This article describes how to add and manage server-side users and permission roles for the Tealium Customer Data Hub .
In order to use this feature, it must first be enabled by your Tealium account manager.
This article covers the following topics:
Server-side user permissions creates a separation of access between the Tealium client-side interface and the server-side interface. This allows account administrators to grant access to users only for the areas that they intend to work on.
Users are still added using the client-side (iQ) admin, at which point the user will appear in the server-side user permissions list where server-side access is granted per profile. Server-side access is controlled using predefined permission roles. For each profile in the account, users are assigned a permission role to determine their access level.
Access between the client-side and server-side interfaces are mutually exclusive. Permissions granted to server-side do not apply to client-side. Likewise, permissions set for the client-side do not affect the server-side, except for assigning the Manage Account permission for admins.
There are four (4) server-side permission roles.
The following table describes the available permission roles.
|No Access (default)||
The No Access permission role does not grant any access to the server-side profile. Users with this role that attempt to access the server-side profile will be blocked with an "Access Denied" modal.
The Reader permission role grants read-only access to the server-side profile. A user in this role can browse the profile configuration, but will observe a disabled Save/Publish button. Users with this role cannot save any changes.
The Editor permission role grants edit and save access to the server-side profile. Users in this role can also access and edit settings in the Profile Admin > Settings menu.
The Publisher permission role grants the same access as the Editor role with the addition of the ability to publish the profile.
The ability to manage users for server-side products is still controlled in the client-side interface. Users with the Manage Account permission in the client-side interface will also have the ability to manage users in server-side interface.
User creation occurs in the client-side (iQ Tag Management) interface. You must have the Manage Account permission to add new users. To add a user to server-side, first add them in client-side and grant client-side permissions as needed. Then proceed to Viewing and Editing User Permissions to assign server-side permissions
To add a user with only permission to a server-side profile, do not select any client-side permissions. Once the user is activated and appears in the server-side user list, assign a server-side permission role, then return to the client-side Manage Users list to remove the user. The user will no longer have access to the client-side profile, but will retain access to the server-side profile.
You must have the Manage Account permission assigned from the client-side interface to access this area.
Use the following steps to view and edit server-side permissions for a user:
No. Once a user exists in both client-side and server-side, removing the user from one does not impact the other.
Yes. If a user already exists in the account and the profile has been granted a permission on the server-side, a user with Manage Account permissions can go to iQ Tag Management > Manage Users and remove that user from client-side.
There is no impact to server-side users. All server-side users will have the default permission role of No Access to all new server-side profiles.
If the user selects server-side at the login screen, they will automatically be loaded into the account/profile accordingly. If the user attempts to log in to the client-side, a modal displays with a denied access message.
Yes. Users with the Manage Account permission can change permissions for all server-side users, including their own.
Yes. The Manage Account permission is an account-level permission. Users with that permission have access to the server-side Manage Users menu item for all profiles.
Access control to the Omichannel File Status API will change upon final release of the server-side permissions feature. In addition to the standard requirement of needing an API key to authenticate with the API, users must have read access to the relevant Customer Data Hub account. Users utilizing the v1 API only need read access to the Customer Data Hub account.