Managing permissions in Personalization
To control your users’ access to the features and functions of
Personalization, you must assign them permissions. A group of users
working on a particular project may require certain permissions, but not
others. To make this easier, Personalization uses security groups.
Every user account is assigned to a single security group. Users assigned to
the same security group share common permissions. By configuring permissions,
you can limit the resources available to a group and control which subscriber
accounts a group can access.
When you create a new subscriber account in Personalization, in
Configure > Teams & Permissions, Personalization creates three groups
whose names are composed of your subscriber name followed by one of the names
from the following list (for example, one of your groups may be named
ExampleInc administrators):
- Administrators: Users have access to all available Personalization
features, including managing users and group security.
- Users: Users can see people’s details and manage segments.
- API Users: Users have access to API functions, and are used for
API authentication.
There are three default groups created:
- API Users: A special permission group used specifically to deliver
personalizations to anonymous website visitors.
- Content Hub Administrators: A group with specific permissions to access
Acquia Content Hub, isolating the API keys accessing Content Hub
from accessing the rest of the system.
- Full API Users: A set of master API keys used for connecting to the REST
APIs. While individual user administrative keys also have access, you may
want a group of API keys not tied to a user in case the user leaves your
organization and their account and keys are deprovisioned.
Creating a new security group
You may want to configure certain users’ permissions and access to
subscriber accounts differently than the default. To do so,
you can create a new security group. For example, you can create a
Managers security group whose members can view people and run reports,
but can’t create segments.
To add a new security group, complete the following steps:
- Sign in to Personalization, and then
click the Configure tab.
- Go to Teams & Permissions > Add new security group.
Personalization displays the Security Group Details page.
- In the Name and Description fields, enter a name for the security
group you want to create, and a brief explanation of its intended function.
- In the Linked Security Resources list, click an item you want to make
available to the security group as a link. For example, clicking Manage
Permissions Link displays a link that members of the security group can
click to manage the permissions of all security groups. Clicking Admin
Tab displays a link allowing users in the security group to access the
Admin tab and its functions.
- Click Add to add the item to the list of linked security resources for
the security group. Personalization displays the name of the item in a table.
- Depending on your needs, repeat steps 4 and 5 to add more linked security
resources to the security group.
- In the Linked Customers list, click the name of a customer whose
account you have permissions to access, and whose name you want to make
available to the security group as a link. Making the subscriber available
as a link means the members of the security group can access this
subscriber’s account. Click Add to add the item to the table of linked
customers for the security group.
- Depending on your needs, repeat step 7 to add more customer links to
the security group.
- Click Save to create the new security group.
Managing security groups
To list and manage security groups, complete the following steps:
- Sign in to Personalization, and then
click the Configure tab.
- From the left menu, click the Teams & Permissions link. Personalization
displays a list of security groups.
To edit a security group, click its name and change its values as required.
To delete a security group, find the security group you want to remove, and
then click its Delete link.
Troubleshooting permission and access issues
If your users are having difficulty accessing sections of the website they
should have permissions for, use the following two procedures to ensure the
accounts are configured as expected.
Ensure API keys and credentials are valid in the subscriber account and region
If your Personalization user is configured for the wrong region, they can’t
sign in.
- Sign in to Personalization in the region
your user should be in.
- Click Configure > Users.
- Find the user account.
- Ensure the user’s details are correct.
Checking user permissions
If the account exists as expected in the system, but access still isn’t
working, check the permission group associated with the account. Ensure it has
the appropriate permission resources assigned.
- Sign in to Personalization, click
Configure > Teams & Permissions.
- Click the permission group the user is in.
- Review the permissions, and add any needed assets.
- If the permissions look correct, re-save the permission group and then
re-save the individual user account. The process will refresh the
permissions in the system.