How security policies work

Security policies are the "rule books" that govern security for folders and objects in Unica Campaign. They are consulted each time a user performs an action in the application.

You can create your own security policies or use the default global security policy included with Unica Campaign.

In Unica Campaign, security policies are assigned to folders. When you create a top-level folder, you are required to apply a security policy to the folder. Any objects or subfolders within that folder inherit the folder's security policy.

Because the top-level folder determines the security policy of the objects in the folder, you cannot directly assign a security policy to objects. To change the security policy of an object, you must move the object into a folder with the desired security policy or into the top-level root folder.

You also cannot directly assign a security policy to a user. Unlike objects and folders, which are assigned to security policies as a whole, users are assigned to roles within security policies. To control what users can do, you assign users to roles within security policies. In this way, you control user access to objects within folders that use those security policies.

If a user is not explicitly assigned to at least one role in a security policy, that user cannot create folders and objects under a top-level folder that uses that policy, and that user has no access to objects under that folder or its sub folders.

The following diagram illustrates the relationship between security policies, folders, objects, roles, and users.

The diagram illustrates the relationship between security policies, folders, objects, roles, and users.

Top-level Administrative roles

Administrative roles in Unica Campaign are assigned for each partition. Users with these roles can perform the allowed actions on any objects within the partition, regardless of the security policy used in the folders that contain the objects.

Security policies and partitions

Security policies are created per partition. There is no sharing of security policies across partitions.

Each partition in Unica Campaign can have multiple security policies.

Security policy changes when folders and objects are moved or copied.

Objects and folders can be moved or copied across security policies, but the user performing the move or copy must have permissions to do so, in both the source and destination policies.

After an object or folder is moved or copied to a folder that is assigned to a different security policy from its source, the security policy of the lower-level objects or subfolders is automatically changed to the security policy of the new folder.