I'm the product admin (analytics and launch) for two websites ( can call site A and site B) under one organisation account.
Site A - already implemented everything and data is flowing under the workspace. All good.
Site B - other team going to implement analytics solution. They asked us product admin to implement. We denied and created one profile for site B and provided the access. Under profile admin for that report suite and launch property alone.
They asked API access as well to automate the data layer structure. I have added them under developer under the site B profile and given the access to API creation. They have created API process and I'm able see the API key email Id under the profile admin.
Problem is >>
Still they are saying if they want to limit the manual process to build the analytics solution they all need PRODUCT ADMIN to the email id where comes with some multiple alphanumeric values in the ends with techart.adobe.com email ID.
Our admin (my team) feel like if we give the product admin to the that alpha numeric I'd they are able to access Site A and Site B.
Need Solution - Is they anything like to restrict the access level to site B alone even after providing the PRODUCT ADMIN role?
Aren't they proceed having PROFILE admin along developer access to API for Site B profile?
It depends on what API they need access to as some v2.0 don't work w/o OAuth and System Admin permissions... However, if all they are doing is exporting/inserting data, they don't need anything more than being a developer on a PP with their report suite. Furthermore, there's pretty much no reason to have product profile admins. The only times those are necessary are for products like Target where customizing permissions either requires being a product admin or profile admin. This question might be better re-stated as an idea, where the Admin Console is updated to better fine-tune developer access, and sensitive API can be performed without Admin permissions and OAuth credentials.
If you provide further details about what API that team actually needs, more details can be given about how to provide the necessary/sufficient permissions.