7.3.8 Which permissions and rights are needed for a user to access ADvendio Connect and the integration of third party systems?

Integrations

Google Ad Manager, Adswizz, Freewheel, Google Display&Video 360, Equativ, Xandr

Roles

System Administrator

Challenge

To have full control over which user has access to which features, objects and parts of Salesforce, there is a variety of settings available in the profiles and permission sets.

Which permissions and rights are required for a user, so that he can continue to use ADvendio Connect and the integrations of third-party systems, such as AdServers, SSPs or DSPs?


Solution

Please note with the 2.169 version there is a new object CustomEndpoints in the permissions list.

To be able to use features such as the submit to Adserver or programmatic imports, a user profile needs to contain at least the following settings:

Profile Settings

What is required?

Profile Settings

What is required?

Object Settings

We recommend Read and Edit access on all objects and fields directly related to the process you are trying to use.

Which field or objects these are depends heavily on the process (we’re planning to provide a more detailed list soon)

Apex Classes

Depends on the features you are planning to use, our general recommendation is to add all ADvendio apex classes and see if you can restrict access to certain features via object settings (hide the tab) or page layouts (hide buttons and actions)

Visualforce Pages

Depends on the features you are planning to use, our general recommendation is to add all ADvendio apex classes and see if you can restrict access to certain features via object settings (hide the tab) or page layouts (hide buttons and actions)

Assigned Connected App

ADvendio

Custom Metadata Types

ADvendio.Data Import Mapping

ADvendio.DeliveryDataMetric

Custom Settings Definition

ADvendio.ADvendio Settings

ADvendio.Adserver Status Mapping

ADvendio.ImportExportMapping

System Permissions

APEX Rest Services

API enabled

Lightning Experience User

Depending on the feature you’re using, it might be possible that even less permissions for a user are needed, this is a rough guideline, that will guarantee working integrations.

 

There are at least read rights (for certain objects also edit) permissions needed for the following objects:

  • Accounts

  • AdServer Customization

  • AdServer ID Relation

  • Advertised Brands

  • Additional Login

  • Additional Delivery Report Setting (starting 2.150 and up!)

  • Ad Price

  • Ad Spec

  • Ad Type

  • Campaign Item

  • Connection

  • Connection IDs

  • Connection ID AdSpec Assignments

  • ConnectionID AdvertisedBrand Assignments

  • Connection Team Assignment

  • Contents

  • CustomEndpoints (starting 2.169 and up)

  • Delivery Data (only for site-based delivery import)

  • Enhanced Delivery Data (only for enhanced delivery data import)

  • External Account IDs

  • Legacy Account IDs

  • Keys

  • Key Lines

  • Key Values

  • Key Value Presets

  • Media Campaign

  • Revenue Schedule

  • Revenue Schedule Daily (only for daily delivery import)

  • Selected Areacodes

  • Selected Brands/Products

  • Selected Cities

  • Selected Connection IDs

  • Selected Contents

  • Selected Countries

  • Selected Publication Dates

  • Selected Regions

  • Selected Targeting Sets

  • Targeting Sets

  • Targeting Set Account Assignments

  • Targeting Set Ad Spec Assignments

  • Targeting Set Ad Type Assignments

  • Targeting Group Ad Price Assignments

  • Targeting Group Content Assignments

  • Targeting Groups

  • User AdServer Assignments

  • Value

 

Required Objects and Permissions for Delivery Reports

For the automatic delivery imports from AdServers, DSPs, SSPs or Social Media Platforms, the following more specific permissions are required.

When scheduling imports in our Delivery Report Center, the Salesforce user that is setting this up, will also be the user executing the data import. In that case, please make sure this user has at least edit permissions to the following:

Delivery Report Type

Object

Fields

Delivery Report Type

Object

Fields

Total / Lifetime

Campaign Item

Delivered Impressions

Delivered Clicks

AV AS Viewable AI

Video Metric

Delivered Plays

Last Delivery Data Update

Most Recent Gateway Job Information

Monthly

Revenue Schedule

We recommend access to all fields on Revenue Schedule

Monthly Site-Based Delivery Data

Revenue Schedule

Delivery Data

Connection ID

We recommend access to all fields on Revenue Schedule

Daily

Revenue Schedule Daily

We recommend access to all fields on Revenue Schedule

Daily Site-Based Delivery Data

Revenue Schedule Daily

Delivery Data

Connection ID

We recommend access to all fields on Revenue Schedule

Enhanced Delivery Data

Enhanced Delivery Data

Connection ID

Enhanced Delivery Data

Media Buying Monthly

Buy Data

We recommend access to all fields on Buy Data

Media Buying Daily

Buy Data

We recommend access to all fields on Buy Data

 

What happens if permissions are missing?

If your user profile is missing the read permissions to certain fields or objects, one of the following two things will happen:

  • The process gets stuck and doesn’t continue or there is an error that the Gateway is not reachable. This is a known issue, where we are still working on improving the error handling. This is likely due to either missing permissions on one of the ‘core objects’ of the process (Campaign Item, Ad Price, Content, Ad Type) or problems in finding the relevant connection to use (missing permissions in the Connection object)

  • Or an error message which shows you which field was not accessible in the process:

    Which lists of the fields the system was trying to access (1) and then which field was not found (2). If no other object is mentioned, the field is from the Campaign Item object. If there is a problem in a related object, It’s mentioned that the field could not be found on entity ‘xyz’:

     

 


Setup

No specific setup needed