New Participant

Solved

ACS - Security groups and Organizational Units

Forum|Forum|7 years ago
March 26, 2019
16 replies
17791 views

Hi all,

I would like to know if anyone has ever implement a similar procedure to see profiles of each countries.

In the instance I use now there are only Organizational Units.

I explain the case:

Our customer has different database for different countries and he would like to create users that can see only the profiles associated to a specific country.

user A can see only profiles with country US

user B can see only profiles with country IT

and so on.

I have activated in Custom Resources the option "Add access authorization management fields", I have set the organizational unit, I create the security group in Admin and in Adobe Campaign with the same ID.

I have insert user A in US security group and so on.

I have assigned the profiles to the different organizational units but the user in security group US see all the profiles for all countries, not only US profiles.

How is it possibible? Are there other setting to implement?

Thanks,

E.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by bisswang

Hi Eveline,

yes, that is exactly the issue.

If the user is in any security group with all assigned, he will have access to anything in the whole system.

That can't be limited by another security group.

Following documentation states which organizational unit will be taken if multiple are assigned:

Adobe Campaign Help | Managing groups and users

Show previous replies

B

bisswang

Employee

No, this is not product profile.

If you want to limit people of seeing all recipient profiles, you need to create a resource extnsion of ACSprofile data type. I.e. Administration - Development- Custom Resources

I

itd6

New Participant

I am having the same problem but I have followed all the steps. The one step above that is confusing to me is "Extend profile resource". Is this the Product Profile in the admin console? If so, I have that created as well. I followed these steps - Adobe Campaign Help | Organizational units - but the test user still sees everything. Here are screenshots. What am I missing?

eveline8Author

New Participant

Thanks, I tried and it works.

E.

B

bisswangAccepted solution

Employee

Hi Eveline,

yes, that is exactly the issue.

If the user is in any security group with all assigned, he will have access to anything in the whole system.

That can't be limited by another security group.

Following documentation states which organizational unit will be taken if multiple are assigned:

Adobe Campaign Help | Managing groups and users

eveline8Author

New Participant

Hi Ramon,

sorry I forgot to write the point 5. I've already assigned the org unit to security group.

I have a doubt: the user that have to see only US profiles is insert in various security group as for example Administrators (all units). Can this setting cancel the permissions of the other US security group? Can this be the reason for the failure?

Thanks,

E.

B

bisswang

Employee

Hi Eveline,

yes, I got this running.

Just quickly listing steps required for you to check:

Create org unit
Extend profile resource
Assign org unit to profile
Create new security group
Assign organizational unit to security group in "User Access" section

From your description, I would guess that 5. is missing as this is commonly forgotten / not too well documented

Only once this is assigned, the organizational unit will be checked.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded