This article describes how to add and manage server-side users and permission roles for the Tealium Customer Data Hub .
In order to use this feature, it must first be enabled by your Tealium account manager.
This article covers the following topics:
Server-side user permissions creates a separation of access between the Tealium client-side interface and the server-side interface. This allows account administrators to grant access to users only for the areas that they intend to work on.
Users are still added using the client-side (iQ) admin, at which point the user will appear in the server-side user permissions list where server-side access is granted per profile. Server-side access is controlled using predefined permission roles. For each profile in the account, users are assigned a permission role to determine their access level.
Access between the client-side and server-side interfaces are mutually exclusive. Permissions granted to server-side do not apply to client-side. Likewise, permissions set for the client-side do not affect the server-side, except for assigning the Manage Account permission for admins.
There are four (4) server-side permission roles.
The following table describes the available permission roles.
|No Access (default)||
The No Access permission role does not grant any access to the server-side profile. Users with this role that attempt to access the server-side profile will be blocked with an "Access Denied" modal.
The Reader permission role grants read-only access to the server-side profile. A user in this role can browse the profile configuration, but will observe a disabled Save/Publish button. Users with this role cannot save any changes.
The Editor permission role grants edit and save access to the server-side profile. Users in this role can also access and edit settings in the Profile Admin > Settings menu.
The Publisher permission role grants the same access as the Editor role with the addition of the ability to publish the profile.
Admins of the server-side interface are the only users that have the ability to change permissions of server-side users. None of the server-side permission roles grant this ability. To be an admin of the server-side interface you must have the Manage Account permission, set from the client-side interface.
Only the Manage Users permission grants the ability to add users to the account.
Learn more about managing user permissions in Tealium iQ Tag Management.
To give a user access to server-side, you must first add them in the client-side interface. In the client-side interface you must have the Manage Users permission to add users to your account and the Manage Account permission to manage permissions in the server-side interface.
To add a user with only permission to a server-side profile, follow these steps:
The user will no longer have access to the client-side profile, but will retain access to the server-side profile.
You must have the Manage Account permission, assigned from the client-side interface, to access this area.
Use the following steps to view and edit server-side permissions for a user:
No. Once a user exists in both client-side and server-side, removing the user from one does not impact the other.
Yes. If a user already exists in the account and has been granted permission to a profile on the server-side, go to iQ Tag Management > Manage Users and remove that user from the client-side interface. See the Adding Users section for more information.
There is no impact to server-side users. All server-side users will have the default permission role of No Access to all new server-side profiles.
If the user selects server-side at the login screen, they will automatically be loaded into the account/profile accordingly. If the user attempts to log in to the client-side, a modal displays with a denied access message.
Yes. A server-side admin user (granted by the Manage Account permission) can change permissions for all server-side users, including their own.
Yes. A server-side admin user's access is granted by the Manage Account permission, which is an account-level permission. Users with this permission level have access to the Manage Users screen in the server-side interface where they can manage user permissions for all profiles.
Access control to the Omichannel File Status API will change upon final release of the server-side permissions feature. In addition to the standard requirement of needing an API key to authenticate with the API, users must have read access to the relevant Customer Data Hub account. Users utilizing the v1 API only need read access to the Customer Data Hub account.
It depends. Only admin users that also have the Manage Users permission (granted in the client-side interface) can add and remove a user from the account. A server-side admin user without this permission can only manage permissions for server-side profiles.