Manage permissions and custom roles

  • Updated
If your organization migrated to Opti ID, you must manage users in Opti ID. See the Opti ID user documentation.

Administrators can assign a predefined role or create and assign custom roles. After inviting users to the platform, assign them a user role to set their permissions.

Change user permissions

Admins of an instance can manage other users' permissions from Users & Teams.

Manage standard roles

Click on your avatar and go to Users & Teams> Roles.

custom-roles-2.png

Standard roles are predefined in the Content Marketing Platform (CMP) and reflect the team members involved in the marketing campaign and content execution process. Standard roles come with permissions that you cannot change.

  • Admin – Admins can access everything and view and modify all tasks. They can also manage users, teams, workflows, and other organizational settings.
    If you are on Opti ID, this Admin role does not enable you to manage users. To manage users, you must also have the Opti ID Admin Center Super Admin, Product Admin, or Instance Admin role.
  • Creators – Creators can access the entire platform except administrative settings. They can create and contribute to campaigns and tasks.
  • Collaborators – Collaborators can access assigned individual or shared work with a campaign or task. They cannot create campaigns or tasks.
  • Guest – Guests can only submit requests and view the requests module. Within the requests module, they can manage their submitted requests and view where requests are in the queue.
  • Library View-Only – Users with library view only can access the library module (view, search, and download assets).
For admins, ensure that the Object (Campaigns and Tasks) Override checkbox is selected because it lets admins edit assets they do not own. 

Manage custom roles

Custom roles let admins meet specific requirements or support edge cases.

To create a custom role:

  1. Click on your avatar and go to Users & Teams> Roles
  2. Click Create Role.
  3. Enter the name of the role.
  4. Select Admin, Creator, or Guest from the Based On drop-down list for the permissions you want the custom role to have.
    custom-roles-a.png
  5. Click Create. The role displays in the first column of the table with the initial configuration of permissions equivalent to the role you selected from the Based On drop-down list. You can adjust these permissions by selecting or unselecting the checkboxes for the different features.
    custom-roles-5.png

  6. Click Save.

You can edit or delete existing custom roles. Open the options menu (...) and select one of the following:

  • Edit Name & Description – Enter the name and optional description for the role.

    custom-roles-6.png

  • Edit Permissions – Select the checkbox for a particular feature to let a user in that role collaborate on existing work within that feature. For example, if you unselect the Campaigns checkbox for a custom role, users assigned to that role can no longer see Campaigns in their navigation bar but can still collaborate on campaigns to which they have access. You can select the following main features:
    • Dashboard
    • Idea Lab
    • Marketplace
    • Plan
    • Pitch Manager
    • Library
    • Analytics
    • Work
    • Settings
    • Resources
  • Delete Role – Permanently remove a role from the table.

    A role must not be in use when you delete it. Transfer users from that role to another role before deleting the role.

Share a campaign and tasks

You can share campaigns and tasks with other users. To share a campaign or task with another user:

  1. Click Share in a campaign or task.
  2. Enter the name of the person or team you want to share the campaign with. You can provide them with Can Edit, Can View, or Can Comment access.

    custom-roles-share-campaign-2.png

  3. Click Share to add them to the campaign or task. 

Share and watch tasks

Individual users or teams can share tasks. Click Manage Watchers to add watchers to your task so stakeholders can stay informed about a task's progress.

You can share individual tasks with users without giving them campaign access to let task owners manage task access and ensure that each user has access only to the activities related to their work, keeping the rest of the campaign, sub-campaigns, or other tasks private.

Create default campaign sharing

With default campaign sharing, admins can define which teams or individuals automatically get access to created campaigns and their level of access (edit, view, or comment).

To set your Default Campaign Sharing setting:

  1. Select your avatar > Organization > Default Campaign Sharing and click Add (+).
  2. Enter the name of the team or user you want to add to your setting.
  3. Select Can Comment, Can Edit, or Can View access for them. 

    custom-roles-share-campaign-3.png

  4. Click Add to save your selection. When you create a campaign, the teams and users you add here automatically get the appropriate level of access.

