Manage roles and permissions

  • Updated

Roles determine the permission level for users in the Opti ID Admin Center and Optimizely products. System roles for each product are in the Admin Center by default. You can add custom roles to support individuals who manage multiple product instances with the same entitlements.

There are four different levels of administrators in the Opti ID Admin Center. You are presented with the most relevant page as your starting point based on your Opti ID Admin Center role. Each administrator level can invite users at the product, instance, and project levels (for Optimizely Experimentation).

Think of these as product roles, where the product is Opti ID Admin Center. They determine what you can do within the Opti ID Admin Center and do not apply to your other Optimizely products.

In addition to roles that are specific to the Opti ID Admin Center, there are roles for each of your Optimizely products in the Opti ID Admin Center. The product roles determine what your users can do in the corresponding Optimizely product.

System roles

The following system roles are available by default in the Admin Center for each Optimizely product you have access to. You cannot edit or delete system roles.

Opti ID Admin Center roles

  • Super Admin – Access to everything in the Admin Center, including the ability to create custom roles. The default landing page is Product Access.
  • Product Admin – Access to products, groups, and roles. The default landing page is Product Access. If you have access to multiple products, the list of products displays on your landing page. If you have access to only one product, the list of instances for that product displays on your landing page.
  • Instance Admin – Access to only your product instances and users.
  • Project Owner – This role is specific to Optimizely Experimentation. Access to all Experimentation projects for your organization, but you can only manage the projects and users you have access to. If you only have one project, then you see the user list.

Configured Commerce roles

Opti ID does not support custom roles created in Configured Commerce.

Console user roles

  • ISC_Admin – Has administrative access to the Admin Console and can modify application and website settings. This role does not have access to the debugging tools found within the Primary Header. Typically, this role is assigned to the system administrator.
  • ISC_Implementer – Has administrative access to the Admin Console and can modify key implementation and integration settings. Users in this role cannot create or delete websites. This role is usually assigned to Optimizely implementation partners.
  • ISC_User – Has secured access to the Admin Console and can modify customers, users, and orders, among other items. Typically this role would be assigned to customer service representatives, but you could also assign it to merchandisers or marketers.
  • ISC_Integration – Is assigned to the user specified in the WIS, used in the WIS Integration service to connect to the site for running jobs and transferring files.
  • ISC_StoreFrontApi – Controls access to custom properties in the Application Dictionary, including whether they are returned from or editable on the website.

Content Management System (Spire and Classic) user roles

  • ISC_ContentAdmin – Can preview, approve, and publish content and create and modify templates.
  • ISC_ContentApprover – Can preview, approve, and publish content.
  • ISC_ContentEditor – Can add and edit content.
  • ISC_FrontEndDev – Can add, remove, or edit theme-based content, found under the Themes & Content menu in the Admin Console.
  • CMS_ContentDeveloper – Can use advanced features in Spire (when enabled), such as adding or editing CSS fields in widgets and the Code Snippet widget.
  • CMS_ContentEditor – Can manage and edit content in Spire, including adding or editing widgets, creating pages, deleting pages, creating page variants, copying pages, and rearranging pages in the page tree.
  • CMS_Publisher – Can approve and publish content in Spire.
  • CMS_SiteEditor – Has the same abilities as the CMS_ContentEditor and can create, edit, and delete commerce pages and their content.
  • CMS_SystemAdmin – Has the same abilities as CMS_ContentDeveloper, CMS_ContentEditor, CMS_Publisher, and CMS_SiteEditor with the added option to edit the site's global style guide.

Content Management System (CMS) roles

These roles apply to CMS (SaaS) and CMS (PaaS).

  • Commerce Admins – Comes from Microsoft Windows and is defined when you create the website. An administrator can access all parts of the system and can edit all website content. Often, administrators are developers setting up or maintaining the website.
  • Content Admins – Can access admin and edit views and the administration interfaces for add-ons and audiences. This role does not provide editing access to the content structure by default. In most cases, only a few system administrators or "super users" have this role.
  • Content Editors – Can access the editing view. Give users this role to give them access to the edit view. Then, add other roles to give them specific editing rights to content. On large websites, editors are often organized in groups according to content structure or language.

See the CMS user documentation for more details on CMS access rights.

Content Marketing Platform (CMP) roles

  • Admin – Can access everything and can view and modify any tasks. Admins can also manage users, teams, workflows, and other organization settings.
  • Collaborator – Can access work assigned to them or if work has a shared campaign or task. They cannot create campaigns or tasks.
  • Collaborator+ – Can access idea lab, calendar, campaigns, tasks, requests, and library. Can only view and collaborate on the campaigns and tasks shared or assigned to them. Can also view and upload to the library.
  • Creator – Can access the entire platform except for administrative settings. Can create and contribute to campaigns and tasks.
  • DAM Requester – Has minimum access to CMP. Can only work with the Requests page and see the Library page to view and download content.
  • Guest – Can only submit requests and view the requests module. Within the requests module, they can manage their submitted requests and see where requests are in the queue.
  • Library Only – Can see, search, and download assets only in the library module.

Content Recommendations roles

  • Admin – Can create and edit properties, sources, content lists, flows, sections, deliveries, IP address filters, and whitelists. Can edit (but not create) goals, master filters, and answers. Can view everything else in Content Recommendations.
  • Editor – Can create and edit content lists, flows, sections, and deliveries. Can view everything else in Content Recommendations.
  • Viewer – Can only view everything in Content Recommendations (no editing access).

