Managing User Permissions in UDH

Managing User Permissions in UDH

by on ‎01-08-2018 01:08 PM - edited on ‎06-06-2018 02:26 PM by Community Manager (1,151 Views)

This article explains how to add and manage users and user permission groups for the Tealium Universal Data Hub (UDH) product.

User Management is currently in Beta. During the Beta period, only users in the Administrator group will be able to manage users and permission groups. No other new permissions will be enforced until the Beta period ends.

This article covers the following topics:

Table of Contents Placeholder

How It Works

The administration area of the Universal Data Hub (UDH) interface allows account owners to control only users working on EventStream, AudienceStream, or DataAccess to manage user permissions separately from the Manage Users console in iQ Tag Management.

In UDH, groups are assigned permissions and users are then assigned to these groups, inheriting the permissions. Users in multiple groups are cumulatively granted all permissions from those groups. Only users in the Administrator group can access User Management.

About Users and Permission Groups

In UDH, permissions are granted at the group level. This allows you to establish clear permission policies and apply the policies consistently across all users. A user must be a member of one (1) or more groups in order to assign permissions. There are three (3) default permission groups: Administrator, Read Access, and Publish. You can create additional permission groups.

The following sections describe the permissions in the default groups.

Administrator Group

The Administrator group has Admin permissions that provide full access to manage both users and permission groups. The permissions assigned to the Administrator group cannot be modified.

The following table describes Administrator group permissions:

Permissions Description

Manage Groups

  • Has access to all permissions
  • Create and delete groups
  • Adjust permission settings

Manage Users

  • Add and remove users
  • Adjust permission groups

Read Access Group

The Read Access group has no Admin permissions and is the default permission group for all users. This group provides login access but no edit access to the account other than the assigned default permissions for Data Sources Policy and Connector Marketplace Policy. All other permissions are read only and cannot be modified.

The following table describes Read Access group permissions:

Permissions Description

 Data Sources Policy

  • Identifies which data sources can be managed
  • Can select specific data sources from user interface
  • The default value is All 

Connector Marketplace Policy

  • Identifies which connectors can be managed
  • The default value is All

Publish Group

The Publish group has no Admin permissions. The default permissions, group name, and description of the group can be modified to fit your needs. Permissions are categorized by General, EventStream, AudienceStream, and DataAccess, as detailed in the following tables.

General Permissions

The following table describes permissions in the General category:

Permission Description

Manage Data Sources

  • Create, edit, and delete data sources
  • Edit and delete data source settings
  • The default value is None

Data Sources Policy

  • Identifies which data sources can be managed
  • Can select specific data sources from user interface
  • The default value is All
Specifications
  • Create, edit, and delete event attributes
  • The default value is No

Manage Omnichannel

  • Create, edit, and delete Omnichannel enrichments
  • Create, edit, and delete file definitions
  • The default value is No 

Manage Connectors

  • Create, edit, and delete connectors
  • Credentials and settings used for a vendor connection
  • Permission level cannot exceed the level granted by Manage Event Feeds
  • Enforced by connector property createdBy
  • The default value is None

Connector Marketplace Policy

  • Identifies which connectors can be managed
  • The default value is All

Save

  • Save changes
  • Automatically enabled when any permission below the gray bar is enabled
  • The default value is Yes

Publish

  • Publish saved changes
  • The default value is No

Permission Descriptions

The following sections describe the available permissions for each product category.

EventStream

The following table describes permissions in the EventStream category:

Permission Description

Manage Event Attributes

  • Create, edit, and delete event attributes and specifications
  • When value is set to Yes, all Manage Event feeds display
  • The default value is No

Manage Attributes with Restricted Data

  • Include attributes with restricted data
  • The default value is No

Manage Event Feeds

  • Create, edit, and delete event feeds
  • Permission level cannot exceed the permission level granted by Manage Connectors
  • The default value is None

Manage Event (Connector) Actions

  • Create, edit, and delete event-based connection actions and configurations
  • The default value is None
 

Map Attributes with Restricted Data

  • Attributes with restricted data are made available to send using the connector action configuration
  • The default value is No

AudienceStream

The following table describes permissions in the AudienceStream category:

Permission

Description

Manage Audiences

  • Create, edit, and delete visit/visitor attributes and audiences
  • The default value is No

Manage Audience Attributes (Visit/Visitor Attributes)

  • Create, edit, and delete audience attributes
  • The default value is No

Manage Attributes with Restricted Data

  • Includes attributes with restricted data
  • The default value is No

Manage Audience (Connector) Actions

  • Create, edit, and delete audience-based connector actions and their configurations
  • The default value is None
 

Map Attributes with Restricted Data

  • Attributes with restricted data are made available to send using the connector action configuration
  • The default value is No

Manage Audience Sizing Jobs

  • Create, activate, and remove Audience Sizing jobs
  • The default value is None

DataAccess

The following table describes permissions in the DataAccess category:

Permission

Description

Enable Event Data Storage

  • Enable EventStore and EventDB for individual event feeds
  • The default value is No
 

Manage Attributes for EventDB/AudienceDB

  • Configure the attributes to be stored
  • The default value is No

Access EventStore/AudienceStore Data

  • Download data files directly from the DataAccess Console
  • The default value is No

Reset Access Keys

  • Reset the secret keys used by third-party FTP clients
  • The default value is No

Access EventDB/AudienceDB Data

  • Enables access to database connection details
  • The default value is No

Reset Credentials

  • Reset connection credentials used by third-party database clients
  • The default value is No

Managing Users

Users must be assigned to permission groups. Users will inherit the settings from the permission group(s) selected. UDH user management tasks consist of adding and editing users and assigning those users to one (1) or more permission groups.

