Security and Permission Options The Nation Craves
Robb Barrett
Now that we know that Audit trail (Audit Trail (Vote on this Idea, not it's dupes)) is on it's way, we have the feeling that some security topics needs to be addressed, specifically in large enterprises.
1-Making sure that the users work where they are supposed to
These ideas related to how we can control in which spaces of a Marketo application a user can work:
- More Role Permissions Flexibility + built-in approval mechanism (Thx Nathan Allison )
- More granularity in permissions/roles -- permissions on folder level
- Read Only Users:
2-Better control the functionality a user has across the instance:
This section is about better controlling the Marketo functionality a User can leverage, with regards to his maturity with the system and the organization and processes that are set. Most of these items relate to the granularity of user permissions, as described here Permissions required to send a sample?(Thx Dory Viscogliosi), here: User Permission for Removing A/B Test from Email Program (Thx Amanda Song), here: Managing user permissions / roles and approval processes (Thx Nathan Allison), here: Is there a role permission for Create Program? (Thx Jayson Cote ) and here Custom Role to prevent user NOT to edit Lead Database Smart Lists. All in all, this summarizes in a few ideas:
- Granular Level of User Roles Settings and Restrictions (Thx Sonnia Hove)
- Authorize access to asset creation in the marketing activities but not it in the design studio (Thx Grégoire Michel)
- Role Permission to Import List (Thx Valerie Armstrong)
- Permissions for sending Operational Emails (Thx Allison Maristuen)
- Increase permissions/restrictions on cloning assets using certain templates (Nathan Allison )
- Limit program types per role (Thx Grégoire Michel)
- Have all manual flow steps subject to a role permission (Thx Grégoire Michel)
- Hide Deliverability Tools to Marketo Users (Thx Edward Masson)
- Ability to add to Lists
- Ability to completely hide based on role,
- Ability to edit SCs, SLs, Emails, LPs, Forms
- Very unexperienced users might also need to access the instance with limited risks: Read-only admin role as well as Read-Only User (Thx Dina Otero )
3-Prohibiting users to change critical assets in the instance:
This section is about making sure that a less experienced users cannot inadvertently modify an asset in the instance through some level or locking and permissions, as expressed here: Lock down permissions to certain forms or campaigns (Thx Amanda Cook):
- The first of the need here is the possibility to Check-out assets: Revision control / check-in check-out of assets
- We also Need to be able to see who else is editing (Thx Olivia Piper)
- and be notified when an asset is available (Thx Robb Barrett)
- We also need to offer a much better control of which folders in Marketing activities, lead database, Design studio and RCE a user can work in: Asset and folder-level roles and permissions (Thx Neil Wright) Enable folder level permissions within Revenue Cycle Explorer (RCE) (Thx Dan Stevens.)
- Smart Campaign and Smart List View Only Mode (Thx Josh Hill)
- Ability to remove right to edit approved asset (Thx Chelsea Sharkey)
- Password protection of assets
- Locking Campaigns
- Lock Down Smart Lists and Ability to password protect select smart lists (Thx Julie Kahsen)
- Limit asset changes to active programs for specific user roles
- Ability to lock campaign folders (ThxMichelle Tiziani)
- Ability to clone but not change (Thx Robb Barrett)
- A specific point should be made on program cloning and changing, which includes the way tokens are protected:Make the right to create or delete program tokens, as well as change token names, a specific permission (Thx Grégoire Michel)
4-Security of data
This series of ideas relate more on how we can better secure the data from being wrongfully exported and distributed to non authorized internal and external users, as more and more company become sensitive about data privacy and data ownership
- Smart List Subscription levels (Thx Stijn Heijthuijsen )
- Make view lead a separate right in the lead database
5-User management and compliance
More and more companies would also love to see Marketo strengthening its capacity to comply with high standard or user management, documentation and compliance:
- Export Role Details (Thx Sean Tierney ) and Exporting User & Roles list from Marketo Admin (Thx Mike Truong ) would be needed to that creating doc is not too painful
- User management should enable to deactivate a user without having to delete it, so that it remains in the system for the sake of traceability: Lock/deactivate Inactive Users and Deactivate user without deleting it (Thx Grégoire Michel)
- Password management should also be strenghtened as expressed here: Ability to automatically expire Marketo user login passwords
- Admins should be notified when some weird behavior are detected: Locked User Notifications (Thx Shannan Garrett Cooper )
6-Integrations
Using Marketo within the constraints of larger security frameworks shoud also be made easier:
- Manage User Accounts Via Active Directory (Thx Bridget Campomanes ) and BTW, any other LDAP directory
- User provisioning API (Thx Grégoire Michel)