Documentation

Developers

API References
Data Subject Request API

Data Subject Request API Version 1 and 2

Data Subject Request API Version 3

Platform API

Platform API Overview

Accounts

Apps

Audiences

Calculated Attributes

Data Points

Feeds

Field Transformations

Services

Users

Workspaces

Warehouse Sync API

Warehouse Sync API Overview

Warehouse Sync API Tutorial

Warehouse Sync API Reference

Data Mapping

Warehouse Sync SQL Reference

Warehouse Sync Troubleshooting Guide

ComposeID

Warehouse Sync API v2 Migration

Bulk Profile Deletion API Reference

Calculated Attributes Seeding API

Data Planning API

Custom Access Roles API

Group Identity API Reference

Pixel Service

Profile API

Events API

mParticle JSON Schema Reference

IDSync

Client SDKs
AMP

AMP SDK

Android

Initialization

Configuration

Network Security Configuration

Event Tracking

User Attributes

IDSync

Screen Events

Commerce Events

Location Tracking

Media

Kits

Application State and Session Management

Data Privacy Controls

Error Tracking

Opt Out

Push Notifications

WebView Integration

Logger

Preventing Blocked HTTP Traffic with CNAME

Linting Data Plans

Troubleshooting the Android SDK

API Reference

Upgrade to Version 5

Cordova

Cordova Plugin

Identity

Direct Url Routing

Direct URL Routing FAQ

Web

Android

iOS

Flutter

Getting Started

Usage

API Reference

iOS

Initialization

Configuration

Event Tracking

User Attributes

IDSync

Screen Tracking

Commerce Events

Location Tracking

Media

Kits

Application State and Session Management

Data Privacy Controls

Error Tracking

Opt Out

Push Notifications

Webview Integration

Upload Frequency

App Extensions

Preventing Blocked HTTP Traffic with CNAME

Linting Data Plans

Troubleshooting iOS SDK

Social Networks

iOS 14 Guide

iOS 15 FAQ

iOS 16 FAQ

iOS 17 FAQ

iOS 18 FAQ

API Reference

Upgrade to Version 7

React Native

Getting Started

Identity

Roku

Getting Started

Identity

Media

Unity

Upload Frequency

Getting Started

Opt Out

Initialize the SDK

Event Tracking

Commerce Tracking

Error Tracking

Screen Tracking

Identity

Location Tracking

Session Management

Xbox

Getting Started

Identity

Web

Initialization

Content Security Policy

Configuration

Event Tracking

User Attributes

IDSync

Page View Tracking

Commerce Events

Location Tracking

Media

Kits

Application State and Session Management

Data Privacy Controls

Error Tracking

Opt Out

Custom Logger

Persistence

Native Web Views

Self-Hosting

Multiple Instances

Web SDK via Google Tag Manager

Preventing Blocked HTTP Traffic with CNAME

Facebook Instant Articles

Troubleshooting the Web SDK

Browser Compatibility

Linting Data Plans

API Reference

Upgrade to Version 2 of the SDK

Xamarin

Getting Started

Identity

Web

Alexa

Quickstart
Android

Overview

Step 1. Create an input

Step 2. Verify your input

Step 3. Set up your output

Step 4. Create a connection

Step 5. Verify your connection

Step 6. Track events

Step 7. Track user data

Step 8. Create a data plan

Step 9. Test your local app

HTTP Quick Start

Step 1. Create an input

Step 2. Create an output

Step 3. Verify output

iOS Quick Start

Overview

Step 1. Create an input

Step 2. Verify your input

Step 3. Set up your output

Step 4. Create a connection

Step 5. Verify your connection

Step 6. Track events

Step 7. Track user data

Step 8. Create a data plan

Java Quick Start

Step 1. Create an input

Step 2. Create an output

Step 3. Verify output

Node Quick Start

Step 1. Create an input

Step 2. Create an output

Step 3. Verify output

Web

Overview

Step 1. Create an input

Step 2. Verify your input

Step 3. Set up your output

Step 4. Create a connection

Step 5. Verify your connection

Step 6. Track events

Step 7. Track user data

Step 8. Create a data plan

Python Quick Start

Step 1. Create an input

Step 2. Create an output

Step 3. Verify output

Media SDKs

Android

iOS

Web

Server SDKs

Node SDK

Go SDK

Python SDK

Ruby SDK

Java SDK

Tools

Linting Tools

mParticle Command Line Interface

Smartype

Guides
Partners

Introduction

Outbound Integrations

Outbound Integrations

Firehose Java SDK

Inbound Integrations

Kit Integrations

Overview

Android Kit Integration

JavaScript Kit Integration

iOS Kit Integration

Compose ID

Glossary

Data Hosting Locations

Migrate from Segment to mParticle

Migrate from Segment to mParticle

Migrate from Segment to Client-side mParticle

Migrate from Segment to Server-side mParticle

Segment-to-mParticle Migration Reference

Rules Developer Guide

API Credential Management

The Developer's Guided Journey to mParticle

Guides

Getting Started

Create an Input

Start capturing data

Connect an Event Output

Create an Audience

Connect an Audience Output

Transform and Enhance Your Data

Platform Guide
The New mParticle Experience

The new mParticle Experience

The Overview Map

Observability

Observability Overview

Observability User Guide

Observability Span Glossary

Introduction

Data Retention

Connections

Activity

Live Stream

Data Filter

Rules

Tiered Events

mParticle Users and Roles

Analytics Free Trial

Troubleshooting mParticle

Usage metering for value-based pricing (VBP)

