Skip to main content
Documentation for version v74

Users, groups and access

In Altcraft, you can restrict the functionality of user accounts as well as tokens used for authorization in the platform API. Access is determined by user or token groups and roles:

  • Groups define the visibility of objects such as databases, templates, campaigns and scenarios, etc.
  • Roles define the set of available actions with visible objects.
caution

Managing account users and access control is only available to users with master privileges.

Access groups

Groups in Altcraft account allow you to restrict user access to certain account objects, such as templates, campaigns, databases and segments. A group can be thought of as a container for objects. Thus users will work within their containers and cannot accidentally or intentionally affect objects in other groups.

Groups are convenient when you need to organize the work of several departments within one account with shared statistics, or create conditions for third-party specialists to work, for example - designers for working with templates or website/application developers for debugging integration.

info

If you need to more strongly separate the areas of responsibility of several company departments, use multiple platform accounts. Accounts can use shared or dedicated resources and components. A common email suppression list is created for all accounts of one platform.

Main group

The Main group is created by the system and contains all account objects, including objects belonging to other groups. If you delete a custom group, the objects in it are not deleted, but are transferred to the Main group. You can work in the Main group just like in any other, if division into groups is not required.

caution

Master access implies full access to the account's Main group regardless of additionally assigned groups and roles. The only exception is access to delete profiles. The role for deleting profiles is assigned separately.

Create / assign group

Groups are assigned and created dynamically when editing account objects - in the General settings block. To assign an existing Group, select it from the dropdown list in the Set group field. For example, for a Message template.

caution

Only Master users can create and set groups.

To create a new group, enter its name in the same field for any account object and press Enter on the keyboard or Add [group_name] in the dropdown list.

caution

Each object created by a user is assigned to the group they were in at that moment.

Switch / delete group

Groups available to the user are displayed in the menu in the upper right corner of the application, next to the account avatar. You can switch from group to group from any account menu.

note

Group deletion is available in the same list - only for master users.

Access roles

An access role defines what actions with account objects are allowed for a user. To go to role management, select Settings → Roles in the main menu.

The opened list displays existing roles. You can clone or delete a role from the context menu on the right side of the tile. If you want to edit a role, click on its name.

To create a new role, click + Create at the top of the page.

Three parameters are configured for each role:

  • Name, which master users see in role lists.
  • Groups on which the role restrictions will apply.
  • Access rules to objects of the selected Groups.
caution

If the Main group is included in a role, this role will apply to all account objects. Master users are not subject to role and group restrictions. The exception is the ability to delete profiles, which must be activated independently, including for master users.

For all account objects, you can allow View, as well as Create and edit. For databases, segments, suppression lists and resources, Read and export is also available - downloading data lists.

note

A role without the Moderation option in the Message access block will only allow saving message templates as drafts. Such drafts will be available in mailings only after activation - by a user with appropriate access rights. Such a role is convenient to set for contractor accounts creating mailing templates.

For Mailings and Scenarios you can prohibit Launch: users with such a role will only be able to prepare mailings, while checking and launching them will be done by a user with sufficient access rights.

For Campaigns separate access rights are available:

  • Campaigns - View object — view campaigns and their settings
  • Campaigns - Create and edit — create and modify campaigns
  • Campaigns - Launch — activate, deactivate and complete campaigns
Permission dependencies

Working with Campaigns requires additional access rights:

  • Campaigns - View object requires view rights for: Mailings, Scenarios, Segments, Databases
  • Campaigns - Launch requires launch rights for: Mailings and Scenarios

Roles can restrict user actions with the following platform objects:

