Product-based permission flow

  • Updated

This topic describes the product-based permission flow in the Opti ID Admin Center, which includes four levels of administrator privileges.

For information on the previous user-based permission flow with one level of administrator, see User-based permission flow.

There are now four different levels of administrators in the Opti ID Admin Center. Based on your entitlements, you are presented with the most relevant page as your starting point. Each administrator level can invite users at the instance and project levels.

  • Super Admin – Access to everything in the Admin Center, including the ability to create custom roles. The default landing page is Products.
  • Product Admin – Access to products, groups, and roles. The default landing page is Products. If you have access to multiple products, the list of products displays on your landing page. If you have access to only one product, the list of instances for that product displays on your landing page.
  • Instance Admin – Access to only your product instances and users.
  • Project Owner – Access to all Experimentation projects for your organization, but you can only manage the projects and users you have entitlements for. If you only have one project, then you see the user list.

Experimentation and Admin Center roles

Each experimentation role maps to an Opti ID Admin Center role, as shown in this table:

Experimentation role Opti ID Admin Center role
EXP Admin (Technical Contact) Admin Center Super Admin
Does not exist in Experimentation EXP Product Owner
EXP Admin EXP Instance Admin
EXP Project Owner EXP Project Owner
EXP Editor EXP Project Editor

In addition to the Experimentation roles, the Roles Admin system role lets you manage system roles and create custom user roles on the Roles page. The level of access is determined by your admin access described above. For example, if you are an Instance Admin and Roles Admin, you can only manage the roles for your specific instance.

The Roles page lets you manage Experimentation users at a granular, project level.

Manage users

When you log into the Opti ID Admin Center, the Product Access page displays. If you have a higher level of admin access, this page lists your products. Click a product to view the instances.

For any instance, you can click the instance name or click More (...) > View Users to view the user list for that instance.

If you select Optimizely Experimentation for the product, on the instances view, you can click the instance name or click More (...) > View Projects to view the projects, users, and details for that instance.

When viewing users in the context of a specific instance, clicking Invite User lets you invite a user to that specific instance.

If you want to invite several users to your instance or project, select the Invite another checkbox. When you send the current invite, a new form displays with the same role selections from the previous invite. Just add the user's name and email to send another invite.

You can not add a user as an admin to your instance or project, and you can only invite users to the instances or projects to which you have entitlements.

From the list of users, the More (...) drop-down list lets you:

  • View details – View and manage a user's details.
  • Remove access – Remove a user's access from this instance or project.
  • Delete user – Delete a user from this instance or project.

View and edit user details

Clicking View details for a user displays the user's entitlements and is not specific to your instance or project. The view of the user's entitlements changes based on the context in which you access the user details. If you are at the project level, it only displays the project access. If you are at the product level, it displays the entitlements the user has within that product.

An edit icon displays next to user details that you can edit. To change or delete a user's role within your instance or project:

  1. Click the edit icon.
  2. Select the role from the Role drop-down list or click the delete icon.
  3. Select the checkbox to save the change.

You can not add a user to another instance or project from this page. You must go to the instance page or the project page to invite a user. You can use the breadcrumb trail to navigate through the roles management experience.

Create a custom role

If the available system roles do not provide the specific access you want to grant to users, you can create a custom role.

Create a product instance custom role

  1. On the Roles page, click Add Role.
  2. Enter the Role Name.
  3. (Optional) Enter a Description.
  4. Select a product and instance to associate the role with.
  5. In the Duplicate Role section, select No to create the role from scratch. Select Yes to duplicate an existing role and modify it as needed. If you select Yes, select the role that you want to duplicate.
  6. In the Select Attributes section, select the attributes for this role from the Permissions drop-down list and select the projects to associate the role with.
  7. Click Save.

Create a custom Admin Center role

  1. On the Roles page, click Add Role.
  2. Enter the Role Name.
  3. (Optional) Enter a Description.
  4. Select Optimizely Admin Center from the Product drop-down list.
  5. In the Restrict Admin User Access section:
    • Product – Select a product to restrict admin user access to.
    • Instance – Select an instance to restrict admin user access to.
    • Project – Select the specific Experimentation projects to restrict the admin user access to. Only available if you select Optimizely Experimentation as the product.
      If you select all projects, the role becomes an Instance Admin. If you select a single project, the role becomes a Project Owner.
  6. Select the attributes you want to associate with the role.
  7. Click Save.