7.3.8 Which permissions and rights are needed for a user to access ADvendio Connect and the integration of third party systems?
Integrations | Google Ad Manager, Adswizz, Freewheel, Google Display&Video 360, Equativ, Xandr |
Roles | System Administrator |
Challenge
To have full control over which user has access to which features, objects and parts of Salesforce, there is a variety of settings available in the profiles and permission sets.
Which permissions and rights are required for a user, so that he can continue to use ADvendio Connect and the integrations of third-party systems, such as AdServers, SSPs or DSPs?
Solution
Assign Permissions
Please note with the 2.169 version there is a new object CustomEndpoints in the permissions list.
To be able to use features such as the submit to Adserver or programmatic imports, a user profile needs to contain at least the following settings:
Profile Settings | What is required? |
---|---|
Object Settings | We recommend Read and Edit access on all objects and fields directly related to the process you are trying to use. Which field or objects these are depends heavily on the process (we’re planning to provide a more detailed list soon) |
Apex Classes | Depends on the features you are planning to use, our general recommendation is to add all ADvendio apex classes and see if you can restrict access to certain features via object settings (hide the tab) or page layouts (hide buttons and actions) |
Visualforce Pages | Depends on the features you are planning to use, our general recommendation is to add all ADvendio apex classes and see if you can restrict access to certain features via object settings (hide the tab) or page layouts (hide buttons and actions) |
Assigned Connected App | ADvendio |
Custom Metadata Types | ADvendio.Data Import Mapping ADvendio.DeliveryDataMetric |
Custom Settings Definition | ADvendio.ADvendio Settings ADvendio.Adserver Status Mapping ADvendio.ImportExportMapping |
System Permissions | APEX Rest Services API enabled Lightning Experience User |
Depending on the feature you’re using, it might be possible that even less permissions for a user are needed, this is a rough guideline, that will guarantee working integrations.
Â
There are at least read rights (for certain objects also edit) permissions needed for the following objects:
Accounts
AdServer Customization
AdServer ID Relation
Advertised Brands
Additional Login
Additional Delivery Report Setting (starting 2.150 and up!)
Ad Price
Ad Spec
Ad Type
Campaign Item
Connection
Connection IDs
Connection ID AdSpec Assignments
ConnectionID AdvertisedBrand Assignments
Connection Team Assignment
Contents
CustomEndpoints (starting 2.169 and up)
Delivery Data (only for site-based delivery import)
Enhanced Delivery Data (only for enhanced delivery data import)
External Account IDs
Legacy Account IDs
Keys
Key Lines
Key Values
Key Value Presets
Media Campaign
Revenue Schedule
Revenue Schedule Daily (only for daily delivery import)
Selected Areacodes
Selected Brands/Products
Selected Cities
Selected Connection IDs
Selected Contents
Selected Countries
Selected Publication Dates
Selected Regions
Selected Targeting Sets
Targeting Sets
Targeting Set Account Assignments
Targeting Set Ad Spec Assignments
Targeting Set Ad Type Assignments
Targeting Group Ad Price Assignments
Targeting Group Content Assignments
Targeting Groups
User AdServer Assignments
Value
Â
Required Objects and Permissions for Delivery Reports
For the automatic delivery imports from AdServers, DSPs, SSPs or Social Media Platforms, the following more specific permissions are required.
When scheduling imports in our Delivery Report Center, the Salesforce user that is setting this up, will also be the user executing the data import. In that case, please make sure this user has at least edit permissions to the following:
Delivery Report Type | Object | Fields |
---|---|---|
Total / Lifetime | Campaign Item | Delivered Impressions Delivered Clicks AV AS Viewable AI Video Metric Delivered Plays Last Delivery Data Update Most Recent Gateway Job Information |
Monthly | Revenue Schedule | We recommend access to all fields on Revenue Schedule |
Monthly Site-Based Delivery Data | Revenue Schedule Delivery Data Connection ID | We recommend access to all fields on Revenue Schedule |
Daily | Revenue Schedule Daily | We recommend access to all fields on Revenue Schedule |
Daily Site-Based Delivery Data | Revenue Schedule Daily Delivery Data Connection ID | We recommend access to all fields on Revenue Schedule |
Enhanced Delivery Data | Enhanced Delivery Data Connection ID | Enhanced Delivery Data |
Media Buying Monthly | Buy Data | We recommend access to all fields on Buy Data |
Media Buying Daily | Buy Data | We recommend access to all fields on Buy Data |
Â
What happens if permissions are missing?
If your user profile is missing the read permissions to certain fields or objects, one of the following two things will happen:
The process gets stuck and doesn’t continue or there is an error that the Gateway is not reachable. This is a known issue, where we are still working on improving the error handling. This is likely due to either missing permissions on one of the ‘core objects’ of the process (Campaign Item, Ad Price, Content, Ad Type) or problems in finding the relevant connection to use (missing permissions in the Connection object)
Or an error message which shows you which field was not accessible in the process:
Which lists of the fields the system was trying to access (1) and then which field was not found (2). If no other object is mentioned, the field is from the Campaign Item object. If there is a problem in a related object, It’s mentioned that the field could not be found on entity ‘xyz’:
Â
Â
Setup
No specific setup needed