Identity and Access Management - Bloomreach Experience - Headless Digital Experience Platform

Identity and Access Management

The Identity and Access Management (IAM) functionality lets you have the ability to control user access rights to view and make changes in specific parts of brX.

User Interface

The user management UI allows for creation, modification and deletion of users and contains admin roles to assign and revoke permissions to users. Typically, these UI features will be managed by an admin who is either a business user or an IT admin at your organization. The admin will be the one who has access to the user management UI and can make changes to users.

The UI allows for the following:

  1. Creation of new users
  2. Management of user data
  3. Resetting of passwords
  4. Role assignment
  5. Deletion of users

Add a New User

  1. Navigate to Setup in the left nav
  2. Click on User management
  3. Click on the Add New User button
  4. Fill in the user's information, including e-mail address and select their site access and roles
  5. Click on Add New User to complete the process

Manage an Existing User

  1. Navigate to Setup in the left nav
  2. Click on User management
  3. Click on the Manage dropdown in the Action column
  4. In the dropdown, you will see three choices:
    1. Manage User: change or remove assigned roles and site access
    2. Resend Invitation Email: reset the password for the user and send a password reset e-mail automatically to the e-mail address listed for that given user
    3. Delete User: remove the user completely from access to brX. This action is not reversible.

Default Roles

The following default roles are supported in IAM. These are the roles that an IAM admin can assign to Users. You will only see the roles that are reflective of the Bloomreach products you have integrated on. For example, if you are not integrating Insights and are not an Insights customer, you will not see the "Insights User" role and will not be able to assign this role to anybody. 

Role Role Definition
Site Search User

Read/Write
 

A Site Search User has access to the following brX apps:

  • Merchandising → Site Search
  • Testing
  • Targeting
Site Search - Read Only

Read Only
 

A Site Search - Read Only has read only access to the following brX apps:

  • Merchandising → Site Search
  • Testing
  • Targeting
Category User

Read/Write
 

A Category User has access to the following brX apps:

  • Merchandising → Categories
  • Testing
  • Targeting
Category User - Read Only

Read Only
 

A Category User - Read Only user has read only access to the following brX apps:

  • Merchandising → Categories
  • Testing
  • Targeting
Insights User

Read/Write

 

A Insights user has access to the following brX apps:

  • Insights
Insights User - Read Only

Read Only
 

A Insights User - Read Only user has read only access to the following brX apps:

  • Insights
Dev Studio User

Read/Write
 

A Dev Studio User has access to the following brX apps:

  • Dev Studio → Account Info
  • Dev Studio → Pixel
  • Dev Studio → Feed Status (can click and execute Feed Revert button)
  • Dev Studio → API
Dev Studio User - Read Only

Read Only
 

A Dev Studio Read Only User has read only access to the following brX apps:

  • Dev Studio → Account Info
  • Dev Studio → Pixel
  • Dev Studio → Feed Status (cannot execute Feed Revert functionality)
  • Dev Studio → API
Dev Studio User (Feed Config)

Read/Write
 

A Dev Studio User (Feed Config) has access to the following brX apps:

  • Dev Studio → Feed Configuration
  • Dev Studio → Attribute Configuration
Dev Studio User (Feed Config) - Read Only

Read Only
 

A Dev Studio User (Feed Config) - Read Only has read only access to the following brX apps:

  • Dev Studio → Feed Configuration
  • Dev Studio → Attribute Configuration
IAM Admin

Read/Write
 

A IAM Admin has access to the following brX apps:

  • Configurations → User and Role Management

This role can only be assigned and given by the Bloomreach support team.

Organic (Widgets) User

Read/Write
 

A Organic (Widgets) User has access to the following brX apps:

  • Organic → Analytics
Organic (Widgets) User - Read Only

Read Only
 

A Organic (Widgets) User - Read Only has read only access to the following brX apps:

  • Organic → Analytics
Organic (Thematic) User

Read/Write
 

An Organic (Thematic) User has access to the following brX apps:

  • Organic → Tools
Organic (Thematic) User

Read Only
 

An Organic (Thematic) User - Read Only has read only access to the following brX apps:

  • Organic → Tools
Pathways and Recommendations User

Read/Write
 

A Pathways user has access to the following brX apps:

  • Merchandising → Recommendations & Pathways
Pathways and Recommendations User - Read Only

Read Only
 

A Pathways - Read Only User has access to the following brX apps:

  • Merchandising → Recommendations & Pathways
Content Author

A Content Author has access to the following brX apps:

  • Experience manager
  • Projects
  • Content
  • Document search

The Content Author role grants the following privileges:

  • Create and modify folders

  • Create and modify documents and experience pages. The user can create documents for the 'core' branch and for regular (non-developer) projects. The user cannot create documents for developer branches.

