ACS - Security groups and Organizational Units | Community
Skip to main content
eveline8
eveline8
New Participant
March 26, 2019
Solved

ACS - Security groups and Organizational Units

  • March 26, 2019
  • 16 replies
  • 17791 views

Hi all,

I would like to know if anyone has ever implement a similar procedure to see profiles of each countries.

In the instance I use now there are only Organizational Units.

I explain the case:

Our customer has different database for different countries and he would like to create users that can see only the profiles associated to a specific country.

user A can see only profiles with country US

user B can see only profiles with country IT

and so on.

I have activated in Custom Resources the option "Add access authorization management fields", I have set the organizational unit, I create the security group in Admin and in Adobe Campaign with the same ID.

I have insert user A in US security group and so on.

I have assigned the profiles to the different organizational units but the user in security group US see all the profiles for all countries, not only US profiles.

How is it possibible? Are there other setting to implement?

Thanks,

E.

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by bisswang

    Hi Eveline,

    yes, that is exactly the issue.

    If the user is in any security group with all assigned, he will have access to anything in the whole system.

    That can't be limited by another security group.

    Following documentation states which organizational unit will be taken if multiple are assigned:

    Adobe Campaign Help | Managing groups and users

    16 replies

    I
    itd6
    New Participant
    April 2, 2019

    thanks so much for all your help! i was able to figure it out yesterday and get everything working with all of your advice.

    B
    bisswang
    Employee
    April 1, 2019

    Product profile:   Campaign Standard - cdc-mkt-stage1 - Geometrixx Clothes

    Security Group ID:   Geometrixx Clothes

    I
    itd6
    New Participant
    April 1, 2019

    And then the Security group ID would just be "Geometrixx Clothes"?

    I
    itd6
    New Participant
    April 1, 2019

    Thanks so much for all your help. I was confused on why the instructions said to have both items on the user myself. 

    I am confused on the naming of the profile part. Should it be something like "Campaign Standard - cdc-mkt-stage1 - Geometrixx Clothes"? or does it need standard users in the name? "Campaign Standard - cdc-mkt-stage1 - Standard Users - Geometrixx Clothes" which gets really long and truncates on security groups ID.

    B
    bisswang
    Employee
    April 1, 2019

    Hi,

    There are 2 issues with your config:

    - user is member of "standard users" group which will give access to "all" organizational unit. Remove the user from there

    - for your other profile, the name is wrong thus it won't map to ACS security group and justbignore it. You need same prefix as "standard users", i.e. the GEOMETRIXXCAMPAIGN is wrong.

    Afterwards log in with the user and check with an admin that the user only belongs to Clothes group.

    I
    itd6
    New Participant
    April 1, 2019

    i have assigned the product profile to the user in the console but i dont see a way to add a user to the security group inside campaign. I thought all of this was handled in the console?

    Here is the Security group and linked to relevant org unit

    My test user has the Product Profile assigned to them.

    B
    bisswang
    Employee
    March 31, 2019

    Ok, if that's the case the indeed no custom resource needed.

    Please check:

    * User Access is defined on Security Group and links to the relevant org Unit

    * use is part of security group and not member of other security groups with different user access* Acces authorization is set on the program and all subelements

    If that is met, visibility should be limited accordingly

    I
    itd6
    New Participant
    March 30, 2019

    I just want to first limit what the user sees when they go into Programs & Campaigns. I thought the instructions would be enough but something must be missing.

    B
    bisswang
    Employee
    March 29, 2019

    At the end it depends on what objects you want to limit.

    Items like Campaigns or workflows can be limited without creating custom resources.

    If you want to limit user profiles though then you need to create a custom resource as by default it does not have the fields for access authorization.

    M
    mcastine
    New Participant
    March 29, 2019

    IN the instructions for adding users through the console, it says to create a Product profile if limiting by groups. Why do I need to create a custom resource? it is not mentioned anywhere on the Security group creation page??

    Show more replies
    Terms & ConditionsAccessibility statement

    Loading footer...