This topic describes how to manage the visibility of business journeys and experience level management (XLM) with role-based access control (RBAC). Business journey and XLMRBAC is required to restrict access to sensitive information among your organization. If a user attempts to access restricted features, a message appears warning the user that access is denied.
Only the analytics admin can grant permissions to business journeys and XLM, as well as with their respective searches, event types, and sources. The admin authorizes access on an individual basis by assigning each user to the applicable role.
Creating Business Journey and XLM Roles
In the Controller UI, navigate to Settings > Administration > Roles.
The analytics admin can view and edit existing roles in the Analytics tab, which contains three sections: General, Searches, and Events. Select +Create to make a new role.
In the General tab, the analytics admin authorizes access to business journeys and/or XLM. This is required for the user to perform any actions on either business journeys or XLM. Check Manage Business Journeys and/or Manage Experience Levels, as shown below:
With general permission, the user has feature level access to business journeys and/or XLM. However, the user cannot view the definition of existing events or saved searches, or create new events, with only general permission. See the below sections to enable these permissions.
A user can access business journey data through searches without general permission to business journeys, as long as the user's role permits access to the underlying event type(s) used in business journey definition.
In this way, you can restrict access to define business journeys while also allowing a user to query the data. Ensure the user has all necessary access to event type(s) in the Events tab and leave Manage Business Journeys unchecked.
There are two search types in Analytics, drag and drop and query language. The analytics admin grants access to both types in the Searches tab.
Choose "Can Create a Search" to access both search types. Choose +Add to access specific saved searches.
Create search permission is required in order for a user to perform any of the following operations:
- Save a search
- Create a metric
- Create a visual widget
Search access is dependent on event type access. A user has access to create and save searches only for the event type(s) and source(s) assigned in the user's role. The next section provides instructions to assign event type and source access.
Event Type and Source Permissions
Granting permission to business journeys and/or XLM does not provide a user blanket access to all reports. Users have access only to the exact event type(s) and source(s) granted by the analytics admin. For example, transactions are an event type, and their source is applications. Therefore, if a user requires access to particular applications, the analytics admin must select transactions as well as each necessary application for the user.
The table below lists the available event types and their corresponding sources:
|Browser Records||App Key|
|Mobile Records and Sessions||App Key|
|Synthetic Session||App Key|
|Connected Devices||App Key|
|Custom Analytics Events||Particular user-defined event type|
You can specify exact access in the Events tab. Select the event type, then specify access for the relevant source. Check "Can View Data from all [
" to grant blanket access to each source. To select individual sources, click +Add.
With the appropriate event type and source permissions, the user can access existing reports as well as create new reports. For example, a user with permissions to Transactions and all applications can now create a new configuration for any application. However, if this user attempts to create a configuration for Log events, the configuration does not save and an error message appears in the UI:
For XLM configurations, the Filter By field indicates the source(s) of the given Event Type. Users with limited permission to sources need to add their permitted source(s) as filter criteria. If you do not specify filter criteria, you must have permission to all sources for the event type to create the configuration.
Grant permission to dashboards in the Dashboard tab. In this tab, the admin specifies if a user can create dashboards and time permissions, as well as custom permissions.
If an Analytics dashboard contains data from business journeys and/or XLM, access to the dashboard depends on the above permissions. For example, a role that allows its users to create a dashboard, but contains no permission to business journeys, does not permit the user to access a business journey-related dashboard. Ensure that roles have the necessary permission to access Analytics data along with general dashboard access.