Manage user roles

Bloomreach Discovery lets you manage access to product features and data with user roles.

📘
See Identity and Access Management (Content) for a list of user roles for Bloomreach Content.

User access site hierarchy

Bloomreach Discovery’s user access hierarchy is Parent Organization → Account → Environment → Site.

A user can be assigned a role at any node in this hierarchy: they can be assigned a role at the Parent Organization node, the Account node, or the Site node. If a role is given to a node at a higher level, it is propagated to all levels below it. For example, if user A was assigned the "Events viewer" role at the Organization node, they would also be an "Events viewer" at the Site node. However, if they were assigned "Events viewer" at the Site node, they would not have the "Events viewer" role at the Organization node.

Many customers will choose to assign roles at the Organization node, which will provide access to perform a role using all available data. If the customer has a more complex org structure, they may choose to assign roles at lower levels for more restricted access to perform activities only with a subset of data. For example, a user might be assigned access to only a single brand within a multi-brand holding company, or a junior developer might be allowed access to the staging environment for an Account but not the production environment.

The following are more detailed descriptions of the concepts in Discovery feature access.

Hierarchy level	Description
Organization - also known as Parent Organization	Parent organization is a top node of the Bloomreach customer hierarchy of Parent Organization → Account → Environment → Site. Each customer has a Parent Organization. A Parent organization can contain multiple Accounts, and each account can contain multiple Sites. It is important to note that Users exist at the Organization level. Because of this, the Users admin role is only effective at the Organization level in the hierarchy, and users can only be managed at the Organization level.
Account	An Account is made up of a group of Sites under the same Organization. Each Bloomreach Account always comes with a Staging Environment provisioned by default. The provision of a Production Environment is optional. Roles can be assigned at the Account level.
Environment	This node allows you to grant user access to specific environments. This can include access to both Production and Staging or just the Staging environment. It depends on how your account was set up during the initial provisioning.
Site	A Site is the lowest node of the hierarchy. Roles can be assigned at the Site level.

User access hierarchy with Staging and Production environments

User interface

The Users application UI allows for user creation, modification, and deletion and contains admin roles to assign and revoke user permissions. Typically, these UI features will be managed by an admin who is either a business user or an IT admin at your organization. The admin will have access to the Users UI and can make changes to users.

The UI allows for the following:

Creation of new users
Management of user data
Resetting of passwords
Role assignment
Deletion of users

Add a new user

Navigate to Setup in the left nav
Click on Users
Click on the Add New User button
Fill in the user's information, including e-mail address, and select their site access and roles
Click on Add New User to complete the process

Adding a new user for SSO-enabled clients

Regular user creation from the Users application will not work for SSO-enabled users, as authentication must be done through your SSO provider.

SSO-enabled users should log in directly through their SSO provider using the steps provided below:

Go to the Bloomreach dashboard login page(https://tools.bloomreach.com).
Type in the SSO client's email and click login.
This will take you to your own SSO provider login page. Complete the login here using your SSO credentials.
Post login, you’ll be redirected to the Bloomreach dashboard.
On your first login, a new user will be automatically generated and granted default access (as defined during requirement collection for SSO setup). The Users admin can follow up later and modify the user's access in the Users application.

Manage an existing user

Navigate to Setup in the left nav
Click on Users
Click on the Manage dropdown in the Action column
In the dropdown, you will see three choices:
1. Manage User: change or remove assigned roles and site access
2. Resend Invitation Email: reset the password for the user and send a password reset e-mail automatically to the e-mail address listed for that given user
3. Delete User: remove the user completely from access to Discovery. This action is not reversible.

User roles

The following user roles are supported. These are the roles that a Users admin can assign to Users. You will only see the roles that are reflective of the Bloomreach products you have integrated on. For example, if you are not integrating Insights and are not an Insights customer, you will not see the "Insights User" role and will not be able to assign this role to anybody.

General access features

Some features of the Discovery product are accessible to any user of the product. Assigning any one (or more) of the specific roles below will automatically grant access to these features. This includes access to the Usage application and several diagnostic tools, such as read-only access to Catalogs application, Event diagnostics, and the Event alerts application.

Specific roles

Catalogs & events admin

Permissions

Catalogs & events admin has read/write permission to view and manage their catalog data via Catalogs application. It also grants access to Catalog Management APIs used for catalog feed ingestion and related purposes. This role also grants the ability to configure alerts within the Event alerts application.