Analytics

Introduction

Setup

Sync and Activate Analytics User Segments in mParticle

User Segment Activation

Welcome Page Announcements

Settings

Project Settings

Roles and Teammates

Organization Settings

Global Project Filters

Portfolio Analytics

Analytics Data Manager

Analytics Data Manager Overview

Events

Event Properties

User Properties

Revenue Mapping

Export Data

UTM Guide

Query Builder

Data Dictionary

Query Builder Overview

Modify Filters With And/Or Clauses

Query-time Sampling

Query Notes

Filter Where Clauses

Event vs. User Properties

Group By Clauses

Annotations

Cross-tool Compatibility

Apply All for Filter Where Clauses

Date Range and Time Settings Overview

Understanding the Screen View Event

Analyses

Analyses Introduction

Segmentation: Basics

Getting Started

Visualization Options

For Clauses

Date Range and Time Settings

Calculator

Numerical Settings

Segmentation: Advanced

Assisted Analysis

Properties Explorer

Frequency in Segmentation

Trends in Segmentation

Did [not] Perform Clauses

Cumulative vs. Non-Cumulative Analysis in Segmentation

Total Count of vs. Users Who Performed

Save Your Segmentation Analysis

Export Results in Segmentation

Explore Users from Segmentation

Funnels: Basics

Getting Started with Funnels

Group By Settings

Conversion Window

Tracking Properties

Date Range and Time Settings

Visualization Options

Interpreting a Funnel Analysis

Funnels: Advanced

Group By

Filters

Conversion over Time

Conversion Order

Trends

Funnel Direction

Multi-path Funnels

Analyze as Cohort from Funnel

Save a Funnel Analysis

Explore Users from a Funnel

Export Results from a Funnel

Cohorts

Getting Started with Cohorts

Analysis Modes

Save a Cohort Analysis

Export Results

Explore Users

Saved Analyses

Manage Analyses in Dashboards

Journeys

Getting Started

Event Menu

Visualization

Ending Event

Save a Journey Analysis

Users

Getting Started

User Activity Timelines

Time Settings

Export Results

Save A User Analysis

Dashboards

Dashboards––Getting Started

Manage Dashboards

Dashboard Filters

Organize Dashboards

Scheduled Reports

Favorites

Time and Interval Settings in Dashboards

Query Notes in Dashboards

User Aliasing

Analytics Resources

The Demo Environment

Keyboard Shortcuts

Tutorials

Analytics for Marketers

Analytics for Product Managers

Compare Conversion Across Acquisition Sources

Analyze Product Feature Usage

Identify Points of User Friction

Time-based Subscription Analysis

Dashboard Tips and Tricks

Understand Product Stickiness

Optimize User Flow with A/B Testing

User Segments

APIs

User Segments Export API

Dashboard Filter API

IDSync

IDSync Overview

Use Cases for IDSync

Components of IDSync

Store and Organize User Data

Identify Users

Default IDSync Configuration

Profile Conversion Strategy

Profile Link Strategy

Profile Isolation Strategy

Best Match Strategy

Aliasing

Data Master
Group Identity

Overview

Create and Manage Group Definitions

Introduction

Catalog

Live Stream

Data Plans

Data Plans

Blocked Data Backfill Guide

Personalization
Predictive Attributes

Predictive Attributes Overview

