EDIT_DERIVED_SIGNALS - Users can edit all the derived signals belonging to their company.
- DELETE_DERIVED_SIGNALS - Users can delete any of the derived signals belonging to their company.
- EDIT_ALL_DESTINATIONS - Users can edit all the destination set up within their company account.
- CREATE_DESTINATIONS - Users can create destinations.
- VIEW_ALL_DESTINATIONS - Users can view all the destinations set up within their company account.
- DELETE_ALL_DESTINATIONS - Users can delete all the destinations set up within their company account.
- VIEW_TAGS - Users can do everything (view, create, edit, delete) on their Tag Containers.
- MANAGE_SEGMENT_TEST_GROUPS - Users can do everything (view, create, edit, delete) on their Audience Lab test groups.
- CREATE_ALL_SEGMENTS - Users can create segments.
- DELETE_ALL_SEGMENTS - Users can delete all the segments set up within their company account.
- MAP_ALL_TO_DESTINATIONS - Users can map any of the segments belonging to their company to destinations.
- EDIT_ALL_SEGMENTS - Users can edit all the segments set up within their company account.
- MAP_ALL_SEGMENTS_TO_MODELS - Users can select segments as the baseline for models.
- VIEW_ALL_SEGMENTS - Users can view all the segments set up within their company account.
- VIEW_ALL_SIGNALS - Users can view all signals captured in Data Explorer .
Monitoring User Access
Role-Based Access Control can help you monitor user login status, giving you a clear picture of who can access your Audience Manager instance.
Depending on your business requirements, you can enable and disable user accounts as needed.
Ensure Access Protection for Sensitive Data Sources
You can configure Role-Based Access Control at trait, segment, and destination level, for each user group.
This capability helps you manage how your users view, create, read, write, and edit specific data sets, and even restrict users from accessing data sets that should not be available to them.