Wednesday, April 28, 2010

Locking Down Your Assets

Guest post from Chad Horenfeldt

Eloqua has some great security features that let clients of all sizes implement specific business processes within Eloqua. In this post, I’m going to focus on securing assets in Eloqua.

By assets, I’m referring to the following objects within Eloqua that can be locked down:

- Email
- Email Group
- Contact Filters
- Distribution Lists
- Programs
- Forms

Eloqua allows you to lock down assets by either security group (a specific group of Eloqua users) or by individual user. Let’s look at a specific example. Let’s say you want to modify the security rights of an Email Group within Eloqua as you don’t want certain users to have access to these emails within this folder. We’ll assume that you have Customer Administrator security rights. Login to Eloqua and go to the Email area. Click on the drop down menu of the email and select “Edit Security”.

From the “Edit Security Rights” window, you can quickly select if the various security groups should have the ability to view, edit, delete or modify the security rights for this Email Group.

All you need to do is click on the red X to change it to a green check and vice versa. In this case, we only want certain users to have access to the emails in this group so we’ll disable access for most of the email groups and add the two users that we want to grant access to: Greg Lui and Jeff Porter:

You’re all done! Only Greg and Jeff can access this Email Group. Just to add to this, users who create their own Email Groups can adjust the security access to it.

The same type of asset protection can be done for the other assets listed above such as emails, email templates, forms, programs and email distribution lists. As another example, you can remove editing privileges of an email to a security group or user(s) but these users can still copy the email and modify it for their own purposes. We often recommend to our clients to create emails that will be used as templates this way. After they’re created, put them in an Email Group called “0 Templates” so they appear at the top and ensure that the emails are locked down so that they can’t be modified. You can also secure the sections of an email but we’ll leave that topic to a future post. Remember to lock down your assets – especially if you have multiple groups operating within one Eloqua instance.


T. Baxter said...

This is great -- but users get unfiltered access to all contacts in the database, which makes the distribution list security settings fairly useless. I hope at some point you are able to add the ability to set up "true" security groups, where we can lock down very specific parts of the application and assets for user groups so that users don't even see what they do not have access to.

Right now Basic Marketing users (the lowest access) can email the entire database at any time -- very risky for large organizations with many contacts and users.

Thanks and good luck!

Abigail said...

Well said, Baxter. For a global Eloqua instance it would be great to lock down contacts in certain regions.

Steven Woods said...

Point taken, thanks Baxter & Abigail. It's a capability we do get a lot of interest in, so it's definitely top of mind and designs are being actively looked at.