Introducing Server-Side User Permissions

Community Manager
Community Manager

We are excited to announce the availability of user permissions for the server-side products. This new feature allows account owners to manage server-side user permissions separately from the user permissions that are controlled in Tealium iQ Tag Management.

How it Works

Server-side user permissions creates a separation of access between the Tealium client-side interface and the server-side interface. This allows account administrators to grant access to users only for the areas that they intend to work on.

New users for the entire account are still added in Tealium iQ Tag Management. Once added, the new users appear in the server-side user permissions list where server-side access is granted by profile.

Additional features include the ability to add and edit users in bulk (up to 25 users at a time) and the ability to search user profiles and filter users by permission type.

Server-Side Permission Roles

Server-side access is controlled using predefined permission roles. For each profile in the account, users are assigned a permission role to determine their access level.

The following table describes the four (4) available server-side permission roles:

Permission Role Description
No Access (default)
  • The No Access permission role does not grant any access to the server-side profile.
  • If the user attempts to access the server-side, their profile is blocked and an "Access Denied" message displays.
Reader
  • The Reader permission grants read-only access to the server-side profile.
  • A user in this role can browse the profile configuration, but the Save/Publish button is disabled. Users with this role cannot save any changes.
Editor
  • The Editor permission grants edit and save access to the server-side profile.
  • Users with this role can also access and edit settings from the Profile Admin > Settings menu.
Publisher
  • The Publisher permission grants the same access as the Editor role, with the addition of the ability to publish the profile.

User Migration from iQ Tag Management

Prior to this release, access to the server-side products was managed from iQ Tag Management. From there, a user with permission to publish to the production (prod) environment had full save and publish permissions in the corresponding server-side products. In order not to disrupt user access to the server-side, a migration policy was applied to map client-side user permissions to server-side permissions.

With this release, your server-side account is pre-populated with users from your corresponding iQ Tag Management account. During migration your client-side users were placed into the following server-side permission groups:

Client-Side Permissions Migrated Server-Side Permissions
Manage Account and Manage Users

Administrator
Has full access to the account, including the ability to edit server-side user permissions and add users. Cannot be edited.

Publish to Prod

Publisher
Has the ability to save and publish.

Any

Reader

All other users will have read access.

Admin Users

Admins of the server-side interface are the only users that have the ability to change the permissions of server-side users. None of the server-side permission roles grant this ability.

To be an admin on the server-side, you must have the Manage Account permission in the client-side interface.

Only the Manage Users permission grants the ability to add users to the account. To learn more about managing user permission in Tealium iQ Tag Management, see Managing User Permissions in iQ Tag Management.

Get Started!

For step-by-step instruction on how to get started, go to Managing Server-Side Permissions.

0 Kudos
Comments
Silver Contributor
Silver Contributor
So if I need to provide access to someone only on the server-side products I have to:
1) create the user from iQ
2) go in Server-Side and provide them the permissions
3) go back to iQ and delete the user

Is it correct?
Community Manager
Community Manager

Hi @Giadanoe , Good question. If you don't grant any permissions in iQ the user will have read-only access to iQ. If you don't want the user to have read-access to iQ, then yes, you have to delete the user from iQ. This will not affect server-side permissions.

Details here: https://community.tealiumiq.com/t5/Customer-Data-Hub/Managing-Server-Side-User-Permissions/ta-p/2112...

Rookie Contributor

Can we in the future also expect a user role (or just user setting) where a reader can solely create new audiences for existing connectors? I think that would help a lot of users and sounds quite logical from a marketeer's user perspective.