Roles

What Is a Role

A role is a collection of permissions that allow or deny actions on an item or item property. If a permission is not set, the permission has the same effect as a deny.

For example, a user has a collection of permissions for an email item that allow him/her to create, view, and update an email and denies permission to delete an email. This same user may have permissions for an image item that allow him/her to upload and view an image and denies permission to update or delete an image.

In the following image the user has access to the actions that have check marks in the allow column. The user can create, view, and update an email but cannot delete one. Notice that many of the check boxes are not set. Therefore, this user does not have permission to perform those actions.

Note: Contact your ExactTarget representative if you have any questions about the availability of Roles and Permissions.

Roles are assigned to users and business units. Roles assigned to a business unit apply to all users in that business unit. Therefore, a single user can have multiple roles. The application aggregates permissions from all roles for each user. 

Users inherit roles from their business units. Child business units inherit roles and permissions from their parent when you select the Force Inheritance checkbox when managing business unit roles.

Characteristics of different types of roles are:

• User Roles - Permissions stay with the user regardless of business unit
• Business Unit Roles - Any user working in a business unit acquires the role and permissions of the business unit 
• Individual Role - Permissions specifically assigned to the individual

The system uses the permissions aggregated from all of a user's roles according to the following logic to determine whether the user can access an item:

• If no permission of the assigned role has explicitly granted access to an action, the action is denied
• If one of the permissions of the assigned role has explicitly denied access to an action, the action is denied
• Otherwise, the action is granted

Predefined Roles

Administrator

This role belongs to the overall manager of the ExactTarget application and all of the associated Enterprise 2.0 business units. As such, this role should have full control over all aspects of the application and be able to create, share, modify, or delete anything in your company structure.

Content Creator

This role can access all facets of content creation, but they have no control over other aspects of the ExactTarget application (such as subscriber information or tracking results). The content creator produces the images and words used in the email and lays out the actual messages, which are then approved and sent by other roles within the Enterprise 2.0 organization.

Data Manager

This role primarily maintains subscriber records and any publication or suppression lists and handles data imports and exports. The database marketer may have to create relationships than span multiple business units, but this role usually doesn't create or edit the content itself.

Analyst

This role includes the permissions to read, change, and update all information related to email sends. However, users with this role are unable to create or make any changes to content and subscriber lists or administer users.

Additional Roles

These roles can be added within an Enterprise 2.0 environment depending on your needs. While these roles are all related in some way to the four listed above, the permissions enabled on their accounts differ depending on the needs of the role.

Email Marketing Manager

This role retains control over a single business unit. Applicable permissions include the ability to create, share, modify, or delete anything within that business unit, as well as the ability to conduct the actual send of an email. However, this role does not include permissions to change or delete shared content created by the administrator.

Sales Representative

This role handles sales activities related to a specific territory. Responsibilities include personalizing templates, inserting content into those templates, and managing local subscriber lists.

 

Copywriter

This role handles the creation of email content for several business units, but there is no control over actual sends or database management.

Regional or Local Administrator

This role manages the administrative detail of one or more select business units. The assigned permissions let them create and manage accounts within their selected business units, but they can't alter any information outside of their assigned coverage.

Outside or Agency Content Creator

Assign this role to users from outside your organization that might create content for your email sends, such as a freelance copywriter or a graphic designer from an advertising agency. This role can create and upload content to the assigned business unit, but they have no other permissions.

Why Use a Role

Use roles to manage and control access to actions that can be taken against data in the application. You might create a Content Creator role for a user to create emails but not send them. You might want to create a content reviewer role for a user to only read content.

Typical roles may include Administrator, Content Reviewer, Content Creator, or Analysis. You can find more information on setting up roles and permissions in the Sample Roles section.

Use roles to enforce your security policies.

How to Create a Role and Assign Permissions

1. Click the Admin tab.
2. Click Account Settings.
3. Click Roles.
   The Roles workspace opens.
4. Click Create from the toolbar.
5. Complete the Properties section.

• Name - The name of the role
• External Key - Unique identifier in the ExactTarget database
• Description - Textual description for the role

6. Complete the Permissions section - Click allow or deny as applicable for each permission. If a permission is not selected, the permission is considered the same as a deny. 

Note: When you check an item in the allow column, you are checking all the permissions in the allow column related to the item. This is also true for the deny column. If you want to assign some permissions to an item, check each individual permission for the item.

How to Delete a Role

To delete an existing role, follow these steps:

1. Click the Admin tab.
2. Click Account Settings.
3. Click Roles.
   The Roles workspace opens.
4. Check the checkbox in front of the role you want to delete.
5. Click the Delete menu item
   The role is deleted. Permissions for a user and a business unit are recalculated to reflect the change when a role is deleted.

How to Update a Role

To update an existing role, follow these steps:

1. Click the Admin tab.
2. Click Account Settings.
3. Click Roles.
   The Roles workspace opens. 
4. Click the role name that you want to update.
   The Role properties and permissions workspace opens.
5. Make changes as necessary.
6. Click the Save button to return to the Roles workspace.

How to Assign a Role to a User

To assign a role to a user, follow these steps:

1. Click the Admin tab.
2. Click My Users.
3. Check the checkbox in front of the name of the user for which you want to assign roles and click the Manage Roles menu item.
   The user workspace opens.
4. Select a business unit from the drop down box that contains the role you want to assign.
5. Click the Edit Roles link.
6. (Optional) Check/uncheck the checkbox in front of the role(s) you want to assign/unassign.
7. (Optional) Check/uncheck the checkbox in front of the permission(s) you want to assign/unassign.
8. Click the Save button to save the settings and return to the My Users workspace. Click the Cancel button to not save the settings and return to My Users workspace.

How to Assign a Role to a Business Unit

To assign a role to a business unit, follow these steps:

1. Click the Admin tab.
2. Click Account settings.
3. Click Business Units.
4. Check the checkbox in front of the business unit for which you want to assign roles.
5. Click Manage Roles. 
6. Check/uncheck the checkbox in front of the role(s) you want to assign/unassign.
7. Click the Save button to save the settings and return to the Business Units workspace. Click the Cancel button to not save the settings and return to the Business Units workspace.

How to Define a Subscriber Filter

Click here for more information on data filters and on how to define data filters.

1. Click the Admin tab.
2. Click Business Units.
3. Check the checkbox next to the business unit for which you want to create the filter.
4. Click the Define Subscriber Filter menu item. 
5. Complete the filter criteria.
   The results of this filter will become the all-subscribers list for the business unit.
   On the business unit detail, you can control the unsubscribe options. This controls behavior of the entire unsubscribe, and not the individual list opt-out.
6. Click the Save button to save the settings and return to the business units workspace. Click the Cancel button to not save the settings and return to the business units workspace.

How to Change Permissions for a Shared Item

You must be the owner of an item to change permissions for the item. As the owner of the item, you can perform all operations on the item, even if you remove permissions from your business unit.

1. Click the Content tab.
2. Click Shared Items.
3. Click the folder of the items to share.
4. Select the checkbox next to the item to share. 
5. Click Permissions.
6. Select the checkbox next to the business unit for which you want to edit the permissions.
7. Click Edit Permissions.
8. Check/uncheck permissions for the business unit.
9. Click the Save button to save the settings and return to the edit permissions workspace. Click the Cancel button to not save the settings and return to the edit permissions workspace.
10. Click the Return menu item to return to the shared items workspace.