Access Control Features

MEP is designed to have multiple MEP users accessing it, each with their own login credentials and permissions. MEP user accounts can be restricted through access control so that users have access to only the features and data they require.

Why restrict user access?

Many companies want to limit the access of individual users in MEP to just the information that a user needs to use or see. For example, they may wish to create users who can only:

  • Access certain elements for a specific campaign, such as a service or short code. This is particularly useful for resellers who must limit access by campaign.
  • Use a subset of the functions available; for example, you may not wish all your users to be able to send a broadcast message or see confidential reports.

We strongly advise you to issue a new account for each person needing access to MEP.

Initial accounts set up by OpenMarket

When your MEP customer account is provisioned with OpenMarket, we will create a set of users for your company with the right permissions to administer your company's services and account. These "admin" users are referred to as Security Managers in MEP, as this is the user role that gives a MEP user the right to create new users and add and change user settings.

There is no restriction on the number of users that you can create for your customer account.

Access control features

A MEP user's access is determined by:

  • Roles — These define the types of actions that a user can do in the main functional areas of MEP; for example, whether they can create or edit services (Service User or Manager roles). You will need to set a user's roles first.
  • Collection restriction — This controls the data the user can access. For each role that a user has, MEP maintains a list of the collections they can access. For example, if the user has the Service User role, you must choose which service collections they can access.

These features enable you to partition data (or campaigns) between user accounts. This is necessary for companies where users in different departments should not view each other’s data, and essential when reselling MEP to third parties.

User roles

Roles in MEP are divided by feature and level of access.

The Main Roles set the actions that a user can do in the main functional areas of MEP (e.g. Services, Subscriptions, Routing). The roles are:

  • Manager — Unrestricted access, enabling them to edit all entities in all collections for your customer account. They will also be able to view disabled and deleted items. System Managers can create and edit user accounts.
  • User — Restricted to viewing and editing only the collections you want them to access.
  • Viewer — Restricted to viewing only the collections you want them to access.

These roles are set by functional area within MEP, as shown below:

Image showing the main roles you can assign a user

As you add Viewer, User, or Manager roles to a user, MEP will add further options on the screen for restricting access to collections related to that role.

The Other Roles are a collection of specific functions that you may want to restrict or allow a user to access.

Image of the Other Roles section of MEP user accounts

Note that the User history viewer Role gives the MEP user access to view all messages sent to and from a mobile number by your services. This is regardless of whether the MEP user is restricted from seeing details about a specific service collection or routing code.

How access to collections is restricted

You can restrict user access by collection and, for broadcasts, by the type of broadcast.

MEP groups units of data, such as subscription lists or content items, into Collections. The restrictions a user has on a Collection are set initially by the roles they have. Users with a Manager role will be able to access all Collections for which they are a Manager. Users with a Viewer or User role have their access restricted to only a subset of Collections that they are explicitly granted access to.

As you set the roles for a user, MEP adds the options on screen for restricting access to Collections related to that role. For example, if you give a user the Service User, Subscription User and Broadcast User roles, you would see the following added to the page:

Image showing a closed list of collections for the Service, Subscriptions and Broadcast User roles

Clicking on a title expands a section. From there, you can select which Collections you want available to the user:

Image showing the user permissions for Service and Broadcast collections expanded out

What occurs when a new collection or role is created

When you create a new collection in MEP, the following will occur:

  • Users with the Manager role for the functional area will automatically be able to access the collection.
  • Users with the Viewer or User role for the feature will not have access to the collection. You will need to add them manually.

If a new "Other Role" is added then you will need to add the Role for all users, regardless of any Main Role they have. This may occur if you provision a MEP API that you can restrict by user or OpenMarket adds new functionality to MEP that requires user permissions.