In this lesson, we will delve into the various user roles and permissions available within the console, providing a clear understanding of how they function and their scopes, which can be defined by business units and/or business areas. Understanding these roles and permissions is crucial for managing console users effectively and ensuring that each user has the appropriate level of access and control based on their responsibilities.
User Roles and Permissions
The following are a list of user roles and permissions used in the SAP Customer Data Platform:
System Administrator (SysAdmin)
The System Administrator is granted the highest level of permissions within the console. This role is responsible for overseeing the entire system, including managing user accounts, configuring system settings, and ensuring overall security. System Administrators can create, modify, and delete any entities and have full access to all business units and areas.
Marketeer (Engagement strategist)
A Marketeer is primarily involved in executing marketing strategies and campaigns. This role is typically granted permissions to create and manage marketing-related content, segments, audiences, and analyze campaign performance. Marketeers often have access restricted to specific business areas relevant to their marketing activities to ensure data security and relevance.
Marketing Ops (Data strategist)
The Marketing Ops role supports the technical and operational aspects of marketing activities. This includes configuring marketing automation tools, managing marketing data, and ensuring the smooth execution of marketing campaigns. Permissions for this role are tailored to allow access to necessary technical settings and data, possibly across multiple business units.
Implementation Specialist (Technical consultant)
Implementation Specialists are responsible for setting up and deploying the platform according to the organization's requirements. Their permissions include configuring system integrations, managing data imports and exports, and ensuring the platform is optimally set up for various business processes. Typically, their access spans across multiple business units to facilitate comprehensive implementation.
DPO Specialist (Data Protection Officer)
A DPO Specialist focuses on data privacy and compliance with data protection regulations. This role is assigned permissions to monitor data processing activities, manage data subject requests, and ensure data security measures are in place. Their access is generally broad, covering numerous business units and areas to ensure company-wide compliance.
Viewer
The Viewer role has read-only access to certain parts of the console. This role is ideal for stakeholders or auditors who need to review the system's data and configurations without making any changes. Permissions for Viewers are limited to ensure data integrity while still providing necessary insights into the system's operations.
For more detailed information, refer to the SAP Customer Data Platform User Administration documentation
Adding a New User
Inviting a new user to the console is a straightforward process that involves several key steps to ensure proper role assignment and access control. When initiating this process, you will first access the Invite a New User feature, which allows you to add a new member to your system.
System Administrator
A pivotal element to highlight is the System Administrator toggle, which grants top-level administrative permissions. It's crucial to use this toggle judiciously, assigning System Administrator rights only to those who require extensive access and control over the system.
Business Unit
Next, you will encounter the Business Unit scope selection. This option enables you to restrict or grant users access to specific business units within your organization, ensuring they can only interact with the data and resources pertinent to their role.
Roles
Following the Business Unit scope, you'll come across the Roles selection dropdown. Here, you assign appropriate roles such as Marketeer, Marketing Ops, Implementation Specialist, DPO Specialist, or Viewer, each with distinctive permissions tailored to specific job functions within the console.
Areas
Further, you have the Areas list, which provides additional granularity by segmenting access within business units into various functional or business areas. This ensures that users only engage with the data and functionalities relevant to their specific area of work.
Global
Lastly, the Global option, marked as Global, should be noted when no business area is selected. This toggle essentially provides broad access when no specific business areas are limited, useful for roles that require a comprehensive view of the entire business unit.
Through these steps, the user invitation process facilitates precise access management, enhancing security while promoting operational efficiency.
For more detailed steps on inviting a new user, refer to the SAP Customer Data Platform User Administration documentation.
Editing User Permissions
You can edit a user’s details by clicking the Edit button from the three-dot menu next to the user's name. The screen will look similar to the invitation form, allowing you to make necessary changes.
Removing User Access
If access for a user is no longer applicable, you can delete the user. Click on the Delete button from the three-dot menu next to the user's name. A confirmation will appear to ensure you really want to remove this user.
Adding a Console Admin User in the SAP Customer Data Platform
This video will demonstrate the steps of inviting a new user to the SAP Customer Data Platform Console.
Video Summary
- Navigate to User Menu
- Access Invite User Form
- Enter User Details
- Send Invitation
Lesson Summary
In this lesson, you learned how to effectively manage console users in the SAP Customer Data Platform Console by adding new users, editing permissions, and removing access. Mastery of these skills ensures secure and efficient user management tailored to individual roles within your organization.