This page describes how to manage the visibility of business journeys and experience level management (XLM) with role-based access control (RBAC). Business journey and XLMRBAC is required to restrict access to sensitive information among your organization. If a user attempts to access restricted features, a message appears warning the user that access is denied. 

Only the analytics admin can grant permissions to business journeys and XLM, as well as with their respective searches, event types, and sources. The admin authorizes access on an individual basis by assigning each user to the applicable role.   

Creating Business Journey and XLM Roles

In the Controller UI, navigate to Settings > Administration > Roles

The analytics admin can view and edit existing roles in the Analytics tab, which contains three sections: General, Searches, and Events. Select +Create to make a new role.

General Permissions

In the General tab, the analytics admin authorizes access to business journeys and/or XLM. This is required for the user to perform any actions on either business journeys or XLM. Check Manage Business Journeys and/or Manage Experience Levels:

With general permission, the user has feature level access to business journeys and/or XLM. However, the user cannot view the definition of existing events or saved searches, or create new events, with only general permission. See the below sections to enable these permissions. 

A user can access business journey data through searches without general permission to business journeys, as long as the user's role permits access to the underlying event type(s) used in business journey definition.

In this way, you can restrict access to define business journeys while also allowing a user to query the data. Ensure the user has all necessary access to event type(s) in the Events tab and leave Manage Business Journeys unchecked.

Search Permissions

There are two search types in Analytics, drag and drop and query language. The analytics admin grants access to both types in the Searches tab. 

Choose Can Create a Search to access both search types. Choose +Add to access specific saved searches.

Create search permission is required in order for a user to perform these operations:

  • Save a search
  • Create a metric
  • Create a visual widget

Search access is dependent on event type access. A user has access to create and save searches only for the event type(s) and source(s) assigned in the user's role. 

Event Type and Source Permissions

The section describes how to assign event type and source access. Granting permission to business journeys and/or XLM does not provide a user blanket access to all reports. Users have access only to the exact event type(s) and source(s) granted by the analytics admin. For example,  transactions are an event type, and their source is applications. Therefore, if a user requires access to particular applications, the analytics admin must select transactions as well as each necessary application for the user. 

This table lists the available event types and their corresponding sources:

Event TypeSource
LogSource Type
Browser RecordsApp Key
Mobile Records and SessionsApp Key
Synthetic SessionApp Key
Connected DevicesApp Key
Custom Analytics EventsParticular user-defined event type

You can specify exact access in the Events tab. Select the event type, then specify access for the relevant source. Check "Can View Data from all [source]" to grant blanket access to each source. To select individual sources, click +Add

With the appropriate event type and source permissions, the user can access existing reports as well as create new reports. For example, a user with permissions to Transactions and all applications can now create a new configuration for any application. However, if this user attempts to create a configuration for Log events, the configuration does not save and an error message appears in the UI: 

For XLM configurations, the Filter By field indicates the source(s) of the given Event Type. Users with limited permission to sources need to add their permitted source(s) as filter criteria. If you do not specify filter criteria, you must have permission to all sources for the event type to create the configuration. 

Dashboard Access

Grant permission to dashboards in the Dashboard tab. In this tab, the admin specifies if a user can create dashboards and time permissions, as well as custom permissions.

If an Analytics dashboard contains data from business journeys and/or XLM, access to the dashboard depends on the above permissions. For example, a role that allows its users to create a dashboard, but contains no permission to business journeys, does not permit the user to access a business journey-related dashboard. Ensure that roles have the necessary permission to access Analytics data and general dashboard access.