Roles and Permissions
Roles are applied to users and govern which actions they can or cannot take. If you are a user with role creation rights, you will be able to create new custom roles using the AIDEM DSP UI.
How to create a new Role
If you are a user with Administrator privileges, or have Role creation rights, you will be able to create new roles for the AIDEM DSP UI and API.
In order to create a role:
- Navigate to Admin -> Roles from the Nav Bar. This will bring you to the Roles page.
- Click on +New -> Role to bring up the "Create New Role" dialog.
- Fill in all the relevant fields (required fields marked with a red asterisk): There are default system roles that come with your initial implementation (e.g. Administrator, Campaign Manager, Trafficker, Reporting) which are assigned preset permissions, but you can create custom roles in order to tailor access for each of your users. System roles are pre-configured for convenience and cannot be edited. When attempting to edit a system role, the fields will be disabled and a lock icon will appear in the top right corner to indicate that it is locked for any changes. Custom roles give you full control over what objects each user can read, create, update and delete within their account.
- To create a custom role, a Parent Role must be selected from the dropdown - options for which are the system roles defined in the AIDEM DSP. This enables the custom role to inherit any new field configurations added in the future.
- Name your custom role. Optionally, set the Alternative ID to a value of your choice at the bottom of the dialog. This can be left blank if not relevant.
- Select the desired permissions for the custom role. There are four types of permissions that can be set - each controls an aspect of the user’s access to objects and information.
- Report Permissions control which reports within Report Builder the user can access.
- Report Field Permissions control which dimensions and measures are available to the user across all reports in Report Builder. Each permission setting within this field will affect a group of fields. For example, Experiments is a permission group that has all the fields related to the Experiments feature (i.e. Test Plan ID, Test Group ID etc) while Vendor Data is a different permission group that has all the fields associated with vendors (i.e. Vendor Fees, Vendor fee name etc). For a full list of report field groups, see here.
- Object Permissions control which objects the user can access and which actions they can perform. This works independently from other permissions.
- Dashboard Permissions control which dashboards the user has access to. You can read more about the Dashboard feature Link:here (Report Builder Overview).
- Submit the new role settings.
- Assign the role to a User.
A role can be archived to be hidden from the roles selection menu on the user screen. Once archived, no new users can be created with this role. Existing users with this role will not experience any disruption in service and they will still have the same level of permissions as before. To archive a role, switch the toggle at the top right corner: