Campaign Manager - Campaign Manager (Silverlight)

Campaign Manager and Engine Security

Campaign Manager can map users to Engine users to restrict what tables, columns, and rows users have access to within the system.

Restricting columns, rows, and tables means that the tables and columns will not be available within the Data Explorer pane (for exceptions to the rule see examples 3 and 4 below) and Users cannot open documents that contains columns or rows they do not have access to.

For example:

  • User 1 is part of an Engine security group that does not allow access to the Household table . Therefore when opening Campaign Manager User 1 will not see the Household table, which in turn means they cannot select any columns contained within this table.
  • User 2 is part of an Engine security group that does not allow access to the Age column on the Customer table. This means that User 2 will not see the Age column within the Household table.
  • User 3 is part of an Engine security group that does not allow access to the Male row on the Gender column. When user 3 opens the customer table, they will be able to see the Gender Column, however when selecting the data helper only Females are available to them:

See Campaign Manager - Settings for more information.

Example 1

A document has been created by User 1, who has security permissions applied to them. User 2, who has been mapped to an Engine user that does not have access to a column contained within the document tries to open this document and receives the following:

User 2 will then click OK to remove the message and will not have access to the document.

Example 2

User 1, with no security applied to them creates a campaign. As user 1 has no security all tables, columns and rows are available to them. The audience used on the campaign is Age 19 only.

User 2, who has column level security on age and therefore cannot open the campaign at all.

User 3 has row level security on females. Therefore user 3 can open the document but only see females in the data viewer. All the counts in the campaign still reflect the original audience set by user 1 therefore the counts on the overview and the audience tab etc still show 19 year old males and females.

Note: The preview button cannot be used after the campaign has started so the stale counts are displayed. Therefore in this example user 3 can see the total counts of the campaign not the actual details of those people. If user 3 then restarts the campaign, therefore taking ownership, the audience is then changed to 19 year old females only due to user 3's security permissions.

Example 3

User 1 with full access creates a new table based on a subset of data from another table.

User 2, who had limited access to the original table can see all columns in the new table. This is because Engine security is not, by default, applied to new tables.

Example 4

User 1 has access to the Customer Profit column and creates a decile column based on customer profit.

User 2 does not have access to the Customer Profit column but will by default be able to see the new column created by user 1. This is because Column security is not applied to new columns created by engineering tools.

Example 5

User 1 has been not been allowed access to a database or the tables it by Engine security. However when logging in to Campaign Manager the Database name is still displayed but there are no tables within the database. This is because there is no option to hide a datasource for a specific user or Group of users within Campaign Manager.

Example 6

User 1, who has a security filter of people with a Product from Band A, creates a Campaign using the Split on Data tool with Occupation. Brand A has no directors and therefore a split on data for Directors will not exist. User 2 updates the campaign, but User 2 has a security filter of people with a Product from Brand B which contains Directors. As there were not directors in the split created by User1 and User 2 does not have access to a Product Brand containing directors the Split on Data tool will not have a segment to be processed for Directors.

Example 7

User 1, who has the security permissions of Engine User A creates and runs a document containing an engineering tool with a "Table Column Name".

User 2, who also has the same security permissions of Engine User A opens and runs the document the system detects that the named engineering tool has already been created and re-uses it.

User 3, who has security permissions of Engine User B opens and runs the document, at this stage the document fails. This is because in line engineering tools are created with the security group of the first user, in this case User 1. Only users who have the same security permissions will be able to run the document.

Example 8

User 1 with no security permissions creates a segment document with a simple query of Customer Age = 19. User 1 then creates another segment and adds a linked segment to the document that contains Customer Age = 19.

User 2, who cannot see the Customer Age column opens the document that contains a link to the original segment and is able to see the count from when the document was last processed. User 2 is also able to use this document in a linked segment. However User 2 is not able to see the column they do not have access to.

  Online & Instructor-Led Courses | Training Videos | Webinar Recordings
© Alterian. All Rights Reserved. | Privacy Policy | Legal Notice