User Role with PII Restrictions

elduarte · ‎04-13-2023

I'm looking for a way to give a user access to view Marketing Activities without allowing any PII to be visible.
I've tried setting up a custom role that does not include database access but I am concerned that data is still visible in program "member" tab.

Any suggestions on what I can do to achieve the above would be awesome!
Thanks in advance.

Darshil_Shah1 · ‎04-16-2023

Agreed with Sandy here! Marketo is a Marketing Automation Platform that uses PII (e.g., Email Address, Phone Number, etc.) data (ideally collected via reasonable means) to send out marketing/operational content to people. It's not very possible to grant someone access to the Marketing Activities section with 0 possibilities of them being able to see the PII data. Marketo, especially the core sections like Marketing Activities and Lead Database are all full of PII data in the first place. There are certain third-party platforms available that use Marketo's APIs internally to create/edit/update marketing assets in Marketo, you can possibly explore those options so your external users cannot possibly see any PII data while making updates to the assets in Marketo via a third-party platform. Of course, not everything that could be updated via GUI could also be updated via the APIs,e.g., editing a campaign flow/SL isn't possible via API, and hence wouldn't be possible by any external third-party platform leveraging Marketo APIs too.

View solution in original post

SanfordWhiteman · ‎04-13-2023

Can you describe exactly what they should see? Are you trying to expose (for example) canned reports only?

elduarte · ‎04-13-2023

Hi Sanford - I want the user (in this case a third party agency) to be able to go into Marketing Activities app and edit assets and campaigns without any PII being exposed nor having the ability to export lead data. For instance in Marketing Activities they program member data is visible and exportable even with no access to the database.

SanfordWhiteman · ‎04-13-2023

Doesn't seem feasible as in Email Editor alone, you can Preview by Person and embed {{lead.tokens}} in the asset.

Darshil_Shah1 · ‎04-16-2023

Agreed with Sandy here! Marketo is a Marketing Automation Platform that uses PII (e.g., Email Address, Phone Number, etc.) data (ideally collected via reasonable means) to send out marketing/operational content to people. It's not very possible to grant someone access to the Marketing Activities section with 0 possibilities of them being able to see the PII data. Marketo, especially the core sections like Marketing Activities and Lead Database are all full of PII data in the first place. There are certain third-party platforms available that use Marketo's APIs internally to create/edit/update marketing assets in Marketo, you can possibly explore those options so your external users cannot possibly see any PII data while making updates to the assets in Marketo via a third-party platform. Of course, not everything that could be updated via GUI could also be updated via the APIs,e.g., editing a campaign flow/SL isn't possible via API, and hence wouldn't be possible by any external third-party platform leveraging Marketo APIs too.

elduarte · ‎04-18-2023

Thanks both, very helpful!

User Role with PII Restrictions

User Role with PII Restrictions

Re: User Role with PII Restrictions

Re: User Role with PII Restrictions

Re: User Role with PII Restrictions

Re: User Role with PII Restrictions

Re: User Role with PII Restrictions

Re: User Role with PII Restrictions