Back

This article describes how to manage server-side users and permission roles for the Tealium Customer Data Hub.

This article covers the following topics:

Table of Contents Placeholder

How It Works

Server-side user permissions creates a separation of access between the Tealium client-side interface and the server-side interface. This allows account administrators to grant access to users only for the areas that they intend to work on.

New users for accounts are still added in Tealium iQ Tag Management. Once added, the new users appear in the server-side user permissions list where server-side access is granted by profile.

Admin Users

Admins of the server-side interface are the only users that have the ability to change the permissions of server-side users. None of the server-side permission roles grant this ability.

To be an admin on the server-side, you must have the Manage Account permission in the client-side interface.

Only the Manage Users permission grants the ability to add users to the account. To learn more about managing user permission in Tealium iQ Tag Management, see Managing User Permissions in iQ Tag Management.

Server-Side Permission Roles

Server-side access is controlled using predefined permission roles. For each profile in the account, users are assigned a permission role to determine their access level.

The following table describes the four (4) available server-side permission roles:

PERMISSION ROLE DESCRIPTION
No Access (default)
  • The No Access permission role does not grant any access to the server-side profile.
  • If the user attempts to access the server-side, their profile is blocked and an "Access Denied" message displays.
Reader
  • The Reader permission grants read-only access to the server-side profile.
  • A user in this role can browse the profile configuration, but the Save/Publish button is disabled. Users with this role cannot save any changes.
Editor
  • The Editor permission grants edit and save access to the server-side profile.
  • Users with this role can also access and edit settings from the Profile Admin > Settings menu.
Publisher
  • The Publisher permission grants the same access as the Editor role, with the addition of the ability to save and publish the profile.

Profile access between the server-side and client-side product is mutually exclusive. For example, you can grant Save and Publish permissions for client-side products without impacting server-side product permissions for a given profile. In addition, if you remove or change user access to a profile on the client-side, it is not removed or changed on the server-side.

Add a Server-Side Only User

To give a user access to server-side, you must first add them in the client-side interface. In the client-side interface you must have the Manage Users permission to add users to your account and the Manage Account permission to manage permissions in the server-side interface.

To add a user with only permission to a server-side profile, follow these steps:

  1. In the client-side interface, add the user, but do not select any client-side permissions.
    The user must verify their email address before you can continue, at which point the user will have read-only access to the client-side interface and will appear in the Manage Users list in the server-side interface.
  2. In the server-side interface, go to Manage Users and assign permission roles to grant the user access to a server-side profile.
  3. Click Next.
  4. Save your changes.
  5. Return to the client-side interface.
  6. Go to Manage Users and remove the user. (Learn more)
    The user will no longer have access to the client-side profile, but will retain access to the server-side profile.

Edit Server-Side User Permissions

To edit server-side user permissions, you must have the Manage Account permission, which is assigned from the client-side interface.

Use the following steps to view and edit server-side permissions for a user:

  1. Log into the server-side area of the Customer Data Hub.
  2. Click the drop-down menu in the upper right of screen and select Manage Users.
    A list of all server-side users displays, including the user's name, email address, and a timestamp for the last login.
  3. Click a user to display the permission details.
    The details for that user display.
  4. To grant access to a profile, select a permission role from the drop-down list.
    server-side-manage-users-user-permissions-crop.png
  5. Repeat Step 3 through Step 5 for each user you want to edit.
  6. If no changes are needed, click X to close the user details and return to the user list.
    You will be prompted to confirm your intention to disregard changes if you have made adjustments.
  7. Click Stay to keep your changes or Discard to discard the changes.
    Your changes are saved without the need to publish.

Frequently Asked Questions (FAQ)

  • If a user is removed from the client-side profile, is the user also removed from the server-side profile?
    No. Once a user exists in both client-side and server-side, removing the user from one does not impact the other.

  • Can I grant a user access to a server-side profile without allowing access to a client-side profile?
    Yes. If a user already exists in the account and has been granted permission to a profile on the server-side, go to iQ Tag Management > Manage Users and remove that user from the client-side interface. See the Adding Users section for more information.

  • How does the "All current and future profiles" option impact server-side permissions?
    There is no impact to server-side users. All server-side users will have the default permission role of No Access to all new server-side profiles.

  • What happens if a user has access to only one profile on the server-side and no profile access on the client-side?
    If the user selects server-side at the login screen, they will automatically be loaded into the account/profile accordingly. If the user attempts to log in to the client-side, a modal displays with a denied access message.

  • Can a server-side admin change their own permissions for server-side profiles?
    Yes. A server-side admin user (granted by the Manage Account permission) can change permissions for all server-side users, including their own.

  • Can a server-side admin update manage permissions for all server-side profiles?
    Yes. A server-side admin user's access is granted by the Manage Account permission, which is an account-level permission. Users with this permission level have access to the Manage Users screen in the server-side interface where they can manage user permissions for all profiles.

  • How do the new server-side permissions affect the Omnichannel File Status API?
    Access control to the Omichannel File Status API will change upon final release of the server-side permissions feature. In addition to the standard requirement of needing an API key to authenticate with the API, users must have read access to the relevant Customer Data Hub account. Users utilizing the v1 API only need read access to the Customer Data Hub account.

  • Can a server-side admin add new users to an account?
    No. The Manage Account permission does not grant access to add new users or delete users from an account. While they can remove access to profiles, only users who have the Manage Users permission assigned in the iQ Tag Management workflow can invite a new user to an account or completely delete a user from an account.

  • Does this feature change the way user management access is granted or controlled within TiQ?
    No. The Manage Users checkbox in iQ Tag Management remains the permission that grants a user access to add or remove users from a business account. Users with only the Manage User permission will not have access to manage permissions on the server-side.

Additional Resources