Configuring Profile View
You may want a user or group of users to be able to view profiles within certain folders without granting them Full Control to All Folders within a Parent Segment. With Profile View permission, you can grant users Profile View for certain Folders, without compromising other folders and segments to which the user should not have access. An Administrator may assign a profile to a user to enable or limit their access.
This article provides details on how to apply or update Profile View permission for a particular parent segment and its associated folders using endpoints for Access Control Permissions.
INFO
An audience ID may represent a parent segment, a batch segment, or a realtime segment.
This topic contains:
- Prerequisites
- Verify Profile View is Applied to a Policy
- Apply Profile View Policy
- Update a Policy’s Profile View
- Remove Profile View Permission
Prerequisites
- Basic knowledge of Treasure Data
- Your personal Master API Key
Verify Profile View is Applied to a Policy
To confirm a policy has Profile View applied, you first need to view which permissions a policy has enabled. In the example that follows, you can view the permissions for policy 1115654.
Sample Request
curl --location --request GET 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions \
--header 'Accept: application/json' \
--header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \In the following response, this portion of the response shows profile view has been applied to the parent segment indicated here as the audience ID 69129.
Sample Response
{
"Profiles":[
{
"audience_id":"69129",
"operation":"view"
}
]
}Apply Profile View Policy
To apply the Profile View Policy to a parent segment, you must include the following field in the payload. In the following example, the parent segment 143857 is added to Profile View policy and the operation is set to view.
"Profiles": [
{
"audience_id": "143857",
"operation": "view"
}
]Update a Policy’s Profile View
You can update how a profile view is applied to a policy by using the policy id and the audience id the parent segment should be assigned to. In the examples that follows, the audience ID (or parent segment) 143856 is applied to the policy 1115654. In the first example permission to view all folders within the specified segment is applied. Whereas in the second example, different permissions are set to specific folders within the parent segment.
Example 1
In the example that follows, the policy is applied to all folders for the audience ID 1413856 and the SegmentAllFolders permission is set to view, enabling permissions for all the folders within the specified segment.
Sample Request
curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--data-raw '{
"Profiles": [
{
"audience_id": "143856",
"operation": "view"
}
],
"SegmentAllFolders": [
{
"audience_id": "143856",
"operation": "view"
}
]
}'The following response confirms that Profile View is applied to the parent segment 143856 as well as its folders. With this change, the user with this policy is able to view all profiles in the parent segments’ folders to which the user also has, at minimum, folder view permission.
Sample Response
{
"Profiles": [
{
"audience_id": "143856",
"operation": "view"
}
],
"SegmentAllFolders": [
{
"audience_id": "143856",
"operation": "view"
}
]
}Example 2
In the example that follows, the Profile View policy is applied to all folders for the parent segment 1413856 and the view or edit operation is applied to specific folders within the parent segment, while the value for the SegmentAllFolders field is left empty.
Both view and edit operations are applied to the specified folder 498948. While only the view operation is applied to folder 498708.
Sample Request
curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--data-raw '{
"Profiles": [
{
"audience_id": "143856",
"operation": "view"
}
],
"SegmentAllFolders": [],
"SegmentFolder": [
{
"id": "498708",
"operation": "view"
},
{
"id": "498948",
"operation": "view"
},
{
"id": "498948",
"operation": "edit"
}
]
}'The response confirms Profile View is applied to the parent segment 143856, with more granular permissions applied to folders 498708 and 498948 within the segment.
Sample Response
{
"Profiles": [
{
"audience_id": "143856",
"operation": "view"
}
],
"SegmentAllFolders": [],
"SegmentFolder": [
{
"id": "498708",
"operation": "view"
},
{
"id": "498948",
"operation": "view"
},
{
"id": "498948",
"operation": "edit"
}
]
}Remove Profile View Permission
To remove Profile View permission for a particular parent segment, omit the audience_id for that particular parent segment. In the example that follows, Profile View permissions are first confirmed for parent segments 143856 and 143857.
{
"Profiles": [
{
"audience_id": "143856",
"operation": "view"
},
{
"audience_id": "143857",
"operation": "view"
}
]
}In the request payload, Profile View permission is removed for audience ID 143856, while Profile View permission is retained for audience ID 143857.
Sample Request
curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--data-raw '{
"Profiles": [
{
"audience_id": "143857",
"operation": "view"
}
]
}'The response confirms Profile View is applied only to the parent segment 143857.
Sample Response
{
"Profiles": [
{
"audience_id": "143857",
"operation": "view"
}
]
}