Create Predictive Attributes

Assess and Troubleshoot Predictions

Use Predictive Attributes in Campaigns

Predictive Audiences

Predictive Audiences Overview

Using Predictive Audiences

Introduction

Profiles

Calculated Attributes

Calculated Attributes Overview

Using Calculated Attributes

Create with AI Assistance

Calculated Attributes Reference

Audiences

Audiences Overview

Real-time Audiences

Standard Audiences

Journeys

Journeys Overview

Manage Journeys

Download an audience from a journey

Audience A/B testing from a journey

Journeys 2.0

Warehouse Sync

Data Privacy Controls

Data Subject Requests

Default Service Limits

Feeds

Cross-Account Audience Sharing

Approved Sub-Processors

Import Data with CSV Files

Import Data with CSV Files

CSV File Reference

Glossary

Video Index

Analytics (Deprecated)
Identity Providers

Single Sign-On (SSO)

Setup Examples

Settings

Debug Console

Data Warehouse Delay Alerting

Introduction

Developer Docs

Introduction

Integrations

Introduction

Rudderstack

Google Tag Manager

Segment

Data Warehouses and Data Lakes

Advanced Data Warehouse Settings

AWS Kinesis (Snowplow)

AWS Redshift (Define Your Own Schema)

AWS S3 Integration (Define Your Own Schema)

AWS S3 (Snowplow Schema)

BigQuery (Snowplow Schema)

BigQuery Firebase Schema

BigQuery (Define Your Own Schema)

GCP BigQuery Export

Snowflake (Snowplow Schema)

Snowplow Schema Overview

Snowflake (Define Your Own Schema)

APIs

Dashboard Filter API (Deprecated)

REST API

User Segments Export API (Deprecated)

SDKs

SDKs Introduction

React Native

iOS

Android

Java

JavaScript

Python

Object API

Developer Basics

Aliasing

Custom Access Roles API

The Custom Access Roles API allows account admins to create, modify, and delete lists of specific permissions (custom roles) that can be assigned to users through the mParticle UI. Custom roles are helpful for mParticle accounts with multiple users who don’t need the same degree of access or when an admin needs to prevent a user from accessing a specific feature.

For example, there are only a few features a marketer would need to access, such as Audiences, Calculated Attributes, and the User Activity View. By creating a custom role for marketers, you can remove their access to features that are beyond the scope of their job, such as API Credentials, Data Planning, or Filters. Compared to generic user roles, the Custom Access Roles API gives you granular control so you can create roles that best fit each member of your team.

Endpoint

The Custom Access Roles API is located at https://api.mparticle.com.

Authentication

To use the Custom Access Roles API, you must first create a new set of API credentials that includes access to this API:

  1. Log in to your mParticle account.
  2. Click the User Profile icon at the bottom of the left nav bar, click Settings, and select the API Credentials tab.
  3. Click + Add Credential.
  4. Enter a descriptive name for the Display name.
  5. Check the box next to Custom Roles, and click Save.
  6. Copy the Client ID and Client Secret displayed in the modal window before clicking Done.

