Information for: DEVELOPERS   PARTNERS

Managing permissions in Profile Manager

To control your users’ access to the features and functions of Acquia Lift, you must assign them permissions. A group of users working on a particular project may require certain permissions, but not others. To make this easier, Acquia Lift uses security groups. Every user account is assigned to a single security group. Users assigned to the same security group share common permissions. By configuring permissions, you can limit the resources available to a group and control which subscriber accounts a group can access.

When you create a new subscriber account in Acquia Lift, in Configure > Teams & Permissions, Acquia Lift creates three groups whose names are composed of your subscriber name followed by one of the names from the following list (for example, one of your groups may be named ExampleInc administrators):

  • Administrators: Users have access to all available Acquia Lift features, including managing users and group security.
  • Users: Users can see people’s details and manage segments.
  • API Users: Users have access to API functions, and are used for API authentication.

There are three default groups created:

  • API Users: A special permission group used specifically to deliver personalizations to anonymous website visitors.
  • Content Hub Administrators: A group with specific permissions to access Acquia Content Hub, isolating the API keys accessing Content Hub from accessing the rest of the system.
  • Full API Users: A set of master API keys used for connecting to the REST APIs. While individual user administrative keys also have access, you may want a group of API keys not tied to a user in case the user leaves your organization and their account and keys are deprovisioned.

Creating a new security group

You may want to configure certain users’ permissions and access to subscriber accounts differently than the Acquia Lift default. To do so, you can create a new security group. For example, you can create a Managers security group whose members can view people and run reports, but can’t create segments.

To add a new security group, complete the following steps:

  1. Sign in to Acquia Lift, and then click the Configure tab.
  2. Go to Teams & Permissions > Add new security group. Acquia Lift displays the Security Group Details page.
  3. In the Name and Description fields, enter a name for the security group you want to create, and a brief explanation of its intended function.
  4. In the Linked Security Resources list, click an item you want to make available to the security group as a link. For example, clicking Manage Permissions Link displays a link that members of the security group can click to manage the permissions of all security groups. Clicking Admin Tab displays a link allowing users in the security group to access the Admin tab and its functions.
  5. Click Add to add the item to the list of linked security resources for the security group. Acquia Lift displays the name of the item in a table.
  6. Depending on your needs, repeat steps 4 and 5 to add more linked security resources to the security group.
  7. In the Linked Customers list, click the name of a customer whose account you have permissions to access, and whose name you want to make available to the security group as a link. Making the subscriber available as a link means the members of the security group can access this subscriber’s account. Click Add to add the item to the table of linked customers for the security group.
  8. Depending on your needs, repeat step 7 to add more customer links to the security group.
  9. Click Save to create the new security group.

Managing security groups

To list and manage security groups, complete the following steps:

  1. Sign in to Acquia Lift, and then click the Configure tab.
  2. From the left menu, click the Teams & Permissions link. Acquia Lift displays a list of security groups.

To edit a security group, click its name and change its values as required.

To delete a security group, find the security group you want to remove, and then click its Delete link.

Troubleshooting permission and access issues

If your users are having difficulty accessing sections of the website they should have permissions for, use the following two procedures to ensure the accounts are configured as expected.

Ensure API keys and credentials are valid in the subscriber account and region

If your Acquia Lift user is configured for the wrong region, they can’t sign in.

  1. Sign in to Acquia Lift in the region your user should be in.
  2. Click Configure > Users.
  3. Find the user account.
  4. Ensure the user’s details are correct.

Checking user permissions

If the account exists as expected in the system, but access still isn’t working, check the permission group associated with the account. Ensure it has the appropriate permission resources assigned.

  1. Sign in to Acquia Lift, click Configure > Teams & Permissions.
  2. Click the permission group the user is in.
  3. Review the permissions, and add any needed assets.
  4. If the permissions look correct, re-save the permission group and then re-save the individual user account. The process will refresh the permissions in the system.