Adding Users

Use the following steps to add a user and assign the user to one (1) or more permission groups:

  1. In the navigation sidebar click the Admin shield icon in the lower left corner.
    udh-sidebar-admin.png
  2. Click Add Users.
  3. Enter the email address of the user or users you want to add.
    You can add up to ten (10) email addresses in this step, separating each user email address by a comma.
  4. Click Next.
  5. Check the box next to the permission groups to assign to this user.
  6. Click Next.
  7. Review the user email addresses and the summary of permissions to be granted.
  8. If correct, click Finish.
    A message displays confirming success.

Editing a User

Use the following steps to view and edit user details and permission groups for a single user:

  1. In the navigation sidebar click the Admin shield icon in the lower left corner.
  2. Click User Management.
    A list of all users displays in table format, including the user name, email address, groups to which the user has permissions, and a timestamp for the last login.
  3. Click on a user to display details about the user.
  4. Click the pencil icon to display the edit dialog.
  5. Make the desired edits.
  6. Click Save.
    Your changes are saved.

    Save/Publish is not required. 

Copying Groups from an Existing User

Use the following steps to copy permission groups from an existing user to a new user:

  1. In the navigation sidebar click the Admin shield icon in the lower left corner.
  2. Click Add Users.
    Enter the email address of the user or users you want to add.
    You can add up to ten (10) email addresses in this step, separating each user email address by a comma.
  3. Click Next.
  4. Click Copy groups from existing user.
  5. In the Copy permission groups from existing user drop-down list, select a user.
    UDH_Copy Permission Groups.jpg
  6. Click Next.
  7. Review your changes.
  8. Click Finish.
    A success message displays that the user was successfully added.

Managing Permission Groups

Permission groups simplify the administrative user management tasks. From the UDH interface, administrators can view and edit the permissions for an existing permission group, view and edit the members of a group, or add a permission group.

Adding a Permission Group

Use the following steps to add a new group:

  1. In the navigation sidebar click the Admin shield icon in the lower left corner.
  2. Click the Permissions Group tab.
  3. Click Add Group.
    The Add Group dialog displays.
    UDH Permissions Group_Add Group.jpg
  4. Enter a title for the group.
  5. (Optional) Enter descriptive notes about the group.
  6. Click Save.
    Your changes are saved.

    Save/Publish is not required. 

Editing Permission Group Settings

Use the following steps to edit the permission settings for a group:

  1. In the navigation sidebar click the Admin shield icon in the lower left corner.
  2. Click the Permissions Group tab.
  3. Click a group to select it.
    The Edit Group dialog displays.
  4. Edit the permissions as needed.
  5. Click Save.
    Your changes are saved.

    Save/Publish is not required. 

User Settings and Password

All users can view their own permission, information details and change their password, regardless of the permission groups to which they belong.

Viewing Your User Settings

Use the following steps to view your settings:

  1. Click your user name in the upper right corner of the screen and select View User Settings from the drop-down list.
  2. View the settings and click Close to close the settings dialog.

Editing Your User Details

Your user details include your first name, last name, and title.

edit-user-details.png

Use the following steps to edit your details:

  1. Click your user name in the upper right corner of the screen and select View User Settings from the drop-down list.
  2. Click the pencil icon to display the edit settings dialog.
  3. Make the desired changes.
  4. Click Save to close the settings dialog.
    Your changes are saved.

    Save/Publish is not required. 

Changing Your Password

Only the user that is logged in to UDH can change their password.

Use the following steps to change your user password:

  1. Click your user name in the upper right corner of the screen and select View User Settings from the drop-down list.
  2. Click Change Password adjacent to your email address.
  3. Enter your current password.
  4. Enter the new password.
    If the password you select does not meet the password requirements, a message displays to let you know the criteria that has not been met.
  5. Enter the new password again to confirm.
  6. Click Save.
    Your changes are saved.

    Save/Publish is not required. 

    A message displays that the password was successfully changed and a confirmation email is sent to your email address. 

FAQ

What is the difference between TiQ users and UDH users?

User permissions for the Universal Data Hub (UDH) product work differently than user permissions in the Tealium iQ Tag Management product. In UDH, permissions are granted at the group level. 

How are TiQ Users migrated to UDH?

The following table describes how TiQ users are migrated to specific UDH permission groups.

Users with this TiQ Permission Will belong to this UDH Permission Group
  • Manage Users
  • Manage Accounts
  • Manage Profiles
Admin
Publish to PROD Publish
All other users not in the groups listed above Read Access

How does this affect the Omnichannel File Status API?

Access control to the  Omichannel File Status API will change upon final release of the User Management feature. In addition to the standard requirement of needing an API key to authenticate with the API, users will need read access to the relevant UDH account.

Users utilizing the v1 API only need read access to the necessary UDH account.