Manage permissions for a role

Last update: 2025-01-30
  • Created for:
  • Admin

Access control uses user ID (an internal unique id assigned to a user) for granting permissions. When an organization is migrated from Adobe ID to Business ID, all permissions set for its users will be lost because the user ID changes and access control will use the newly generated user ID. If your organization is migrated to Business ID, please contact your Adobe representative to migrate your user ID from Adobe ID to Business ID.

Permissions is the area of Experience Cloud where administrators can define user roles and access policies to manage access permissions for features and objects within a product application.

Through Permissions, you can create and manage roles, as well as assign the desired resource permissions for these roles. Permissions also allow you to manage the labels, sandboxes, and users associated with a specific role.

Immediately after creating a new role, you are returned to the Roles tab. If you are editing permissions for an existing role, select the role from the Roles tab. Alternatively, use the filter option to filter the results to find a role.

Filter roles

Select the funnel icon (Filter icon) to display a list of filter controls to help narrow results.

The Roles dashboard in the Permissions UI with the filter roles section highlighted.

The following filters are available for roles in the UI:

Filter Description
Created between Select a start date and/or an end date to define a date range to filter results by.
Created by Filter by role creator by selecting a user from the dropdown.
Modified between Select a start date and/or an end date to define a date range to filter results by.
Modified by Filter by role modifier by selecting a user from the dropdown.

To remove a filter, select the “X” on the pill icon for the filter in question, or select Clear all to remove all filters.

The Roles dashboard in the Permissions UI with the X and Clear all selections highlighted on the chosen filters.

Role details

Select the role from the Roles tab, which will open the role’s Details dashboard.

The Details workspace for the selected role is displayed with the overview information highlighted.

The Details dashboard provides an overview of the role. The overview displays the role name, description, creator, and last modifier, along with the creation and modification dates. It also shows the permissions attached to the role and the list of assigned sandboxes. The role name and description can be modified, if required.

Manage labels for a role

Select the Labels tab to open the roles labels workspace, then select Add labels to assign labels to the role.

The role's Labels workspace is displayed with the Labels tab and Add Labels button highliighted.

The Apply Access and Data Governance Labels dialog is displayed, presenting a list of labels. The list displays the label name, friendly name, category, and its description.

Select the labels from the list you would like to add to the role, then select Save

The Apply Access and Data Governance Labels dialog with a label selected.

Added labels appear under Labels tab.

The role's Labels workspace with the added label highlighted.

To remove a label from a role, select the label and then select Remove Labels.

The role's Labels workspace with a role selected and the Remove labels option highlighted.

Manage sandboxes for a role

Select the Details tab and navigate to the Sandboxes section. Select View All to see the complete list of sandboxes added to the role.

The role's Details workspace with the Sandboxes section highlighted.

To add more sandboxes to a role, select Edit from the top-right of the UI.

The role's Details workspace with the Edit option highlighted.

The next screen prompts you to choose which sandboxes resources to include in the role using the dropdown. When finished, select Save and then Close.

The role's Resources dashboard with the sandbox resources dropdown menu highlighted.

Manage users for a role

Select the Users tab to open the roles Users workspace, then select Add Users to assign users to the role.

The role's Users workspace is displayed with the Users tab and the Add Users option highlighted.

The Add Users dialog appears. Select the users from the list you would like to add to the role. Alternatively, use the search bar to search for the user by entering their name or email address, then select Save

The Add Users dialog with a user selected and the search bar and save option highlighted.

Added users appear under Users tab.

The role's Users workspace showing the users added to the role.

To remove a user from a role, select the X icon next to the user’s name.

The role's Users workspace showing a user with the X option highlighted.

The following video is intended to support your understanding of creating a new role and managing users for that role.

Manage API credentials for a role


To use and manage API credentials in Permissions, users must have system administrator privileges.

To use Experience Platform APIs as a user or developer, a system administrator needs to add API credentials in addition to a role’s given set of permissions. For a complete guide on creating and assigning API credentials, as well as the permissions needed, refer to the step-by-step tutorial in authenticate and access Experience Platform APIs.

Select the API credentials tab to open the roles API credentials workspace, then select Add API credentials to assign API credentials to the role.

The role's API credentials workspace with the Add credentials option highlighted.

The Add API credentials dialog appears. Select API credentials from the list to add to the role and then select Save

The Add API credentials dialog with a credential selected and the Save option highlighted.

Added API credentials appear under API credentials tab.

The role's API credentials workspace with the added credentials displayed.

To remove an API credential from a role, select the X icon next to the API credential name.

The role's API credentials workspace with the X option to remove a credential highlighted.

The Remove API credentials dialog appears, prompting you to confirm deletion. Select Confirm to finish removing the selected credential.

The Remove Credential popover prompting you to confirm removing the credential is highlighted.

You will be returned to the API credentials tab.

Manage user groups for a role

User groups are multiple users that have been grouped together and have access to execute the same functions.

Select the User groups tab to open the role’s user groups workspace and then select Add Groups to assign user groups to the role.

The role's User groups workspace with the Add Groups option

The Add Groups dialog appears. Select the user groups from the list you would like to add to the role. Alternatively, use the search bar to search for the user group by entering the name of the group, then select Save

The Add Groups dialog with a user group selected and the search and Save option highlighted.

Added user group appears under User groups tab.

The role's User groups workspace displaying the list of added user groups.

To remove a user group from a role, select the X icon next to the user group name.

The role's User groups workspace with the X option to remove a specific user group highlighted.

The Remove user group dialog appears, prompting you to confirm deletion. Select Confirm to remove the selected user group.

The popover for removing a user group is displayed and highlighted.

You will be returned to the User groups tab.

Add users to Experience Platform

As a system administrator, you may grant developer access to a user so they can create integrations in the Adobe Developer Console.

To add a user Experience Platform, log in to the Admin Console and select Add users.

The Adobe Admin Console dashboard with the Add users option highlighted.

The Add users to your team dialog appears. Enter the user’s email address, first name (optional) and last name (optional). Then select Products.

The Add users to your team dialog with the user fields and Products option highlighted.

The Select products dialogu appears. Select Adobe Experience Platform.

The select products dialog with Adobe Experience Platform highlighted.

The Select product profiles dialog appears. Select AEP-Default-All-Users then select Save.

The Select product profiles dialog with AEP-Default-All-Users selected and Apply highlighted.

Review the information and then select Save to add the user.

The Add users to your team dialog with the user information and chosen selections and the Save option highlighted.,

Next steps

With permissions established, you can proceed to the next step to manage users.

On this page