To increase the granularity and control of user account security, Attribution Analytics supports multiple users that you can add, modify, or delete for assigning different roles and permissions.
When you create or edit a user account in Attribution Analytics, you can define a user role, grant specific permissions, and allow or deny access at both the account and application level. Attribution Analytics makes it easy for you to assign permissions by providing pre-defined “roles” to choose from, each of which has its own set of pre-determined permissions. By selecting one of the pre-defined roles during user account creation, Attribution Analytics applies the relevant permission settings for that role.
This article is part of our Popular Features series.
User Roles & Permissions
To assign a role for a user account in Attribution Analytics:
- In the Account section of the main navigation, click Users.
- Select an existing user account (or click Add User in the upper-right corner).
- On the User Details page, complete or modify the required fields, then click Save. (if you’re creating a new user, click Next)
- If necessary, select the Roles & Permissions tab.
- From the Select a Role dropdown menu, select one of the following user roles:
- Administrator – Account Admins are the administrators of the User Accounts within their Advertiser Account. Admins can create, edit, and delete accounts (all user roles) and permissions (all user roles). They have full access to all parts of the account and application.
- Account Manager – Account Managers are those who manage the campaigns, but do not need access to either user settings or those aspects directly related to the app itself.
- Developer – Developers are the engineers of the app linked to the Attribution Analytics account. Developers have the ability to view all of the functionalities, but only have full access to modify (create, edit, delete) those aspects directly related to the app itself.
After you select a particular role for the user account, Attribution Analytics automatically applies the pre-defined permissions for that role (based on the most typical settings). Attribution Analytics groups the permissions by feature area, and assigns them at one of three levels: View-only, Create/Edit, or Full. Not all three options are applicable in all cases.
To further modify permissions for a user in after selecting a role:
- Toggle feature areas On or Off.
- Then for each enabled feature area, select the appropriate access level (View-only, Create/Edit, or Full) by clicking the appropriate radio button. (you can only specify one access level for each feature area; higher-level permissions include all lower-level permissions)
- Click Save. Settings on this page only apply to this user.
The following table describes each of the access levels for each feature area:
|Reports||N/A||N/A||Generate, filter, and view reports of all types (Dashboard, Actuals, Cohort, Retention, Logs). Users can save and edit custom versions of reports.|
|Partners & Integrations||View, filter, view details, setup instructions, and performance for integrated partners.||Activate integrated partners (creates a publisher in the Advertiser account based on the ad_network record. Also happens the first time a TUNE link is generated for an integrated partner)||Create, edit, delete new integrated partner entries.|
|Postback URLs||View list, details, optional parameters, and advanced settings for postbacks URLs.||N/A||Create, edit, All/Attributed setting, delete postback URLs.|
|Mobile Apps||View, filter, view Settings, and view details and performance for apps associated with an advertiser account.||N/A||Create, edit, delete apps.|
|Events||View events for apps associated with an advertiser account.||N/A||Create, edit, activate, delete, pause events associated with apps.|
|Campaigns||View, filter, campaigns and performance data associated with an advertiser account and/or apps. View payouts and destination URLs (list and details).||N/A||Create, edit, delete, publish campaigns associated with an advertiser account and/or apps. Create, edit, delete payouts and destination URLs.|
|Test Profiles||View list and details of test profiles associated with an advertiser account.||N/A||Create, edit, delete test profiles.|
Advertiser Account Access
|Account||N/A||N/A||Create advertiser account, view advertiser stats list.|
|Users||View account users, view/edit details, change password associated with a user account.||N/A||Create, edit, delete other account users.|
|User Permissions||View permissions (operations and partner/app access) associated with user accounts.||Create/Edit permissions for account users (Account Manager, Account Users), specify role, edit Partner/App access.||Create, delete all user account types (including account admins).|
|API Keys & Export||View API Keys, base URL associated with a user, generate exports, view documentation.||N/A||Create API key.|
|Preferences||Settings added to Partner and App sections.||N/A||N/A|
|Billing||View payment methods.||N/A||Create/edit payment methods, download invoice.|
In addition to user roles and permissions, users who have User Edit permissions can also control the set of Apps and/or Partners that a user can access (not only which specific apps a user can interact with, but also which Partners), as shown in the following screenshot:
- Custom (for example, Specific Mobile Apps/Partners: Multi-select list of Mobile Apps/Partners belonging to the Advertiser)
- If a user has Create/Edit access to Mobile Apps and/or Partners but also has restricted access to a set of Mobile Apps/Partners, then any new Mobile Apps/Partners they create are included in this restricted set by default.
- However, any new Mobile Apps/Partners created under the Advertiser Account by other users are not included in the restricted set by default; an Admin needs to manually grant the user access.
Application Area Access
In addition to permissions that govern operations within the application and control access to apps and/or partners, you can also set permissions to grant or deny user access to various sections of the application. These permissions essentially show or hide specific areas of the application to users.
- Reports – Access to the reporting section of the application and all reports.
- Partners – Access to the partners management pages and all subsections.
- Apps – Access to the app management pages and all subsections.
- Advertiser Account – Access to the Advertiser account management pages and all subsections.
Users must have access to at least one of the application areas. By definition, Account Admins always have access to all areas. In addition to any enabled areas, users also have access to their own Account Details pages (for example, to change their password). By default, all areas are enabled.
The Application Area access permissions apply only to system access through Attribution Analytics; these permissions do not apply to direct API access of the Attribution Analytics system. Users accessing the system with a valid API key inherit permissions based on their Roles & Permissions settings (such as View-only or Create/Edit) and their Partner and/or App access settings.
- If a user is denied access to some areas and is subsequently assigned to the Administrator role, then the user gets access to all areas of the application.
- Members of the Administrator role cannot have areas of the app disabled without first having their role changed to Account User.
Default Homepage when Reports Access is Disabled
By default, Attribution Analytics renders the reports dashboard when users first log in to Attribution Analytics. But with the Roles & Permissions security model, you can disable access to reports (including the dashboard). So Attribution Analytics applies the following logic to determine the start page:
|Default Homepage||Reports||Partners||Apps||Advertiser Account|