Catalogs reindexing admin

Permissions

Catalogs reindexing admin grants access to the specific action of reindexing a catalog, either via Catalogs application or Dynamic categories. This action is required to update a catalog index when a dynamic category is added or edited. Some customers choose to withhold the ability to trigger this manually and instead use an automated catalog reindex schedule.

Categories merchandising editor/viewer

Permissions

For the following Discovery apps, a Categories merchandising editor has read and write access, while a Categories merchandising viewer has read-only access. Both these roles can only view Global ranking and Global facet rules. The accessible modules are listed below:

Events viewer

Permissions

A user with Events viewer role has access to the Event diagnostics feature. Since this access is already available to users with any other Discovery-related role, this role exists mainly to provide very restricted read-only access for QA Test Engineers or other users with a need to check integration status but not change product configuration.

Global merchandising editor

Permissions

Read and write access to both Search and Category modules.
Read and write access to Global ranking and facet rules. The accessible modules are listed below:

Site search

Ranking rules
Redirects
Facets
Autosuggest blocklist
Synonyms

Insights reports editor/viewer

Permissions

For the following Discovery apps, an Insights reports editor has read/write access and an Insights reports viewer user has read-only access:

Insights

Activities
Collections
- Product collections
- Category collections
- Page collections
- Query collections
- Brand collections
Library
- Overview
  - Sitewide overview
  - Site search overview
  - Site search KPIs
- Reporting
  - Category page diagnostics
  - Product dashboard
  - Brand dashboard
  - Page dashboard
  - Site search diagnostics
Opportunities
- Top opportunities
- Improve category navigation
- Improve site search
Playbooks

Setup

Personalization studio editor

Permissions

A Personalization studio editor role provides access to:

Real-Time Segments for Discovery feature. The user will also receive email notifications for the exposed segmentations.
1:1 Personalization (Personalization studio) feature

Recall and ranking studio editor

Permissions
A Recall and ranking studio editor has read/write access to the Recall Studio and Ranking Studio features.

Recommendations editor/viewer

Permissions
For the following Discovery apps, a Recommendations editor has read/write access, and a Recommendations viewer has read-only access:

Merchandising

Site search
- Ranking rules
- Redirects
- Facets
- Autosuggest blocklist
- Synonyms
Categories
- Ranking rules
- All category pages
- Facets
Product grid insights
Campaigns & assets
Global merchandising
- Facets
- Ranking rules

Recommendations

Insights

Account analytics
Site search analytics
- No revenue keywords
- No search results keywords
- Overall performance
- Top keywords
Category analytics
- Overall performance
- Top categories
Recommendations analytics
- All widgets summary
- Just for you
- More like this

Testing

Merchandising audience

Setup

Legacy reports
- Account overview
Usage

Search merchandising editor/viewer

Permissions
For the following Discovery apps, a Search merchandising editor has read and write access, while a Search merchandising viewer user has read-only access. Both these roles can only view Global ranking and Global facet rules. The accessible modules are listed below:

Site search

Ranking rules
Ranking rules
Redirects
Facets
Autosuggest blocklist
Synonyms

Product grid insights

Campaigns & assets

Recommendations

Insights

Account analytics
Category analytics
- Overall performance
- Top categories
Recommendations analytics
- Just for you
- More like this

Testing

Merchandising audience

Setup

Merchandising
- API modifier
- Configurations cloner
- Dynamic categories
- Product grid settings
Legacy reports
- Account overview
Usage

SEO thematic pages editor/viewer

Permissions
For the following Discovery apps, an SEO thematic pages editor has read/write access and an SEO thematic pages viewer has read-only access:

Insights

Account analytics
Thematic pages
- Incremental
- Overall performance
- Device traffic
- Generated pages
- Targeted pages

Merchandising

Global merchandising
- Facets

Setup

Discovery API details
Legacy reports
- Account overview
- Account traffic breakdown

SEO widgets editor/viewer

Permissions

For the following Discovery apps, an SEO widgets editor has read/write access and an SEO widgets viewer has read-only access:

Insights

Account analytics
Thematic pages
- Incremental
- Overall performance
- Device traffic
- Generated pages
- Targeted pages

Setup

Legacy reports
- Account overview
- Account traffic breakdown
Usage

Usage report viewer

Permissions

A Usage report viewer has access to the Usage application. Since this access is already available to users with any other Discovery-related role, this role exists mainly to provide very restricted read-only access for procurement administrators or other users with a need to check usage levels but not change product configuration.

Users admin

Permissions

A Users admin has read/write access to the following Discovery apps:

Setup

Users application
Discovery API keys