Security management

IBM® Marketing Platform supports roles and permissions to control user access to objects and features in IBM® EMM applications.

For the most part, only Marketing Platform itself and Campaign use Marketing Platform's security functions to manage users' application access in detail.

The other IBM® EMM products use some basic application access roles set through Marketing Platform, and either do not have detailed security settings, or the settings are not managed in the Marketing Platform area of the user interface.

IBM® EMM products manage permissions as follows.

Security roles and permissions in IBM® EMM
Product	Security roles and permissions
Marketing Platform	Roles and permissions control users' access to Marketing Platform administration pages and their ability to modify user accounts other than their own account. You manage these roles on the User Roles & Permissions page. Although the reporting function is a component of Marketing Platform, it has its own entry on the User Roles & Permissions page, and it has default roles with only broad, basic permissions.
Interaction History and Attribution Modeler	Roles and permissions control users' access to their administration pages and their ability to view reports. You manage these roles on the User Roles & Permissions page.
Campaign	Permissions control users' access to objects and their ability to perform various actions with objects. In Campaign only, permissions can apply to all objects within a folder, and multiple roles can be grouped into a policy, which can then be assigned to a user or group of users. You manage Campaign roles on the User Roles & Permissions page.
Marketing Operations	Setting up the basic roles on the User Roles & Permissions page is only the starting point for developing a customized security scheme. Marketing Operations has a detailed security scheme you can manage through a user interface in the Marketing Operations area.
CustomerInsight, Digital Analytics for On Premises, Distributed Marketing, eMessage, Interact, and Lead Referrals	These products have default roles with broad, basic permissions for application access. They do not have permissions that allow you to define in detail a user's access to these applications.