Create a new bearer token

After creating the new API credentials for the Custom Roles API, you can authenticate by issuing a POST request to mParticle’s SSO token endpoint:

https://sso.auth.mparticle.com/oauth/token

The JSON body of the request must contain:

  • client_id - the client ID, issued by mParticle when creating the API credentials
  • client_secret - the client secret, issued by mParticle when creating the API credentials
  • audience - set to a value of "https://api.mparticle.com"
  • grant_type - set to a value of "client_credentials"

Example curl request

curl --request POST \
  --url https://sso.auth.mparticle.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"...","client_secret":"...","audience":"https://api.mparticle.com","grant_type":"client_credentials"}'

Example HTTP request

POST /oauth/token HTTP/1.1
Host: sso.auth.mparticle.com
Content-Type: application/json

{
  "client_id": "your_client_id",
  "client_secret": "your_client_secret",
  "audience": "https://api.mparticle.com",
  "grant_type": "client_credentials"
}

Using your Bearer Token

A successful POST request to the token endpoint will result in a JSON response as follows:

{
  "access_token": "YWIxMjdi883GHBBDnjsdKAJQxNjdjYUUJABbg6hdI.8V6HhxW-",
  "expires_in" : 28800,
  "token_type": "Bearer"
}

Subsequent requests to the Custom Access Roles API can now be authorized by setting the authorization header as follows:

Authorization: Bearer YWIxMjdi883GHBBDnjsdKAJQxNjdjYUUJABbg6hdI.8V6HhxW-

Custom role manifest and tasks

All mParticle custom roles are stored in a JSON custom role manifest. This manifest contains a list of roles, and each role includes a description, name, role ID, and a list of tasks.

A task is a unit of access to mParticle features. Some tasks offer full access and others provide view only access. The tasks detailed in the permissions reference below can be mixed and matched to define the custom role experience provided to users.

To create, modify, or delete a custom role, first retrieve a copy of your current manifest by submitting a GET request to /platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/roles.

Modify the returned manifest to reflect the changes you want to make. For example, to delete a custom role, delete the corresponding JSON object for that role from your manifest. Finally, upload the edited manifest to /platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/roles using a PUT request.

Custom roles are visible across an entire mParticle organization, even though the account ID must be included in calls to the Custom Roles API.

When creating a new role, a new role ID is generated and assigned to a role after a successful upload. If you are modifying an existing role, make sure the role_id in the new manifests matches the role_id of the corresponding role in the old manifest. Otherwise a new role_id will create a new role.

The user:core permission is included with every custom role object in your manifest. This permission is necessary for users to be able to log in and view the mParticle dashboard in addition to other basic tasks.

View tasks

Method Path
GET /platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/tasks
Query Parameter Type Description
{orgId:int} Integer The ID of the mParticle organization containing the task list.
{accountId:int} Integer The ID of the mParticle account containing the task list.

Example curl request

curl --location --request GET 'https://api.mparticle.com/platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/tasks' \
--header 'Authorization: Bearer <access token>'

Request body

Empty request body.

Response

A successful request receives an HTTP 200 response code along with a body consisting of the JSON list of tasks that can be assigned to a role in the custom role manifest.

Example response body

Below is an abbreviated example of how the task list is formatted.

[
  {
      "task_id": "cropsdemodatamastermanagement",
      "display_name": "Crops Demo DMM display name",
      "description": "Crops Demo Data Master Management"
  },
  {
      "task_id": "cropsdemobasicuseractions",
      "display_name": "Crops demo basic display name",
      "description": "Crops Demo Basic User Actions"
  }
]

View custom role manifest

Method Path
GET /platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/roles
Query Parameter Type Description
{orgId:int} Integer The ID of the mParticle organization containing the custom role manifest.
{accountId:int} Integer The ID of the mParticle account containing the custom role manifest.

Example curl request

curl --location --request GET 'https://api.mparticle.com/platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/roles' \
--header 'Authorization: Bearer <access token>'

Request body

Empty request body.