  • Resources — tool for managing customer subscriptions to various content through specific communication channels.
  • Databases — database for storing customer data.
  • Scheduled database imports — automatic synchronization of Altcraft profile database with external database (e.g., corporate CRM or SQL database).
  • Relations — used to record interactions between your customers, or customers and company managers.
  • Queries — SQL queries to external databases. The role regulates user work with template queries and segmentation queries.
  • Message templates — content you send to subscribers as part of a mailing.
  • Message fragments — part of a template that can be used in other templates.
  • Segments — part of a database that includes profiles meeting certain conditions. The role regulates actions with static and dynamic segments.
  • Suppression lists — list of email addresses, domains and phone numbers excluded from mailing.
  • Mailings — broadcasts, regular and trigger mailings, multivariate tests, placements.
  • Campaigns — combination of mailings, scenarios and other activities into a single strategy.
  • Scenarios — automated chain of conditions and actions that follow when they are met.
  • Tracking pixels — HTML or JavaScript code placed on a website or in an application, designed to track user actions.
  • Forms — element on a website page through which the user enters and submits their data to you.
  • Loyalty programs — module for managing promotions and promo codes.
  • Virtual senders — set of rules for sending messages for real email and SMS sending modules.
  • Market — module for working with e-commerce product and order data.

User accounts

Management of Altcraft account user accounts is available both in the user interface and in the Admin Panel. This article covers the user interface functionality. To go to user account management, select Settings → Users in the main menu. The opened list displays existing user accounts.

Go to changing user settings by clicking on the record name. If you want to delete a user, click on the trash icon on the right.

How to create a new user account

To add a new user to the account, click + Create at the top of the page.

General settings

In general settings, specify the following data:

  • Username — account name. Username is used to log into the account, together with the account alias, in the form login@account.
  • First and last name of the user.
  • Contact email address — address to which access data will be sent.
  • Contact phone — user's phone number.
  • Interface language — choose between English and Russian.
tip

If platform account access is configured via LDAP protocol, through the organization's directory service, the directory service login and account alias will be used for platform authorization: user@company**@account**. The password in this case is also set in the unified directory service.

Notification settings

Enter the email address to which notifications will be sent to the user. Also select system notifications to be notified about:

  • Limit exhaustion — notification will be sent if the account tariff has limits configured, and the number of profiles or number of sent messages has reached the maximum;
  • Subscriber complaints — the percentage of complaints about messages has exceeded the allowable value.
  • Hard bounces — the percentage of hard bounce has exceeded the allowable value.
  • Soft bounces — the percentage of soft bounce has exceeded the allowable value.
  • Send daily/weekly reports — a report containing main mailing metrics, as well as data on audience growth and goal achievement, will be sent to the user's email with a certain frequency.

Security settings

Set a password for the user to log into the account. The password must contain from 8 to 32 characters, including numbers and special characters.

After creating a new user, the password can be automatically transmitted to the owner by checking the Send access email to user option. To make editing this field possible, make any changes to the password. For example, you can add a period and immediately delete it.

If you activate the "User must change password on first login" field, the user will have to click the "Forget password" button upon login, enter the provided username and create a new password.

note

If platform access is configured only via LDAP, password management in the interface is not used.

Access to account objects

In the Access block, it is configured which actions the user can perform with objects of certain Groups of the account:

  • Master — a user with this setting will have access to any actions in the account's Main group. Accordingly, they will have access to all objects of all groups. At the same time, role restrictions will not apply in any way. Master users have access to the "Settings" block in the main menu, where they can manage other user accounts: delete users, edit their access, download personal data, as well as change notification and security settings.
  • Roles — previously created access roles.
  • Access groups — groups of account objects that the user will be able to interact with.

For a user to be able to log into the account, their account must be active, and at least one role and at least one group must be set for it.

The chart on the right shows the interaction of user groups and roles:

caution

If a role does not have a group available to the user, the role rules will not work, and the user will not be able to interact with the group's objects.

If a role has a group that is unavailable to the user - it will remain unavailable.

After completing the setup, click the "Save" or "Apply" button at the top of the page:

The Deactivate button will make the account inactive. Users with this setting will not be able to log into the platform.

API tokens

API tokens are used for authorization in the account when using the API. To go to token management, select Settings → Tokens in the main menu.

The opened list displays existing tokens. You can go to token editing by clicking on its name. If you want to delete a token, use the button on the right. To create a new token, click + Create at the top of the page.

For a new token, choose a suitable name or leave the system one. The token itself will become available after saving the record. For a token, as for a user account, it is necessary to set groups of account object visibility and related roles of access.

caution

If a token is given access to the Main group, all account objects will be available to it, including those belonging to other groups.

Last updated on