Access Management in Adobe Campaign or any tool intends to approve users to perform their assigned job while preventing them from accessing other resources or information. All information should be available on the need to know basis.
650+ companies and 2 billion+ Customer profiles It is a big number. Now I am sure that you can understand why Access management is crucial to protect the data.
While going through Adobe Campaign community forum, I saw a question from a fellow member that They are Struggling to define a strategy for folder naming and structure in Adobe Campaign and It is not an isolated case. This problem gets more complicated with Multi-Brand Strategy or Multi Product Strategy.
We have worked on multiple projects and always end up spending days in workshops to come up with a perfect plan. It happens because We have a spectrum of clients which either have a multi-product enterprise or many portfolios of different offerings. Sometimes they have a shared marketing team across geographies or different marketing team for various geographies. This Team structure means multiple people own workflows and processes across products/brands.
Why we need Access Management?
In this business environment, controlling access to relevant resources is essential for the long-term maintenance and running a successful campaign. Access Management is a core responsibility of Adobe campaign architect.
Responsibility for protecting the organization’s information assets is at the heart of the Chief Information Officer (CIO) and, as such, user-access management must be a critical area of focus for CIOs and Chief Security Officers (CSO). Adobe Campaign Architect needs to work with CIO and CSO to design a robust access management.
Concept of Access management
The idea of “Access Management” provides an approach to integrate security with the organization’s business processes and enterprise-wide risk-management capabilities. User-access management supports this approach through ensuring that access is available to authorized users and denied to unauthorized users. Access management includes controls throughout the areas of:
- User provisioning and de-provisioning (people).
- Operational management of user-access (processes).
- Technical-access controls (technology).
Let’s understand some Adobe campaign specific terms around Access management.
Operators: They are the Adobe Campaign users(not recipient/ or customer) who will be a perform day to day activities in Adobe campaign. OOTB, operators in Adobe Campaign, are stored in the Administration > Access management > Operators node.
Operator Group: A segment of operators who will be responsible for performing specific responsibilities such as Campaign managers. They use their experience and ideas to improve a particular task. By default, OOTB, operator groups in Adobe Campaign, are stored in the Administration > Access management > Operator groups node in the tree.
In Adobe Campaign v6/v7, you can change/control rights allotted to the different operators. You can add or remove any Named rights(Restrictions, Access) Which will authorize or deny:
- Access to specific functionalities (via the Named rights),
- Access to individual records,
- Creation, update, and deletion of documents (procedures, Recipients, campaigns, leads, Marketing resources).
Named Rights: If you are not Admin then your access in Adobe campaign is controlled by Adobe campaign. Named rights can be used to allow access to an appropriate Form widget, such as, a custom attribute that you have added in a delivery xtk: form. You can check in the form XML if the current operator HasNamedRight. You do not actually use Named rights to grant folder access instead Operator Group should be used to grant folder access. Another example will be WORKFLOW named right is specific to workflows: Which enables you to create, start and stop workflows.
The operator groups and Named rights allow operators to access individual folders in the navigation hierarchy (N), and grant read (R), write (W) and delete (D) permissions.
Note to know more about the default operators, operator groups, and Named rights matrix, download the following document.
To build a successful access management strategy, we need to understand the critical dependencies when choosing a folder strategy?
- Experience with Adobe Campaign tool: you need to interview/survey your clients and capture this information in the discovery phase. You can ask questions such as Did every stakeholder is familiar with Adobe Campaign and its various aspects like Rich Client, dashboard, and explorer?
- Adobe campaign tool features and buzzwords: Are your stakeholders understand the difference between plan and program?
- Approval mechanism: Are you going to use OOTB approval Mechanism or you need to customize it?
- List of modules utilized by the client: Are you using Distributed Marketing module?
- Classification and capacity rules: Do you have company full pressure/classification rules or you want to have based on Region/country/Brand particular?
- Typology: Do you need to build Brand specific typology?
- Legal compliance: Do you understand that every country has different legal rules for Marketing/communication consent?
- Input forms and Dashboards: Do you need to customize the OOTB forms for the different brand?
- Branded Emails: Do you need to use Domain delegation if you are going to use multi branded emails?
You need to get answers to these question in the Access Management Workshops(Discover phase). Today I am providing you a free template to build a concrete Access Management Strategy in Adobe Campaign.
The assumption in the template:
- Three brands: Brand A, B, and C. You can use Product or Geographies instead of brands.
- Global space: Some responsibilities are shared between three brands, so I have created a global space.
- Deliveries: we have some brand specific deliveries and some global deliveries for cross brand/Country campaigns.
- Administration: This workspace is shared among brands, All shared customization sits in global space or Administration space.
- Operator Groups: Defined new operator groups based on a general hierarchy in a company.
Vivek · December 11, 2019 at 7:34 pm
Is there any way using which user can start and execute the workflow which have subworkflow having actual deliveries but he should not edit/delete/add any activities present in workflow.