Skip to main content

How roles work

  1. Create a role with a name and description
  2. Configure permissions (which features are available)
  3. Set data access scope (how much data is visible)
  4. Assign the role to employees in the Team section

System roles

System roles cannot be edited or deleted:
RoleDescription
OwnerFull access to all features and data. Cannot be assigned to employees
AdminFull access to all features and data

Owner vs Admin

Both roles have full access, but there are important differences:
AspectOwnerAdmin
CreatedAutomatically when agency is registeredAssigned to employees
Can be assignedNoYes
Can be deactivatedNo (protected)Yes
Can manage AdminsYesNo
Per agency1Unlimited
Owner is the agency creator and cannot be changed or removed.

Default roles

These roles are pre-created for common use cases. They cannot be edited or deleted:
RoleData access scopeDescription
CreatorOwn Data OnlyFor content creators — access to own accounts, chats, and basic automation
ChatterOwn Data OnlyFor chatters — access to own chats and messaging features
Team LeaderGroup & SubgroupsFor supervisors — can manage team members and view their data

When to use default roles

  • Creator — assign to models who manage their own content
  • Chatter — assign to employees who only chat with fans
  • Team Leader — assign to supervisors who need to oversee their team

Custom roles

You can create custom roles with specific permissions for your team needs. Custom roles can be edited, deactivated, or deleted.

Multiple roles

Employees can have multiple roles assigned. When this happens:

Permission combining

All permissions from all roles are combined (union). The employee gets access to everything that any of their roles allows. Example: Employee has Role A (view accounts) and Role B (edit scripts):
  • Can view accounts (from Role A)
  • Can edit scripts (from Role B)

Data access scope merging

When the same permission exists in multiple roles with different scopes, the broadest scope wins:
Scope priorityLevel
Own Data OnlyLowest
Group & SubgroupsMedium
All DataHighest
Example: Employee has:
  • Role A: View accounts with “Own Data Only”
  • Role B: View accounts with “Group & Subgroups”
  • Result: Can view accounts with “Group & Subgroups” scope

Groups & hierarchy

Employees are organized into groups. Groups form a hierarchy: 
Agency (root)
├── Team Alpha
│   ├── Subteam A1
│   └── Subteam A2
└── Team Beta
    └── Subteam B1

How groups work

  • Each employee belongs to one group
  • Groups can have subgroups (up to 6 levels deep)
  • Group hierarchy affects what data employees can see

Group restrictions

ActionAllowed?
Delete group with employeesNo — move employees first
Delete root groupNo
Move group to different agencyNo
Create circular hierarchyNo (system prevents)

Data visibility by group

When a permission has “Group & Subgroups” access level:
  • Employee sees data from their own group
  • Employee sees data from all subgroups below their group
  • Employee does NOT see data from parent groups or sibling groups
Example: An employee in “Team Alpha” with “Group & Subgroups” access:
  • Sees Team Alpha data
  • Sees Subteam A1 and A2 data
  • Does not see Agency (root) data
  • Does not see Team Beta data

Who can edit whom

Employees can only edit other employees who are:
  1. In the same group as them, OR
  2. In a subgroup below their group
Example: A Team Leader in “Team Alpha”:
  • Can edit employees in Team Alpha
  • Can edit employees in Subteam A1 and A2
  • Cannot edit employees in Agency (root)
  • Cannot edit employees in Team Beta

Roles table

ColumnDescription
Role NameName of the role
DescriptionBrief description of the role’s purpose
EmployeesWho has this role
StatusActive or Inactive
ActionsConfigure, Delete

Role status

StatusDescription
ActiveRole can be assigned to employees
InactiveCannot be assigned to new employees (existing employees keep their permissions)
Use the toggle in the Status column to change role activity.

Important warnings

Be careful when managing roles:
  • Deleting or deactivating an employee’s only role leaves them without any access
  • Employees can have zero roles — they won’t be able to use the system
  • There is no “last admin” protection — you can remove Admin role from everyone
  • You can remove your own role — be careful not to lock yourself out

Access denied behavior

When an employee doesn’t have permission for a feature:
  • Menu items are hidden (not shown at all)
  • Pages redirect silently to Dashboard
  • Buttons and actions are hidden
The employee won’t see error messages — features simply don’t appear in the interface.

Scope exceptions

Some features are visible to all employees in the agency regardless of their data access scope:
  • Custom Proxies — all employees see all proxies
  • Roles list — all employees with role management permission see all roles

Next steps