Identity and access management (Content)
The identity and access management (IAM) functionality allows you to control user access rights to view and make changes in specific parts of Bloomreach.
See Identity and access management (Discovery) for a list of user roles for Discovery.
User interface
The user management UI allows for the creation, modification, and deletion of users and contains admin roles to assign and revoke permissions to users. Typically, these UI features will be managed by an admin who is either a business user or an IT admin at your organization. The admin will have access to the user management UI and can make changes to users.
The UI allows for the following:
- Creation of new users
- Management of user data
- Resetting of passwords
- Role assignment
- Deletion of users
Add a new user
- Navigate to Setup in the left nav
- Click on User management
- Click on the Add New User button
- Fill in the user's information, including e-mail address, and select their site access and roles
- Click on Add New User to complete the process
Manage an existing user
- Navigate to Setup in the left nav
- Click on User management
- Click on the Manage dropdown in the Action column
- In the dropdown, you will see three choices:
- Manage User: change or remove assigned roles and site access
- Resend Invitation Email: reset the password for the user and send a password reset e-mail automatically to the e-mail address listed for that given user
- Delete User: remove the user completely from access to Bloomreach. This action is not reversible.
User roles for Content
The following roles for Content are supported in IAM. These are the roles that an IAM admin can assign to Users. You will only see the roles that are reflective of the Bloomreach products you have integrated on. For example, if you are not integrating Insights and are not an Insights customer, you will not see the "Insights User" role and will not be able to assign this role to anybody.
Role | Role definition |
---|---|
Content Author | A Content Author has access to the following apps: The Content Author role grants the following privileges: |
Content Editor | A Content Editor has access to the following apps: The Content Editor role grants the following privileges: |
Site Editor | A Site Editor has access to the following apps: The Site Editor role grants the following privileges: Note that a Site Editor cannot merge (reintegrate) an approved project. |
Site Admin | A Site Admin has access to the following apps: The Site Admin role grants the following privileges: |
Site Developer | A Site Developer has access to the following apps: The Site Developer role grants the following privileges: Note that a Site Developer is not able to directly modify the live production website. The Site Developer role also does not give read access to regular (non-development) projects. All modifications by a Site Developer must be made within a developer project. * Due to a bug, Site Developers are currently able to add, delete, and change the component items of experience pages in the Experience manager within core. This will be fixed in a future release. |
brXM System Admin | Non-functional legacy role, do not use. |
IAM site hierarchy
Bloomreach customer hierarchy is Parent Organization → Account → Site.
A user can be assigned a role at any node in this hierarchy: they can be assigned a role at the Parent Organization node, the Account node, or the Site node. If a role is given to a node at a higher level, it is propagated to all levels below it. For example, if user A was assigned the "Insights User" role at the Organization node, they would also be an "Insights User" at the Site node. However, if they were assigned "Insights User" at the Site node, they would not have the "Insights User" role at the Organization node.
Most customers will choose to assign users roles at the Account node. If the customer has a multisite account, they may choose to give users permission at the Organization level (for wider permissions) or at the Site level (for more scoped permissions).
The following are more detailed descriptions of the concepts in IAM.
Organization also known as Parent Organization | Parent organization is a top node of the Bloomreach customer hierarchy of: Parent Organization → Account → Site. Each customer has a Parent Organization. A Parent organization can contain multiple Accounts and each account can contain multiple Sites. It is important to note that Users exist at an Organization level. Because of this, the IAM Admin role only exists at an organization node in the hierarchy and users can only be managed at the Organization level. |
Account | An Account is made up of a group of Sites under the same Organizaiton. Roles can be assigned at the Account level. |
Site | A Site is the lowest node of the customer hierarchy. Roles can be assigned at the Site level. |
Updated about 1 month ago