Response

{
  "roles": [
      {
          "description": "Marketers can view and create new audiences",
          "name": "Marketer",
          "role_id": "marketer_role",
          "tasks": [
              {
                  "task_id": "user:core"
              },
              {
                  "task_id": "audiences:*"
              },
              {
                  "task_id": "user_activity:view"
              }
          ]
      },
      {
          "description": "Activation Admins can connect audiences to outputs and setup new connections for production",
          "name": "Activation Admin",
          "role_id": "453afgwevc",
          "tasks": [
              {
                  "task_id": "user:core"
              },
              {
                  "task_id": "connections:*"
              },
              {
                  "task_id": "live_stream:view"
              }
          ]
      }
  ],
  "last_modified_on" : "2022-06-28 18:24:49",
  "last_modified_by": "example@example.com"
}

Create a custom role

Method Path
PUT /platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/roles
Query Parameter Type Description
{orgId:int} Integer The ID of the mParticle organization containing the custom role.
{accountId:int} Integer The ID of the mParticle account containing the custom role.

Example curl request

curl --location --request PUT 'https://api.mparticle.com/platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/roles' \
--header 'Authorization: Bearer <access token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "roles": [
        {
            "role_id": "CustomMarketer",
            "name": "Marketer",
            "description": "The Marketer role can view, edit, and create audiences and access the User Activity View",
            "tasks": [
                {
                    "task_id": "rules:*"
                },
                {
                    "task_id": "user_activity:view"
                }
            ]
        }
    ]
}'

Request body

{
  "roles": [
      {
          "name": "Marketer",
          "description": "Marketers can view and create new audiences",
          "tasks": [
              {
                  "task_id": "audiences:*"
              },
              {
                  "task_id": "user_activity:view"
              }
          ],
          "role_id": "myRoleId1"
      },
      {
          "name": "Activation Admin",
          "description": "Activation Admins can connect audiences to outputs and setup new connections for production",
          "tasks": [
              {
                  "task_id": "connections:*"
              },
              {
                  "task_id": "live_stream:view"
              }
          ],
          "role_id": "myRoleId2"
      }
  ]
}

Response

A successful request receives a 200 Success response whose body contains the JSON role manifest.

Modify a custom role

Method Path
PUT /platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/roles
Query Parameter Type Description
{orgId:int} Integer The ID of the mParticle organization containing the custom role.
{accountId:int} Integer The ID of the mParticle account containing the custom role.

Request body

{
  "roles": [
      {
          "name": "Marketing Admin",
          "description": "Marketers can view and create new audiences",
          "tasks": [
              {
                  "task_id": "audiences:*"
              },
              {
                  "task_id": "user_activity:view"
              },
              {
                  "task_id": "calculated_attributes:view"
              }
          ],
          "role_id": "myRoleId1"
      }
  ]
}

Response

A successful request receives a 200 Success response whose body contains the JSON role manifest.

Delete a custom role

To delete a custom role, remove the lines in the role manifest that correspond with that role and upload the new version of the role manifest.

Method Path
PUT /platform/v2/organizations/{orgId:int}/accounts/{accountId:int}/roles
Query Parameter Type Description
{orgId:int} Integer The ID of the mParticle organization containing the custom role.
{accountId:int} Integer The ID of the mParticle account containing the custom role.

Request body

{
  "roles": [
      {
          "name": "Marketing Admin",
          "description": "Marketers can view and create new audiences",
          "tasks": [
              {
                  "task_id": "audiences:*"
              },
              {
                  "task_id": "user_activity:view"
              },
              {
                  "task_id": "calculated_attributes:view"
              }
          ],
          "role_id": "myRoleId1"
      }
  ]
}

Response

A successful request receives a 200 Success response whose body contains the JSON role manifest.

Assign a custom access role to a user

To assign a custom access role that you have already created and uploaded to your manifest:

  1. Log in to mParticle and click the user profile icon in the bottom of the left nav bar.
  2. Click Settings, and select the User Management tab.
  3. Select a user.
  4. Select a custom role.
  5. Click Save.