  • Browse regular projects in the Projects and Experience manager apps.

  • Add, delete, and change component items of experience pages in the Experience manager for core and regular projects

  • Upload and modify images

  • Upload and modify assets

  • Request publication of documents and experience pages

  • Request taking offline of documents and experience pages

Content Editor

A Content Editor has access to the following brX apps:

  • Experience manager
  • Projects
  • Content
  • Document search

The Content Editor role grants the following privileges:

  • All privileges of the Content Author role
  • Approve or reject publication requests
  • Approve or reject take offline requests
  • Publish documents and experience pages directly
  • Take documents and experience pages offline directly
  • Approve or reject items in a project under review
  • Add comments in projects
  • Start or cancel a project review
Site Editor

A Site Editor has access to the following brX apps:

  • Experience manager
  • Projects
  • Content
  • Document search

The Site Editor role grants the following privileges:

  • All privileges of the Content Editor role
  • Modify menus and shared containers in the Experience manager 
  • Manage channel settings 
  • Publish their own channel changes to live

Note that a Site Editor cannot merge (reintegrate) an approved project.

Site Admin

A Site Admin has access to the following brX apps:

  • Experience manager
  • Projects
  • Content
  • Document search

The Site Admin role grants the following privileges:

  • All privileges of the Site Editor role
  • Create new channels
  • Create new developer and regular (non-developer) projects
  • Add a channel to a project
  • Update projects (pulling in 'core' changes)
  • Merge reviewed (and approved) projects
Site Developer

A Site Developer has access to the following brX apps:

  • Experience manager
  • Projects
  • Content
  • Document search
  • Setup > brXM API token management

The Site Developer role grants the following privileges:

  • All privileges of the Site Author role with the difference that Site Developer role gives the privilege to only create documents within a developer project (and not within 'core')
  • Add, delete, and change the component items of experience pages in the Experience manager within developer projects (*).
  • Create new developer projects (note that regular projects are not visible to a Site Developer, neither in Projects nor in the Experience manager project dropdown)
  • Modify document types within a developer project which includes document types.
  • Add channel to a project
  • Update developer projects (note that the Site Developer role does not provide the privilege to merge a project since that would change live production website)
  • Approve or reject items in a developer project under review
  • Add comments in developer projects
  • Start or cancel a developer project review
  • Invoke Site Management API REST calls

Note that a Site Developer is not able to directly modify the live production website. The Site Developer role also does not give read access to regular (non-development) projects. All modifications by a Site Developer must be made within a developer project.

(*) Due to a bug, Site Developers are currently able to add, delete, and change the component items of experience pages in the Experience manager within core. This will be fixed in a future release.

IAM Site Hierarchy 

Bloomreach customer hierarchy is Parent Organization → Account → Site. 

A user can be assigned a role at any node in this hierarchy: they can be assigned a role at the Parent Organization node, the Account node, or the Site node.  If a role is given to a node at a higher level, it is propagated to all levels below it. For example, if user A was assigned the "Insights User" role at the Organization node, they would also be an "Insights User" at the Site node. However, if they were assigned "Insights User" at the Site node, they would have the "Insights User" role at the Organization node.

Most customers will choose to assign users roles at the Account node. If the customer has a multisite account, they may choose to give users permission at the Organization level (for wider permissions) or at the Site level (for more scoped permissions). 

The following are more detailed descriptions of the concepts in IAM. 

Organization also known as Parent Organization

Parent organization is a top node of the Bloomreach customer hierarchy of

Parent Organization → Account → Site.

Each customer has a Parent Organization. A Parent organization can contain multiple Accounts and each account can contain multiple Sites.

It is important to note that Users exist at an Organization level. Because of this, the IAM Admin role only exists at an organization node in the hierarchy and users can only be managed at the Organization level.

Account An Account is made up of a group of Sites under the same Organizaiton. Roles can be assigned at the Account level.
Site A Site is the lowest node of the customer hierarchy. Roles can be assigned at the Site level.
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?