Expand my Community achievements bar.

SOLVED

Difference between Product Profiles(Admin Console) and Roles(Experience Platform)

Avatar

Level 1
Level 1
1/21/25 6:14:51 AM

Hello All, 

 

I have a question regarding user access control within AEP. I am noticing a difference between Product Profiles in the Admin Console and "Roles" within the Platform. Are they the same thing, or am I misunderstanding something? I have been looking to utilize the the AEP API's for more programmatic control of my organization's AEP sandboxes.

 

My organization is trying to improve our User Access Control for our adobe products and I noticed that AEP does Access Control through the web portal itself alongside the Product Profiles in the Admin Console. Can Someone please explain to me the difference, and please link any assisting documentation if possible. 

 

Thank you, 

Jacob Van Dine

Comcast, Software Engineering & Development

Engineer 2

 

(P.S. This is my first post in the community forum - please let me know if there is anything I can improve on in my communications! Thank you!)

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Admin Administration API Experience Platform

Views

419

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
1/22/25 4:27:24 AM

Hi @XCDP-Jacob 

 

In essence, Product Profiles grant users access to Adobe products, while the permissions within the product determine the specific level of access they have.

Product Profiles in the Adobe Admin Console

  • Purpose: Product Profiles are created and managed in the Adobe Admin Console. They act as a high-level tool to define and control access to Adobe products, including Adobe Experience Platform (AEP).
  • Scope: These profiles grant users basic access to AEP.
  • Recommendation: To provide access to AEP, administrators should add users to the default product profile: AEP-Default-All-Users.

Roles in AEP

  • Purpose: Roles are configured directly within AEP and provide a more granular approach to managing permissions.
  • Scope: Roles enable administrators to assign specific capabilities (e.g., sandbox, dataset access, schema editing, or segment creation) with greater precision than Product Profiles. This ensures detailed control over user actions within their assigned sandboxes or services.

Useful Resources

For additional context, while this is more focused on AEM, this article on AEM as a Cloud Service User Administration provides insights into the differences between Product Profiles and local permissions in Adobe tools.

 

Hope this helps.

 

Thanks,

Nitesh

View solution in original post

Views

362

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
1/22/25 4:27:24 AM

Hi @XCDP-Jacob 

 

In essence, Product Profiles grant users access to Adobe products, while the permissions within the product determine the specific level of access they have.

Product Profiles in the Adobe Admin Console

  • Purpose: Product Profiles are created and managed in the Adobe Admin Console. They act as a high-level tool to define and control access to Adobe products, including Adobe Experience Platform (AEP).
  • Scope: These profiles grant users basic access to AEP.
  • Recommendation: To provide access to AEP, administrators should add users to the default product profile: AEP-Default-All-Users.

Roles in AEP

  • Purpose: Roles are configured directly within AEP and provide a more granular approach to managing permissions.
  • Scope: Roles enable administrators to assign specific capabilities (e.g., sandbox, dataset access, schema editing, or segment creation) with greater precision than Product Profiles. This ensures detailed control over user actions within their assigned sandboxes or services.

Useful Resources

For additional context, while this is more focused on AEM, this article on AEM as a Cloud Service User Administration provides insights into the differences between Product Profiles and local permissions in Adobe tools.

 

Hope this helps.

 

Thanks,

Nitesh

Views

363

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
1/22/25 7:46:35 AM
In response to nitesh_kumar

Thank you for explaining more about the differences between the Product Profiles and the Roles in AEP.

 

For clarification, is there any syncing that is happening between the two? If a new role is created in AEP, does Admin Console have any visibility for that? Are product profiles propagated down from Admin Console to AEP as a Role? 

 

Thank you, 

Jacob

Views

347

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor and Adobe Champion
Community Advisor and Adobe Champion
1/22/25 9:48:21 AM

Hi @XCDP-Jacob,

 

That's a great question, and I appreciate you bringing it up! Although I work with AEP, I hadn't looked deeply into the differences before. Since you asked, I did some research and consulted a few experts. Here's what I found:

 

Admin Console Uses Role-Based Access Control (RBAC)

1. High-Level Access Control:
The Admin Console manages access for AEP and its solutions, such as CJA, RT-CDP, and AJO.
For example, if you want to create connections in CJA, you need to be an admin for CJA, regardless of other permissions. Permissions alone won't work in this case.

2. Roles and Permissions:
The Admin Console controls roles (called profiles) and their related permissions.
For instance, a role can include permissions like Schema View, Schema Edit, Segment View, or Segment Creation.

 

Adobe Experience Platform (AEP) Uses Attribute-Based Access Control (ABAC)

Once you're granted access to AEP or its solutions, ABAC takes over.

Roles and Permissions with Labels:
Like RBAC, ABAC also uses roles (profiles) to define permissions, such as Schema View, Schema Edit, Segment View, and Segment Creation. However, ABAC adds labels to refine access.
For example, if you want only specific users (like your internal team) to view certain schema fields or segments, you can apply a label to those fields. Then, only roles with that specific label can view those restricted fields or segments. Other users with general permissions can still see the schema or other segments but not the restricted fields or segments without the matching label.

 

Precedence

Since AEP allows for more specific restrictions, ABAC likely takes precedence over Admin Console permissions. However, I recommend validating this on your end:

  • Assign different permissions from the Admin Console and within AEP with or without label restrictions.
  • Observe how they correlate to confirm whether precedence is given to ABAC, higher permissions, or a combination of both.

Let me know if you need further clarification!

 

PS: Go through the video in the link here: https://experienceleague.adobe.com/en/docs/experience-platform/access-control/abac/overview

 

Thank You, Pratheep Arun Raj B (Arun) | NextRow Digital | Terryn Winter Analytics

Views

341

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
difference between Data Element & _satellite.setVar Solved

Views

88

Likes

0

Replies

1
Qualtrics and AEP

Views

37

Likes

0

Replies

0
Event Forwarding: documentation for 'arc' and 'utils' variables

Views

66

Likes

0

Replies

2
Customer AI scores availability in profiles

Views

40

Likes

0

Replies

1
Cannot view estimated profile

Views

45

Likes

0

Replies

2