Setting up Property Level Access Control (PLAC)

See Property Level Access Control (PLAC) in Medallia Digital and Mapping Experience Cloud roles to Digital properties for instructions on setting up the PLAC feature.

Property Level Access Control (PLAC) in Medallia Digital

  1. Confirm all prerequisites have been met.

  2. If this is a new to digital program, ensure that a test Digital admin user has been set up with the data access permissions.

  3. If this is a live digital program with users accessing Digital Medallia Admin Suite, test in a sandbox environment.

  4. Contact your Digital expert to have the Digital account enabled for SSO PLAC via the API call. Ensure that this is done for the correct digital account and data center.

  5. Once configuration has been completed, verify that the feature is behaving as expected through a variety of test cases.

    • A digital administrative user with access to units X, Y, and Z on Experience Cloud should only be able to view and configure the respective digital properties in Digital.

    • A digital administrative user with access to a custom unit group containing units A and B should only be able to view and configure the respective digital properties in Digital.

    • A digital administrative user with access to digital units not associated with the Unit Type = Digital unit group experiences a login failure during the SSO connection.

Mapping Experience Cloud roles to Digital properties

  1. Obtain the Experience Cloud role IDs for the reporting roles needing to be synced. This is available as a URL parameter roleId in Experience Cloud reporting.

    Role ID URL parameter.

  2. Contact your Digital expert to request this to be set up. Provide the role IDs and the respective digital properties with which these roles need to be synced. Additionally, the Digital expert needs to obtain the respective UUIDs for the standard report modules within responsesForm and responsesFilter to ensure that these reports are also in sync on a role level.

  3. Once configuration has been completed, test the integration by checking if the Published Forms or Unpublished Forms tabs are showing survey sub-tabs from other properties to which a given role does not have access. You also need to test that the Responses Form and Responses Filters are being updated accordingly.

Important:

  • Do not amend unit and unit group identifiers in Experience Cloud as part of this integration. This breaks the integration for both responses data availability in Experience Cloud as well as user PLAC workflows.

  • Medallia Admin Suite administrative capabilities are applied only on a users' primary roles. Because of this, Digital administrative users must have the relevant admin roles applied to their primary roles.