I recently inherited a marketo database and am new to administrating the platform in general. I come from a salesforce background and have been spoiled at having the ability to look up what each permission does and exactly what it controls. I've searched out there for something similar with marketo and haven't had a whole lot of luck finding a consolidated document that describes the roles well. I have tried compiling my own and there were a few things I didn't know, but if there is an expert out there, can you take a glance at this and let me know if I've misunderstood any of the permissions?
Marketo Custom Objects: only granted to the standard Admin role.
First off, thanks for taking the initiative to share this! I feel like Marketo's own documentation is a little weak in this respect, since it only lists permissions without explaining what those permissions actually control. To answer a few of your questions:
1e/1m. For whatever reason, Marketo has the permissions for data.com and MKDenial defined even on instances that do not subscribe to either service.
1i. I believe this specifically refers to the ability to upload files other than images in Design Studio, but would love clarification from Marketo.
7a. This specifically refers to the ability to create and administer workspaces themselves; granting a user access to workspaces is actually done when assigning individual users roles (since you may want someone to be an admin of one workspace, but have less permissions on another, for instance.)
Also, throwing this one out there: what is "Access/Administer Vespa"?
I completely realized I posted this under my test user's account and not my own. *sigh* Is there anyway to change the ownership of the thread? If not, no worries.
Wow, this is a great summary! While I haven't verified every role to be correct, I would highly encourage the Marketo documentation/education team to add this to product docs.
Thanks for publishing this! As a word of warning: I was recently told by Support that certain rights are not entirely dependent on that check box in the role. For instance, if you have a user you would like to manage communication limits and the global footer, they need to be the default Admin, despite checking that box when creating a custom role. I would really like to see an easier way to manage access in the application. I have users I want to empower for every Marketing-related functionality, but, because we are fully integrated with several other databases within our company, I need to keep tight restraints on mass edits to the database, field creation/additions, etc. This is the first application I worked with that makes administration this murky.
I haven't run full tests on each of the admin functions you outlined, but I know communication limits and the footer are dependent on the user having full admin rights. Channel Tags are not; you can give a user access to these without granting full admin privileges.
Thank you for documenting all of this! Quick question..
Does this permission encompass cloning entire programs? I'm researching the possibility of allowing an international user who works in one work space the ability to clone programs from the US work space.
Yes, Anna, when cloning a Program, it will clone all assets/items underneath.
The ability to Clone items under Marketing Activities encompasses this as well.
Sharing a document page I came across today, as I'm researching what permissions/access each role has. Looks like you got the list covered!