Standard role templates

If you need to modify one of the pre-defined roles accessible from the mParticle UI in User Roles, refer to the templates provided below. These templates include the JSON needed to reproduce the standard roles within a custom role manifest.

To add to or modify one of the standard roles, copy the JSON for the role from one of the templates below into your manifest. Make any additions or changes to your copy after reviewing Default Permissions.

User role

{
  "roles": [
      {
          "name": "User",
          "description": "Provides common permissions needed for general users",
          "tasks": [
              {
                  "task_id": "audiences:*"
              },
              {
                  "task_id": "calculated_attributes:*"
              },
              {
                  "task_id": "connections:configure_inputs"
              },
              {
                  "task_id": "connections:configure_outputs"
              },
              {
                  "task_id": "connections:connect_integration"
              },
              {
                  "task_id": "data_filter:*"
              },
              {
                  "task_id": "data_plans:*"
              },
              {
                  "task_id": "live_stream:view"
              },
              {
                  "task_id": "rules:*"
              },
              {
                  "task_id": "workspaces:*"
              }
          ],
          "role_id": "user-role"
      }
  ]
}

Admin role

{
  "roles": [
      {
          "name": "Admin",
          "description": "Provides necessary permissions for admin users",
          "tasks": [
              {
                  "task_id": "api_credentials:*"
              },
              {
                  "task_id": "audiences:*"
              },
              {
                  "task_id": "calculated_attributes:*"
              },
              {
                  "task_id": "catalog:*"
              },
              {
                  "task_id": "connections:configure_inputs"
              },
              {
                  "task_id": "connections:configure_outputs"
              },
              {
                  "task_id": "connections:connect_integration"
              },
              {
                  "task_id": "data_filter:*"
              },
              {
                  "task_id": "data_plans:*"
              },
              {
                  "task_id": "identity_settings:*"
              },
              {
                  "task_id": "live_stream:view"
              },
              {
                  "task_id": "rules:*"
              },
              {
                  "task_id": "user_activity:view"
              },
              {
                  "task_id": "user_management:*"
              },
              {
                  "task_id": "workspaces:*"
              }
          ],
          "role_id": "admin-role"
      }
  ]
}

Compliance role

{
  "roles": [
      {
          "name": "Compliance",
          "description": "Provides necessary permissions for compliance users",
          "tasks": [
              {
                  "task_id": "audiences:view"
              },
              {
                  "task_id": "connections:connect_integration"
              },
              {
                  "task_id": "data_filter:view"
              },
              {
                  "task_id": "data_plans:view"
              },
              {
                  "task_id": "identity_settings:*"
              },
              {
                  "task_id": "live_stream:view"
              },
              {
                  "task_id": "privacy:*"
              },
              {
                  "task_id": "rules:view"
              },
              {
                  "task_id": "user_management:view"
              },
              {
                  "task_id": "workspaces:*"
              }
          ],
          "role_id": "compliance-role"
      }
  ]
}

Admin and Compliance role

{
  "roles": [
      {
          "name": "Admin & Compliance",
          "description": "Provides necessary permissions for admin and compliance users",
          "tasks": [
              {
                  "task_id": "api_credentials:*"
              },
              {
                  "task_id": "audiences:*"
              },
              {
                  "task_id": "calculated_attributes:*"
              },
              {
                  "task_id": "catalog:*"
              },
              {
                  "task_id": "connections:configure_inputs"
              },
              {
                  "task_id": "connections:configure_outputs"
              },
              {
                  "task_id": "connections:connect_integration"
              },
              {
                  "task_id": "data_filter:*"
              },
              {
                  "task_id": "data_plans:*"
              },
              {
                  "task_id": "identity_settings:*"
              },
              {
                  "task_id": "live_stream:view"
              },
              {
                  "task_id": "privacy:*"
              },
              {
                  "task_id": "rules:*"
              },
              {
                  "task_id": "tieredevents:*"
              },
              {
                  "task_id": "user_activity:view"
              },
              {
                  "task_id": "user_management:*"
              },
              {
                  "task_id": "workspaces:*"
              }
          ],
          "role_id": "admin-compliance-role"
      }
  ]
}

