Enterprise 2.0 - User Roles and Permissions
Knowing the difference between Roles and Permissions can allow you to have a heightened level of internal governance in your account. By creating roles with predetermined permissions, you will be able to permit or limit access to product features depending on the user.
Permission: A permission is a tool to control a user's access to screens in the application. By checking the box next to a permission, you can enable or disable that permission. For example - you can limit a user's ability to actually send an email.
Role: A role is a collection of permissions that allow or deny actions on an item or item property. If a permission is not set, the permission has the same effect as a deny.
Characteristics of different types of roles are:
If you use an Enterprise 2.0 edition account, you can aggregate permissions into roles that you assign to your users. The roles can than be applied to a plethora of users in your account.
- User Roles - Permissions stay with the user regardless of business unit
- Business Unit Roles - Any user working in a business unit acquires the role and permissions of the business unit
- Individual Role - Permissions specifically assigned to the individual
Why is this important?
It is important to have an internal governance within your Marketing Cloud instance. You are hosting a significant amount of customer data, and at times, sensitive data as well. Roles and permissions give the administrator control to limit the access users have to the data or capabilities based on their job function.
Predefined Roles - our system comes with a few predefined roles and permissions to help you start your internal structure. However, these may or may not incompass all of the measures you need to put in place. Learn more about these roles here
Creating Roles - you can also create roles specific to your business and application needs. Follow the easy steps here to work through creating the roles that work for you.
- Content Creator
- Data Manager
Roles and Permission Recommendations:
- Define roles based on your business needs - there are a plethora of options when you start getting into setting permissions and can quickly become overwhelming. Create a plan first, outline the needs for each role within your account and then go into set. Trying to set roles and permissions, within the platform, without a strategic game plan, can lead to misappropriated user allowances.
- Disable Sending Capabilities from anyone that does not need them. This is the easiest way to protect your sends and ensure that only the people qualified to hit that send button, are doing so.
- Limit Personalization of Roles - to make it easier on yourself - try and limit the nuances for each individual users. Of course, exceptions need to be made, but for the majority of the time, try to define your roles in groups by job function and apply them across multiple users.
- Deny permissions always trumps allow permissions. So deny permissions set for a role will override allow permissions set on a specific user.
Roles and Permissions can be a great feature to protect your business and allow for a system of check and balances within the tool if used probably.
For more resources check out the Getting Started with Marketing Cloud hub page