Security and Permission Options The Nation Craves

@Grégoire Michel​, @Dan Stevens​

Now that we know that Audit trail ( is on it's way, we have the feeling that some security topics needs to be addressed, specifically in large enterprises.

1-Making sure that the users work where they are supposed to

These ideas related to how we can control in which spaces of a Marketo application a user can work:

• ​(Thx Nathan Allison )
• Read Only Users:
  • (Thx: @Dina Otero)

2-Better control the functionality a user has across the instance:

This section is about better controlling the Marketo functionality a User can leverage, with regards to his maturity with the system and the organization and processes that are set. Most of these items relate to the granularity of user permissions, as described here Permissions required to send a sample?(Thx @Dory Viscogliosi​), here: User Permission for Removing A/B Test from Email Program​ (Thx Amanda Song), here: Managing user permissions / roles and approval processes ​(Thx Nathan Allison), here: Is there a role permission for Create Program? (Thx Jayson Cote ​) and here Custom Role to prevent user NOT to edit Lead Database Smart Lists. All in all, this summarizes in a few ideas:

• (Thx Sonnia Hove)
• ​ (Thx @Grégoire Michel)
• ​ (Thx @Valerie Armstrong)
• ​ (Thx @Allison Hollinger)
• (Nathan Allison )
• ​(Thx @Grégoire Michel)
• (Thx @Grégoire Michel)
•   (Thx @Edward Masson​)
• Ability to add to Lists
• Ability to completely hide based on role,
• Ability to edit SCs, SLs, Emails, LPs, Forms
• Very unexperienced users might also need to access the instance with limited risks: ​ as well as ​ (Thx @Dina Otero )

3-Prohibiting users to change critical assets in the instance:

This section is about making sure that a less experienced users cannot inadvertently modify an asset in the instance through some level or locking and permissions, as expressed here: Lock down permissions to certain forms or campaigns​ (Thx Amanda Cook😞

• The first of the need here is the possibility to Check-out assets:
• We also ​ (Thx  Olivia Piper​)
  • (Thx @Michelle Tiziani)
• and be notified when an asset is available (Thx @Robb Barrett PRD)
• We also need to offer a much better control of which folders in Marketing activities, lead database, Design studio and RCE a user can work in: ​ (Thx Neil Wright​)   (Thx @Dan Stevens​)
• (Thx @Josh Hill​)
• ​ (Thx Chelsea Sharkey)
• Password protection of assets
• ​
• ​and (Thx Julie Kahsen)
• ​
• @Michelle Tiziani)
• Ability to clone but not change (Thx @Robb Barrett PRD)
• A specific point should be made on program cloning and changing, which includes the way tokens are protected: (Thx @Grégoire Michel​)

4-Security of data

This series of ideas relate more on how we can better secure the data from being wrongfully exported and distributed to non authorized internal and external users, as more and more company become sensitive about data privacy and data ownership

•   (Thx @Stijn Heijthuijsen )

5-User management and compliance

More and more companies would also love to see Marketo strengthening its capacity to comply with high standard or user management, documentation and compliance:

• ​ (Thx @FIS API User ) and ​ (Thx Mike Truong ) would be needed to that creating doc is not too painful
• User management should enable to deactivate a user without having to delete it, so that it remains in the system for the sake of traceability: ​ and (Thx @Grégoire Michel)
• Password management should also be strenghtened as expressed here:
• Admins should be notified when some weird behavior are detected: (Thx Shannan Garrett Cooper )

6-Integrations

Using Marketo within the constraints of larger security frameworks shoud also be made easier:

• (Thx @Bridget Campomanes ) and BTW, any other LDAP directory
• ​ (Thx @Grégoire Michel)