Audiences-only role

{
  "roles": [
      {
          "name": "Audiences Only",
          "description": "Provides Audiences-only access",
          "tasks": [
              {
                  "task_id": "audiences:*"
              }
          ],
          "role_id": "audiences-only-role"
      }
  ]
}

Read-only role

{
  "roles": [
      {
          "name": "Read Only",
          "description": "Provides read only access to mParticle features",
          "tasks": [
              {
                  "task_id": "audiences:view"
              },
              {
                  "task_id": "calculated_attributes:view"
              },
              {
                  "task_id": "data_filter:view"
              },
              {
                  "task_id": "data_plans:view"
              },
              {
                  "task_id": "identity_settings:*"
              },
              {
                  "task_id": "live_stream:view"
              },
              {
                  "task_id": "rules:view"
              },
              {
                  "task_id": "workspaces:*"
              }
          ],
          "role_id": "read-only-role"
      }
  ]
}

Support role

{
  "roles": [
      {
          "name": "Support",
          "description": "Provides necessary access for technical support",
          "tasks": [
              {
                  "task_id": "api_credentials:*"
              },
              {
                  "task_id": "audiences:*"
              },
              {
                  "task_id": "calculated_attributes:*"
              },
              {
                  "task_id": "catalog:*"
              },
              {
                  "task_id": "connections:configure_inputs"
              },
              {
                  "task_id": "connections:configure_outputs"
              },
              {
                  "task_id": "connections:connect_integration"
              },
              {
                  "task_id": "data_filter:*"
              },
              {
                  "task_id": "data_plans:*"
              },
              {
                  "task_id": "identity_settings:*"
              },
              {
                  "task_id": "live_stream:view"
              },
              {
                  "task_id": "privacy:settings"
              },
              {
                  "task_id": "rules:*"
              },
              {
                  "task_id": "user_activity:view"
              },
              {
                  "task_id": "workspaces:*"
              }
          ],
          "role_id": "support-role"
      }
  ]
}

Permissions reference by mParticle feature

Below is a list of the mParticle features with all available permissions and corresponding task IDs for each feature. Use this reference when creating or modifying a custom role.

Default Permissions

The following permissions are included with every custom role by default.

  • Log in and view dashboard

    The user:core permission is required for users to log in to mParticle and to view the main dashboard. It is required for all custom roles and is automatically included with each custom role definition you create.

  • View only

    View only includes Log in and view dashboard, and the following permissions:

User Activity View (UAV)

The User Activity View provides detailed data for individual users.

Permission Task ID Description
View only user_activity:view Search for any user and view their associated user details, workspace usage, device info, attributes, and audience membership

Group Identities

Group Identities enable you to enrich profiles and activate audiences based on group-level attributes such as a household address, account subscription status, or imported probabilistic identifier.

Permission Task ID Description
View only user_groups:view View the Group Identities page in the mParticle UI
Full access user_groups:* Edit and delete group identities

Data Master Catalog

The Data Master Catalog provides a view of every event, attribute, and identity collected in your mParticle workspace.

Permission Task ID Description
Full access catalog:* View the Data Master Catalog and annotate data points

Data Plans

Data Plans are codified expectations of how data collected should be formatted in order to be ingested into mParticle.

Permission Task ID Description
View only data_plans:view View existing data plans
Full access data_plans:* View, create, edit, activate, and delete data plans

Live Stream

Live Stream gives a real-time view of all data flowing into and out of mParticle.

Permission Task ID Description
View only live_stream:view View Live Stream and examine individual events

Calculated Attributes

Calculated Attributes are read-only values about particular attributes of a single user. These attributes are updated over time.

Permission Task ID Description
View only calculated_attributes:view View calculated attributes
Draft only calculated_attributes:draft View, create, and delete calculated attributes in Draft mode
Full access calculated_attributes:* View, create, and delete calculated attributes

Rules

Rules can be used to modify or remove events, event data, and batches of events before being ingested into mParticle.

