Best practices - 5.1 user management
This article outlines the best practices to follow when creating Funnelback users and roles.
Each user should have a minimum of 2 roles assigned. The roles should separate the permission sets from the resources. Configure roles with permission sets rather than configuring everything directly on the individual user account.
One role defines the set of resources available (e.g. collections, profiles, licences)
One role defines the set of permissions (e.g. access to all the analytics and reporting functions)
This allows the same resource permission to be assigned to all users from the same organisation, and then layer on top the permissions sets appropriate for a user.
Usernames should be set to the user’s email address.
Using an email address for the user name provides a number of advantages:
When logging in to v16 the email address can be used instead of the full user ID (which consists of the client ID prepended to the username).
Roles can be defined that match the username’s suffix (for example allowing a user to manage all *.example.com users)