BlueConic uses role-based permissions for its users. A role grants access to BlueConic functions, and a user can be assigned to one or more roles. You can grant users access to the BlueConic functionalities that suit their function within your enterprise.
Preconfigured roles in BlueConic
BlueConic comes preconfigured with a number of roles. The following roles are available out of the box:
| Role | Description |
|---|---|
| Application Manager | Manages the entire BlueConic application at your site. The Application Manager can add and remove channels (websites, email, mobile apps), add users authorized to log into and interact with BlueConic, help users change their passwords, and manage general BlueConic settings. |
| Content Manager | The Content Manager generally supervises online marketing initiatives on all of your BlueConic domains. The Content Manager works mostly with BlueConic insights and in the Home tab but can also create, manage, and monitor dialogues. |
| Customer Insights Manager | Responsible for creating connections and segments to provide rich insights on customer data. |
| Data Scientist | Can create and run AI Workbench notebooks and insights. This also includes the "Notebook editor" permission for editing notebook code in AI Workbench. |
| Insights Only | Only has access to create and view insights. |
| IT / System Administrator | Installs and maintains the complete BlueConic deployment. |
| Online Marketer | The daily user of BlueConic. This person creates, manages, and monitors dialogues and engages in online conversations with visitors to your BlueConic channels. |
Data visibility
At the top of the role access settings, there is a checkbox for PII (Personally Identifiable Information) under "Data visibility." Users that are within roles that have this option checked will have access to view data that is considered PII within profiles, groups, and timeline events. If this option is not checked for a role, those users will only be able to view data that is not considered PII. Learn more about data sensitivity and data visibility in BlueConic.
Create a custom role in BlueConic
You can modify existing roles, and create new custom roles as needed by choosing Access management from the BlueConic Settings (cogwheel) menu and choosing Roles in the submenu. When creating a role, you will have the ability to select and deselect all of that role's permission settings, as pictured below. This will determine what features and capabilities that users within the role will have access to.
Custom role example: Digital Privacy Officer (DPO)
An additional role some customers create in BlueConic is the Digital Privacy Officer (DPO). This is the only role allowed to view individual profiles and their PII, and optionally (as a separate permission) to edit the profile. A DPO role can also have powerful privacy capabilities, such as the ability to download or delete a profile.
Custom role example: Segmentation Specialist
Another example of a custom role could be a Segmentation Specialist. You may want users within this role to have access to Segments, Insights, and the Simulator. To grant more access to users with this role, select the checkboxes of the desired function.
Each function in the role access list maps to BlueConic menu items. BlueConic users see only the menu items to which access has been granted. For example, to a user in the role above, the menu bar would look like this:
The BlueConic home tab is always accessible, as are the Search feature and the "Notifications," "Help," and "Personal Settings" menu items. Other than that, the main menu only shows the "Profiles," "Insights," and "Simulator" items that the role grants access to.
Users can have multiple roles assigned, which will combine privileges. If one of the assigned roles grants access, the user is allowed access to the function. Roles are assigned to BlueConic users on the Users tab under Settings > Access management.
Breakdown of permissions
| Feature | Permissions |
|
Listeners |
Grants access to view, edit, and create listeners. |
| Segments |
Grants access to view, edit, and create segments. |
| Dialogues |
Grants access to view, edit, and create dialogues.
|
| Connections |
Grants access to view, edit, and create connections.
|
| Lifecycles |
Grants access to view, edit, and create lifecycles. |
| Insights |
Grants access to view, edit, and create insights and dashboards.
|
| Simulator |
Grants access to view and use the BlueConic simulator. |
| Properties |
Grants access to view, edit, and create profile properties. |
| Profile timeline event types |
Grants access to view, edit, and create profile timeline event types. |
| Profiles |
Grants access to view profiles.
|
| Groups |
Grants access to view groups.
|
| External trackers |
Grants access to view, edit, and create external trackers |
| Objectives |
Grants access to view, edit, and create objectives |
| AI Workbench |
Grants access to view, create, and edit parameters for notebooks in AI Workbench.
|
| Audit event | Grants access to call Audit Events in the BlueConic API. |
| Settings |
Grants access to view and edit all settings.
|
| General |
Grants access to view and edit general settings.
|
Domain-based permission
Role-based permission in BlueConic determines which parts of BlueConic a user can access. Users assigned to the same role have exactly the same permissions to access the same BlueConic functionality. Note, however, that when domain-based permission is taken into account, users with the same role might not be able to modify the same items within BlueConic.
BlueConic Support Access
The BlueConic Support team provides technical support and troubleshooting for BlueConic customers. Each BlueConic customer can elect whether to allow the BlueConic Support role to have access to their tenant. Additionally, you can decide whether to enable BlueConic Support to view PII data in your tenant. See Allowing BlueConic Customer Success to access your environment for details.