Recommended Access Control Settings
Thirty-One Circles access control system is designed to give you complete control over where your data flows and how it is used.
We recommend that you set up access to the platform using the “principle of least privilege” this is security terminology for only providing access to what users need rather than granting wider access for ease. The initial project creator is immediately granted Admin access. After this, every new user must have permissions assigned to them, allowing you to reflect on the required access.
For Project level permissions, generally, as you move from “Admin > User Admin > Connector Control > Audience Builder”, the number of users with that permission set should increase. It is worth reviewing your setup if you have more Admins than users with “Audience Builder” permissions.
For Customer Data Export Permissions, access is granted based on the consent given by the user. This way, it is possible to restrict users to only export data they need access to for their role.
- “Automated” exports are much more secure than “Manual” as data is sent directly to the pre-built destinations (connectors), keeping the data on secure pipelines throughout.
- “Manual” exports allow for the download of hashed email lists to the user’s computer (as long as this includes at least 100 users), which is useful if the data can’t be sent via an automatic route.
Our best practice is to only grant “Manual” exports to those who absolutely need them and remove them once this is no longer required, as this is less secure than the automated equivalents.
Matching Project and Export Permissions
Our final recommendation in this section is to grant flexibility and security by restricting as many users as possible to only “Audience Builder” and “Automated” exports. This allows for flexibility to create audiences on the fly while data moves only in a secure environment from a pre-allocated source to a pre-allocated destination. Consider everyone who needs more permission from this as an exception rather than the norm, and your account will remain more secure than granting everyone Admin.