Inherit campaign and task actions

Users with comment or view access to a campaign inherit the same access to associated sub-campaigns and tasks in that campaign.

Share confirmations

Users can share a campaign, task, or event by mentioning a user in a comment. If you mention someone who does not have access to the campaign, task, or asset, you can share view, comment, or edit access after you post the comment by clicking Comment or Reply. By default, a user without any access gets comment access after you post the comment. 

Request access

If you try to access a campaign but do not have permission, click Request Access, which lets marketers manage user permissions without going to Users & Teams.

custom-roles-share-tasks-2.png

Create a sub-campaign with inheritance turned on

If the campaign creator chooses to inherit permissions from a parent campaign, users with edit, comment, or view access to the parent campaign automatically get the same access level to the newly created sub-campaign. You cannot downgrade or remove the sub-campaign if it is inherited from the parent campaign.

To create a sub-campaign with inheritance turned on (the default), ensure Inherit permissions from parent campaign is selected.

 

custom-roles-share-tasks-3.png

Create a sub-campaign with inheritance turned off

If you create a sub-campaign and do not select the Inherit permission checkbox, the sub-campaign is created and shared with the default teams or users selected in the Default Campaign Sharing settings.

Task inheritance

Users with edit, comment, or view access to a campaign have the same access to tasks within that campaign.

Workflow actions

You can grant a user access to a task by assigning a step in a workflow. Assigning a user gives them access to that task, regardless of their role in a workflow, even if they do not already have access from the campaign.

For example, as a creator, if you want to give someone on your legal team the ability to approve, assign this person a collaborator role in the platform and then assign them to the Approve step within a specific task.

Discern rigid and flexible workflow permissions

When you grant users access to a task, you can give them one of the following permission levels:

  • View-Only – Users can download content or attachments; they cannot edit, comment, or upload attachments.
  • Comment – Users have the same level of access as those with view-only access and can comment and upload attachments on the task.
  • Edit – 
    • Rigid workflow –  Users can edit the Brief, Title, Campaign, Metadata, Step, and Task Due Date, and so on, and share the task with others.
    • Flexible workflow – Users with edit access can perform all actions, including changing step assignees, editing, approving, publishing content, and more.

The following table shows actions a user with View, Comment, or Edit access can take in a rigid or a flexible workflow:

  Rigid Workflow Flexible Workflow
Actions

Comment or View

 Edit
(Admin)		 Edit
(Task Creator or  Assignee)

Comment or View
(All)

 Edit
(All)
Change Task Title or Campaign No Yes Yes, but if you do not want step-assignees to do this, grant them Comment access to the task. No Yes
Archive or Delete Task No Yes Yes, but if you do not want step-assignees to do this, grant them Comment access to the task. No Yes
Change Step Assignee No Yes Yes, but only for unassigned steps No Yes
Change Step Due Date No Yes Yes No Yes
Undo Step Yes, but only if the last completed step is assigned to that user Yes Yes, but only if the last completed step is assigned to that user No Yes
Send Back Step Yes Yes Yes No Yes
Skip Step N/A N/A N/A No Yes
Add or Remove Steps or Step Description N/A N/A N/A No Yes
Complete Step Yes, but only if assigned a step and it is the current step Yes Yes, but only if assigned a step and it is the current step No Yes
Mark Actions Complete Yes, but only if assigned a step and it is the current step Yes Yes, but only if assigned a step and it is the current step No Yes
Complete "Publish" and "Approve" Steps Yes, only if the step is assigned to you, it is the current step, and has the Publish or Approve action. Yes Yes, only if the step is assigned to you, it is the current step, and has the Publish or Approve action.    
Comment Yes Yes Yes Yes or No Yes
Upload or Remove Attachments No Yes   No Yes
Fields No Yes Yes No Yes

*See the Optimizely Content Marketing Platform (CMP) Glossary for workflow actions.