Marketing Cloud is like any other solution when it comes to user access. In this blog we will go over how Marketing Cloud works when it comes to access, specifically roles and permissions.
Let’s start with permissions. Permissions determine what users have or haven’t got access to. This can be broken down into Studios, Objects and then Access.
Roles are a collection of permissions, which allows us to assign groups of permissions. You create roles and assign them to the team it represents.
For example, the Content Development team would get the ‘Content’ role assigned to them, which has all the permissions required to be able to upload assists and build emails.
Marketing Cloud has a series of standardised roles that every instance of Marketing Cloud has. But of course, this may not meet your business requirements. For those, we can create custom roles.
A user can have more then one role assigned to them and also have permissions controlled directly on their user record.
This means you may find that roles and individual permissions contradict each other (one says Allow and another says Deny). This is very simple, Deny will overwrite Allow. This guarantees we are only granting access to those that really need it.
Typically, custom roles are what we use to deny access. As all standardised roles only provide access.