Admin roles

Platform Permissions is in GA for new customers and in EEA (Expanded Early Access) for select customers. If you are interested in trying this feature or need to migrate from EA to EEA, contact your customer success manager. For more information, see the project rollout plan.

How it works

An admin role defines a set of account access levels for administering client-side and server-side users, managing account-level functions, and managing the membership and structure of profiles. Account managers can use admin roles to delegate management of an account and the product features to other users.

The following admin roles are available:

• Account admin
• User admin
• Technical admin
• Privacy admin
• Profile admin
• Account viewer

Users without admin roles receive only the access to the account they obtain through their membership in permissions groups.

The difference between admin roles and permission groups is that admin roles manage aspects of the account while permission groups manage aspects of profiles.

Default account admin

When account administrators turn on permissions enforcement, the system automatically assigns the account admin role to all users who previously had the manage account permission in the legacy permissions system.

This automatic permissions assignment ensures that at least one user will have the account admin role when platform permissions is turned on.

Roles

You can grant the following admin roles to users in your account:

Account admin

The account admin role has full power and access to the account. The account admin role includes all account-level permissions and all profile-level permissions, including both client-side and server-side publishing permissions.

In addition, Account admins control permissions enforcement on the account, which changes the account from legacy to platform permissions. For more information, see Permissions Enforcement

At least one user in your account must have the account admin role. If you are the only user with the account admin role in your account, you cannot remove this role from yourself.

User admin

The user admin role has access to the following settings:

• Manage Permissions: Create, edit, and delete permission groups. Also can add and remove users from permission groups, and assign profiles to permission groups.
• Manage Users: Add, edit, and remove users from the account.
• Multi-Factor Authentication: Enable and disable multi-factor authentication on the account.
• Reset MFA for other users: Reset multi-factor authentication tokens for other users in the account.
• Set Password Policy: Manage the password policy for the account.
• SSO Management: Enable, disable, and manage Single-Sign On (SSO).
• Insights Management: Manage user roles within Tealium Insights.

Also, the user admin role can view all profiles on the account.

Technical admin

The technical admin role has access to the following settings:

• First-Party Domains - Manage first-party domains, including entering domain names and updating certificates.
• GitHub Account - Link the account to a GitHub account for use with the Advanced JavaScript Code extension.

Privacy admin

The privacy admin role can only be granted to users with the user admin role. The privacy admin role has access to the following settings:

• Consent Management: Manage consent parameters and languages, which apply to all profiles that use consent management.
• PII View and Manage: Manage Personally Identifiable Information (PII) user permissions and view and edit attributes with restricted data.
• Tag Marketplace Policy: Enable, disable, and configure the tag marketplace policy to control which tags are available for use on this account.

Profile admin

The profile admin role has access to manage profiles and profile settings. This role does not include profile editing or publishing permissions; those are granted through rights in a permission group, which the profile admin can set.

• Create New Profile: Create new profiles and assign permissions groups to them.
• Manage Profile Libraries: Manage profile libraries.
• Manage Profiles: Manage an existing profile.

Account viewer

The account viewer role can view everything in the account with read-only access. It is intended for auditing or legal review purposes.

Manage a user’s admin roles

To edit a user’s admin roles:

1. In the admin menu, click Manage Permissions.
2. Click the Users tab.
3. Click the user you want to edit. The User Details slideout appears.
4. Click the Basic Info tab and click Edit.
5. Add or remove the necessary admin roles for the user.
6. When you are finished making the changes you want, click Finish.

The changes to the user’s admin roles are effective immediately.

You can also use the checkboxes and Bulk Actions to assign or unassign roles to multiple users at once.