Experimentation roles

  • Administrator – Has full access to all projects and account billing information, including creating projects. They can also add and remove other administrators. You cannot assign someone as an administrator for only one project, as this role gives them administrator access to all projects. If you change an administrator to any other role, they lose all privileges on other projects.
  • Project Owner – Can create, edit, publish, start, and pause experiments and campaigns. A project can have more than one project owner. Project owners can also create projects and invite editors and viewers to the projects they own. If you want to restrict collaborator access to specific projects, give them the Project Owner role for those projects. This way, they can only access the experiments within the specific projects to which they are assigned. In the Opti ID Admin Center, if you only have one project, you see the user list.
  • Publisher – Can create, edit, publish, pause, and unpause experiments and campaigns, view results, and create and modify audiences, metrics, and pages. Can also create, start, and stop experiments but cannot change the configuration settings for the project, such as the snippet.
  • Restricted Publisher – Can only use pre-made extensions to create experiments and cannot use the Visual Editor or code editor. Otherwise, has the same abilities as the Publisher role. Only available for Optimizely Web Experimentation projects.
  • Editor – Create pages and events, create and modify audiences, and create and edit non-running campaigns. Editors can create experiments but cannot start them. Can also view results.
  • Restricted Editor – Can only use pre-made extensions and cannot use the Visual Editor or code editor. Otherwise, has the same abilities as the Editor role. Only available for Optimizely Web Experimentation projects.
  • Viewer – Review campaigns and view results.

For more details on Optimizely Web Experimentation roles, see Manage collaborators.

For more details on Optimizely Feature Experimentation roles, see Collaborator permissions.

After adding Feature Experimentation users to their project-level role, you can set fine-grained access controls for your project's entities (environments and flags) by setting their granular roles and permissions.

Collaboration roles

  • Admin – Can access the Plan and Work Requests pages and create, view, and edit hypotheses and work requests. The seat limit is 20 combined.
  • Experimentation Creator – Can access the Plan and Work Requests pages, create hypotheses and work requests, and view and edit based on the object's share settings. The seat limit is 20 combined.
  • Guest – Can access the Work Requests page, create work requests, and view and edit objects directly shared with them. Has no seat limit.

Optimizely Data Platform (ODP) roles

You can assign multiple roles to an individual user.

  • All Access – Access to all account features and information. This role does not include the ability to add, edit, or remove users. To mark fields as personally identifiable information (PII) and suggestible, you must have the All Access and PII Viewer roles.
  • User Admin – Access to add, edit, or remove other users. This permission is applied on the account-level role and cannot be given to users for individual scopes.
  • Analyst – Access to campaign (or activation) metrics, reports, attribution, funnels, and filters. Give this role to users who need to perform additional custom analysis.
  • Integrator – Access to integrations, domains and IPs, APIs, field creation, filters, reports, and the event inspector. Assign this role to users responsible for setting up the ODP account.
  • Marketer – Access to campaign (or activation) creation, campaign launch, campaign metrics, preference centers, sender profiles, filters, reports, and the activity log. Assign this role to users responsible for creating and launching campaigns.
  • PII Viewer – Full access to view PII data in ODP and to
      • test and preview campaigns.
      • view customer profiles.
      • access the GraphQL page.
      • interact with segments and data throughout ODP.

    This role alone does not let you select which fields are PII and suggestible. To do that, you must also have the All Access role.

Product Information Management (PIM) roles

  • PIM_System – Same access as the PIM_Admin role, with the additional ability to change the commerce version and view the hangfire dashboard.
  • PIM_Admin – Full access to PIM, including the ability to
    • access and modify the Settings and Team Members tabs on the Settings page.
    • access and modify the Properties and Product Templates tabs on the Data Setup page.
    • add, import, edit, and delete categories.
    • create, import, edit, assign, archive, and delete products.
    • approve products assigned to the user.
    • create, import, edit, and delete assets.
  • PIM_Manager – Includes the ability to
    • access and modify the Properties and Product Templates tabs on the Data Setup page.
    • add, import, edit, and delete categories.
    • create, assign, and archive products.
    • approve products assigned to the user.
  • PIM_Merchandiser – Includes the ability to
    • add, import, edit, and delete categories.
    • create, assign, and archive products.
  • PIM_AssetManager – Create, import, edit, and delete assets.
  • PIM_ProductImporter – Access the Imports page, including the ability to import products.

Product Recommendations roles

  • Email Recs Editor – Can view everything related to Email Content, Product Recommendations, and Triggers and can manage campaigns, create templates, and so on.
  • Email Rec Viewer – Can view Email Product Recommendations and Trigger reports.
  • Product Recs Editor – Can view everything related to Product Recommendations and manage campaigns.
  • Product Recs Viewer – Can view Product Recommendations reports.

View role details

The Roles page displays the system and custom roles for all of your Optimizely products (see the Type column).

  1. Go to Roles in the Opti ID Admin Center. 
  2. (Optional) Use the Product and Instance filters to find roles for a specific product and instance.
  3. Select a role to view more details.

Create a custom role

You cannot create custom roles for Optimizely Experimentation or the Opti ID Admin Center.

If the available system roles do not provide the specific access you want to grant to users, you can create a custom role.

  1. Go to Roles in the Opti ID Admin Center.
  2. Click Add Role.
  3. Enter the Role Name.
  4. (Optional) Enter a Description.
  5. Select a product and instance to associate the role with.
  6. Select one of the following options in the Duplicate Role section:
    • No – Create the role from scratch.
    • Yes – Duplicate an existing role and modify it as needed. You must select the role that you want to duplicate.
  7. Select the attributes for this role in the Select Attributes section. This lets you specify the permissions for the role.
  8. Click Save.

Delete a role

You cannot edit or delete system roles.

To delete a custom role:

  1. Go to Roles in the Opti ID Admin Center.
  2. Click More (...) > Delete Custom Role.
  3. Click Delete to confirm deletion.