Best Practices to Manage Different Types of Marketo User Roles & Permissions

The power of a Marketo marketing automation platform is immense and must be used carefully to ensure the security of the system.  Marketo administrators need to make a number of decisions on how to assign roles and grant permissions for various types of user roles. The Marketo platform requires admins to exercise caution when managing users, as it houses a large amount of data, including the kinds of updates on leads, accounts and contacts, similar to those in CRM systems.

Marketo offers several predefined roles that can be set up with varying level of access, depending upon the amount of access to the data that users will need. Marketo administrators can select the right type of roles according to the positions and responsibilities of users from the following list of built-in roles:

Admin User – This level of users are given permissions to all rights, across various parts of the system, including admin section.

Analytics User – users who need to handle the measurements and monitoring of the campaign are assigned with the role of this analytics built-in role. Permissions given to these roles are limited to the ‘Analytics’ section.

Marketing User – Marketers are assigned this role with permissions to throughout the system, minus the ‘Admin’ part.

Standard User – Similar to the ‘Marketing’ user role, standard users are also given permission to all parts of the application, except Admin section.

Web Designer – Web designers are given limited access to only the ‘Design Studio’ parts of the Marketo application.

All the user roles and permissions can be modified to change the areas of permissions as per the changing requirements of access to the application, except the Standard and Admin User roles. Administrators can also create other types of custom roles based on the specific requisitions and organizational structures of any company.

So, the question is how administrators can assign permissions to roles in Marketo?

The types of Permissions are tied to the particular types of roles and requirements to access on Marketo application. Before you assign permissions to any user roles, you need to consider following factors I your decisions:

Things to consider before setting permissions to roles:

• The “Access” permission can be given to a role when any user just needs to view the programs or occasionally need to make some changes to some parts of the system.

• Users can simply have the permissions to monitor or see when they are initially leaning how to create assets or make changes in any part of the Marketo application even if they do have the rights to make modifications or take any actions to those parts of the application. if any user make an attempt to access those assets or activities, they will soon be notified with a warning message stating the limited access given to them.

• If any user role needs access to perform any specific actions such as, “Create” or “Delete”, that user must require the “Access” permission to the specific part of the application where they need to make changes or create any asset. Hence, if any user role in your organization needs rights to ‘Edit Campaigns’, they must be given the overall permission to access the ‘Marketing Activities’ parts of the application.

So, what type of permissions can be given to user roles in your organization?

Types of permissions Marketo enables administrators to assign to various user rules are:

• Access Admin (you can make changes to different settings under the ‘My Account’ part of the Marketo application). This level of permissions include access to make changes  to any settings of any part of the application including Access Audit Trail, Access Audit Trail, CRM, Channels, Landing Pages, Email Admin, File Upload, Login history, Location, Objects, Activities, Munchkin, Sales Insight and many others.

• Access API that limits ‘read-only’ permissions of users to ‘API Only Role’ depending on the type of API they need to access such as, Read-Only Activity, Read-Only Campaign, Read-Only Assets, Read-Only Activity Metadata, and various other types of read-only access along with ‘Approve Assets’, and ‘Execute Campaign’ permission.

• Access Analytics access is given to specific user roles that need to access the ‘Analytics’ tabs, various types of reports, ‘Email Insights’ ‘Access Revenue Explorer’, ‘Delete Report’ and ‘Export Analytics Data’ unless they are unchecked to restrict access to that specific part of the application.

• Access Design Studio permission is divided into access to Access Email, Access Email Template, Access Form, Access Image, Access Landing Page, Access Landing Page Template, Access Snippet, Access Social App to create, edit, delete and approve actions in these areas of the design studio.

• Access Database enables user roles to view as well as make changes static or smart lists with permissions to Access Segmentation, Delete Person or Delete List, Advanced List Import, Edit Person, Export Person, Merge People, Import List, Import Custom Object, Run Single Flow Actions and View Opportunity Data.

• Access SEO brings permissions to these two areas that are ‘Administered SEO’ and ‘Standard SEO’

• Access Marketing Activities brings viewing permissions to different parts of ‘Marketing Activities’ tab across campaigns and campaign folders. With this permission, users can get permissions to actions such as, ‘Access SMS Message’, Delete SMS Message, ‘Approve SMS Message’, Edit SMS Message, Access Push Notification, Delete Push Notification, Edit Push Notification, Approve Push Notification, Activate Trigger Campaign, Access Awards, Clone Marketing Asset, Delete Marketing Asset, Import Program and List Import, Approve Email Program, Edit Marketing Asset, Edit Campaign Restrictions, and Schedule Batch Campaign.

• Targeting and Personalization grants permissions to administer Web Personalization, Web Campaign Editor, CRE Campaign Launcher, CRE Campaign Editor, and Web Campaign Launcher.

• Workspace Administration which helps assigning rights for ‘Admin access for a specific Workspace’ and ‘Move assets between Workspaces’ provided the permission to Workspaces is already unchecked.

• Lastly, Access Mobile Application permission to enable users access to the Marketo mobile applications.

Do you need expert professional guidance and assistance to define specific levels of functionalities in your organization and how to manage various roles? We guide Marketo users with best practices to manage user permissions and also in-depth trainings on how to control, make changes and remove permissions assigned to any specific roles. Whether you need tips, best practices or guidance on Marketo user management, just say us ‘Hello’ by calling (408) 502 6765 or connect and chat with us via social channels Facebook, Twitter, and LinkedIn – we have it all you need.