Configure Contact Security!
Many organizations have a broad range of contact data, and they need to control what employees have access to that information. You can use contact security in Eloqua to achieve this. Contact security allows you to create labels, and apply them to users and contacts in your database. Users in a security group can only access contacts that are assigned the same label(s) as them. Any combination of labels can be assigned to a contact or a group, and this provides a significant degree of control over your contact data. This functionality is also known as Label-Based Access Control (LBAC).
For example, if you have geographically separate business units, then you can create labels based on geographical region in order to keep your targeted audiences separate. Once you have defined the users or groups that will require specific sections of contact data, applying the appropriate labels will prevent from those users or groups from accidentally mishandling other contacts outside their region.
Contact-security supports the management and combination of labels so that access to contact data is clearly and explicitly defined. Determining what labels are applied to which contacts depends on your current business processes, and the needs of your organization.
Labels and categories
Categories should accurately reflect the types of labels they contain. For instance, many companies categorize labels by region or country. If your organization has competing divisions, sales organizations, channels, or user responsibilities, then you may want to set up a category for that structure, and define labels for each division or channel.
Assigning labels: how it works
With an out-of-the-box Eloqua installation, contacts that are added to your database will not have any label; those contacts are searchable and visible by all users. Administrators can create labels from within the User Management area of Eloqua, and subsequently apply those labels to the appropriate user security groups.
Labels are then applied to contacts through a program that you build and activate in the label assignment workflow canvas. This canvas functions similarly to the standard program canvas, but is itself a separate area for the purposes of label-based access control. Contacts are pulled into the program by a data source step, are fed along a path and filtered through decision steps, and arrive at an action step where labels are applied (or removed, depending on your configuration).
A label-based program can be designed in a number of ways. For example, you can use the Listener step to listen for all new contacts as they are added to database in real time, and immediately add them to your program. Alternatively, you can create segments of existing contacts and send them through your program for the sake of organizing your database. All program steps are configured directly on the workflow canvas.
Learn more by watching the video! - How to Create a Label Assignment Program
Best Practice Tips:
- Keep it simple. We recommenced no more than 2 or 3 categories when starting out.
- Define criteria for the division of contacts in advance, and set business rules within your own sales divisions (if applicable).
- Optionally, you can create a basic label (and its category) and assign it to an administrator security group. Then, configure the assign default label settings so that all new contacts will be given this label by default. This will restrict access to all new contacts before they are processed by a label program.
- A campaign or program inherits the security labels of the person who (re)activates it. This means that if a user creates and activates a campaign consisting of contacts with "Security Label A" applied, and a second user with "Security Label B" deactivates and reactivates the same program, all of the contacts with "Security Label A" will be immediately removed from the program. This ensures that a user cannot directly process contacts for whom they have no security rights. If you need to run a campaign created by another user, use the Run As User function to avoid changing the security labels of that campaign.
Oracle Eloqua Help Center: Contact Security
Topliners Community: Contact Level Security: Talking Through the Use-Cases
Topliners Community: What is Eloqua Contact Level Security? 8 Steps for Success
Oracle University Academy Course: Eloqua 10: Database Security (Web Based Training)
Download this Guide: Eloqua Contact Security and FAQ
Q: How do we provide separate reporting dashboards for the different business segments?
A: This could accomplished in Insights by creating custom dashboards that could be filtered. An Analyzer license is required for creating custom reports and dashboards in Insights. Learn More with the Academy Course: Eloqua 10: B2B: Insight for Reporters (OBI)
Q: What Form notification changes will be needed for the different business segments?
A: Form processing steps for notifications can be configured with conditional steps to determine which notification to send depending on what was captured on the form, or a contact field that has been flagged with their Business Unit potentially. Learn more with the Oracle Eloqua Help Center: Processing Form Data
Q: If one business segment has a blocked contact in the master exclude list, but the other business segment needs the contact, how to proceed?
A: Once Contact Security is configured and contacts are being labeled properly, they could be removed from the master exclude list as Contact Security will keep other business units from having the ability to email to that contact.