User is assigned specific data labels - what visible for him in personalization expression | Community
Skip to main content
Michael_Soprano
Level 10
June 23, 2026
Question

User is assigned specific data labels - what visible for him in personalization expression

  • June 23, 2026
  • 1 reply
  • 17 views

Lets assume I have labeled data with labels: X , Z , K , A , D

User has only assigned labels: X , Z

Does this this mean that user only sees X , Z attributes in personalization window?

    1 reply

    Level 3
    June 24, 2026

    Hi ​@Michael_Soprano 

    The restriction of data attributes depends on how it is applied and type of labels used. Refer the below description on how the default policy enforces those labels. 

     

    Therefore, based on the above description, we can split your question in two scenarios based on how the labels are applied

     

    Scenario 1: If those labels are collectively assigned to a singular schema field. Eg: A field named customerName has all these data labels applied  (i.e: X , Z , K , A , D)

    This scenario can be further classified into two by the types of labels applied.

    •  Case 1: CORE Labels (Assuming your set of labels are CORE ones)
      Behavior: Then that field can only be accessed by users with roles which has all those labels assigned.
      • User1 with labels tied: X, Z, K, A, D can access customerName
      • User2 with labels tied: X, Z, K can’t access customerName
    • Case 2: Custom Labels
      Behavior: Then that field can be accessed by users with atleast any one of those labels assigned. 
      • User1 with labels tied: X, Z, K, A, D can access customerName
      • User2 with labels tied: X can access customerName
      • User3 with labels tied: A, D can access customerName
      • User4 with labels tied: C can’t access customerName

    Scenario 2: If those labels are assigned across multiple schema fields. 

    • customerName has labels: X, Z, K
    • emailAddress has labels: X, A
    • phoneNumber has labels: D

    Then this scenario can be further classified again into following two by the types of labels applied.

    •  Case 1: CORE Labels (Assuming your set of labels are CORE ones)
      Behavior: Then the fields can be accessed based on the labels assigned to the users.
      • User1 with labels tied: X, Z, K, A, D can access customerName, emailAddress & phoneNumber
      • User2 with labels tied: X, Z, K can access customerName alone
      • User3 with labels tied: D can access phoneNumber alone
      • User4 with labels tied: A can’t access any one of those
      • User5 with labels tied: B, C can’t access any one of those.
    • Case 2: Custom Labels
      Behavior: Then those fields can be accessed by users with atleast any one of those labels assigned. 
      • User1 with labels tied: X, Z, K, A, D can access customerName, emailAddress & phoneNumber
      • User2 with labels tied: X can access customerName & emailAddress
      • User3 with labels tied: A can only access emailAddress
      • User4 with labels tied: C can’t access any one of those.

    Finally, the mix of CORE + Custom labels requires the user roles to have all of those CORE labels assigned and any one of those Custom labels assigned to access those matching labelled attributes.


    Essentially, this Default-Field-Level-Access-Control-Policy restricts the usage of labelled fields/attributes  to only the qualifying user roles. And that level of access control differs based on how it is applied and what type of label is used. Therefore, those restricted attributes can’t be accessed anywhere within AJO console (profile attributes / schema / dataset / segmentation builder / personalization editor )

    Hope this helps!

    Regards,

    Ganesh Kumar

    Refer the Attribute-based access control documentation for more details.