Permission Task ID Description
View only rules:view View all rules
Full access rules:* View, create, edit, and delete rules

Audiences

Audiences are lists of users created according to a set of criteria with the goal of improving your engagement with those users.

Permission Task ID Description
View only audiences:view View all audiences, the audience estimator, and journeys
Edit audiences:edit View, create, modify, activate, and delete audiences and journeys
Full access audiences:* View, create, modify, activate and delete audiences and journeys; and download audiences

Connections

Connections are combinations of a data source (or input) and an integration (or output) where data is forwarded.

Permission Task ID Description
View only connections:view View connections
Connect integration connections:connect_integration Create a connection between an input and an output with view to setup details and credentials available
Connect audience connections:connect_audiences Create a connection between an audience and an output without view to setup details and credentials hidden
Configure input connections:configure_inputs Configure an input
Configure output connections:configure_outputs Configure an output
Full access connections:* Create, delete, and activate/deactivate connections between inputs and outputs

Filters

Filters control exactly which data is forwarded to your outputs.

Permission Task ID Description
View only data_filter:view View current data filters
Full access data_filter:* View and create filters

Data Subject Requests & Privacy

Data Privacy Controls help you to manage your opt-out and consent obligations under the GDPR and CCPA.

Permission Task ID Description
View only privacy:settings View enabled privacy settings
Full access privacy:* View and modify privacy settings

Workspaces

Workspaces are the basic containers for the domains or properties that act as data sources.

Permission Task ID Description
Full access workspaces:* View, create, and delete workspaces

mParticle User Management

Users are people with individual credentials that have access to your mParticle account. Users can be assigned pre-defined roles or custom roles to control which mParticle features they have access to and the extent of their permissions for those features.

Permission Task ID Description
View only user_management:view View users with access to your account
Full access user_management:* View, create, delete, and assign roles to users in your account

Identity Strategy Settings

IDSync is the mParticle identity resolution service. The IDSync Settings provide an overview of the identity strategy and identifier hierarchy used when resolving identification requests in your account.

Permission Task ID Description
Full access identity_settings:* View and modify your identity settings

API Credentials

The API Credentials interface allows you to view, create, edit, delete, activate, and deactivate API credentials. These credentials can be used to access and interact with the various mParticle APIs.

Permission Task ID Description
Full access api_credentials:* View, create, delete, and assign your API credentials

Limitations

Resource Limits Details
Custom Roles 100 roles per organization You can’t create more than 100 custom roles per organization. If your business requires more than 100 custom roles, contact your mParticle account representative.
Requests per min 100 requests per minute If you exceed 100 requests per minute to the Custom Roles API, you will receive a 429 Too Many Requests response.
RoleId 64 characters A custom role ID can’t exceed 64 characters. This field is required for all roles and is provided by the user.
Name 64 characters A custom role name can’t exceed 64 characters. This field, which sets the display name for the role, is required for all roles.
Description 256 characters A custom role description can’t exceed 256 characters.

Error handling

The following errors sometimes occur when uploading or modifying a custom role manifest.

Response code Error message Description
400 Custom role is assigned to a user and may not be deleted You can’t delete custom roles that are currently assigned to a user. First, unassign the role using the mParticle UI before attempting to delete it.
400 Name, description, or ID field is empty, exceeds max length, or has restricted characters The name, description, and ID of a custom role are required and have length limits. The error message you receive includes details specific to your request.
400 Tasks not found The tasks listed in your manifest don’t exist or don’t match the expected task IDs. Verify your task IDs are correct.
400 Invalid JSON syntax in custom role manifest Your custom role is formatted incorrectly. Use a JSON linter to make sure your manifest includes all necessary characters.
409 Conflict The custom access role you’re attempting to create already exists. You must either delete the conflicting role, or use a different value for the role name.
429 Rate limit exceeded You have either exceeded the speed or acceleration limit for the Custom Roles API. Learn more about API throttling in Default Service Limits.

Was this page helpful?

    Last Updated: December 20, 2024