Information for: DEVELOPERS   PARTNERS

Managing permissions in Profile Manager

To control your users’ access to the features and functions of Profile Manager, you must assign them permissions. A group of users working on a particular project may require certain permissions, but not others. To make this easier, Profile Manager uses security groups. Every user account is assigned to a single security group. Users assigned to the same security group share common permissions. By configuring permissions, you can limit the resources available to a group and control which customer accounts a group can access.

When you create a new customer account in Acquia Lift, in Configure > Teams & Permissions, Acquia Lift creates three groups whose names are composed of your subscriber name followed by one of the names from the following list (for example, one of your groups could be named ExampleInc administrators):

  • Administrators: These users have access to all available Acquia Lift features, including managing users and group security.
  • Users: Users have the ability to see people’s details and manage segments.
  • API Users: These users have access to API functions, and are generally used for API authentication.

There are three default groups created:

  • API Users: A special permission group used specifically to deliver personalizations to anonymous website visitors.
  • Content Hub Administrators: A group with specific permissions to only access Acquia Content Hub, isolating the API keys that access Content Hub from accessing the rest of the system.
  • Full API Users: A set of master API keys which can be used for connecting to the REST APIs. While individual user administrative keys also have that access, you may want a group of API keys that aren’t tied to a user in case the user leaves your organization and their account and keys are deprovisioned.

Creating a new security group

Sometimes you may want to configure certain users’ permissions and access to customer accounts differently than the Profile Manager default. To do so, you can create a new security group. For example, you could create a Managers security group whose members can view people and run reports, but cannot create segments.

To add a new security group, complete the following steps:

  1. Sign in to Profile Manager, and then click the Configure tab.
  2. Go to Teams & Permissions > Add new security group. Profile Manager displays the Security Group Details page.
  3. In the Name and Description fields, enter a name for the security group you want to create, and a brief explanation of its intended function.
  4. In the Linked Security Resources list, click an item you want to make available to this security group as a link. For example, clicking Manage Permissions Link displays a link that members of this security group can click to manage the permissions of all security groups. Clicking Admin Tab displays a link allowing users in this security group to access the Admin tab and its functions.
  5. Click Add to add this item to the list of linked security resources for this security group. Profile Manager displays the name of the item in a table.
  6. Depending on your needs, repeat steps 4 and 5 to add more linked security resources to this security group.
  7. In the Linked Customers list, click the name of a customer whose account you have permissions to access, and whose name you want to make available to this security group as a link. Making this customer available as a link means the members of this security group can access this customer’s account. Click Add to add this item to the table of linked customers for this security group.
  8. Depending on your needs, repeat step 7 to add more customer links to this security group.
  9. Click Save to create the new security group.

Managing security groups

To list and manage security groups, complete the following steps:

  1. Sign in to Profile Manager, and then click the Configure tab.
  2. From the left menu, click the Teams & Permissions link.

Profile Manager displays a list of security groups.

To edit a security group, click its name and change its values as required.

To delete a security group, find the security group you want to remove, and then click its Delete link.

Troubleshooting permission and access issues

If your users are having difficulty accessing sections of the website they should have permissions for, use the following two procedures to ensure the accounts are configured correctly.

Ensure API Keys / Credentials are valid in the customer account and region

If your Acquia Lift user is configured for the wrong region, they will not be able to sign in.

  1. Sign in to Profile Manager in the region your user should be in.
  2. Click Configure > Users.
  3. Find the user account.
  4. Ensure the user’s details are correct.

Checking user permissions

If the account exists correctly in the system, but access still is not working, check the permission group associated with the account. Ensure it has the appropriate permission resources assigned.

  1. In Profile Manager, click Configure > Teams & Permissions.
  2. Click the permission group the user is in.
  3. Review the permissions, and add any needed assets.
  4. If the permissions look correct, re-save the permission group and then re-save the individual user account. This will refresh the permissions in the system.