Manage permissions and custom roles

  • Updated

Administrators can assign a predefined role or create and assign custom roles. After you invite a user to the platform, set their permissions by assigning them a user role.

Change user permissions

Admins of an instance can manage other users' permissions from Users & Teams.

Manage standard roles

Click on your avatar and go to Users & Teams> Roles.

custom-roles-2.png

Standard roles are predefined in the Content Marketing Platform (CMP) and reflect the team members involved in the marketing campaign and content execution process. Standard roles come with permissions that you cannot change.

  • Admin – Admins can access everything and view and modify all tasks. They can also manage users, teams, workflows, and other organizational settings.
  • Creators – Creators can access the entire platform, except administrative settings. They can create and contribute to campaigns and tasks.
  • Collaborators – Collaborators can access work assigned to them, and the work that has a shared campaign or task that they are assigned to. They cannot create campaigns or tasks.
  • Guest – Guests can only submit requests and view the requests module. Within the requests module, they can manage their submitted requests and view where requests are in the queue.
  • Library View-Only – Users with library view only can access the library module (view, search, and download assets).
For admins, ensure that the Object (Campaigns and Tasks) Override check box is selected. This lets admins edit assets that they do not own. 

Manage custom roles

Custom roles let admins meet specific requirements or support edge cases.

To create a custom role:

  1. Click on your avatar and go to Users & Teams> Roles
  2. Click Create Role.
  3. Enter the name of the new role.
  4. From the Based On drop-down list, select Admin, Creator, or Guest for the permissions that you want the new custom role to have.
    custom-roles-a.png
  5. Click Create. The new role displays in the first column of the table with the initial configuration of permissions equivalent to the role you selected from the Based On drop-down list. You can adjust these permissions by selecting or unselecting the check boxes for the different features.
    custom-roles-5.png
  6. Click Save.

You can edit or delete existing custom roles. Click ... and select one of the following:

  • Edit Name & Description – Enter the name and optional description for the role.

    custom-roles-6.png

  • Edit Permissions – Select the check box for a particular feature to let a user in that role collaborate on existing work within that feature. For example, if you unselect the Campaigns check box for a custom role, users assigned to that role can no longer see Campaigns in their navigation bar but they can still collaborate on campaigns that they have access to. You can select the following main features:
    • Dashboard
    • Idea Lab
    • Marketplace
    • Plan
    • Pitch Manager
    • Library
    • Analytics
    • Work
    • Settings
    • Resources
  • Delete Role – Permanently remove a role from the table.

    A role must not be in use when you delete it. Transfer users from that role to another role before deleting the role.

Share a campaign and tasks

You can share campaigns and tasks with other users. To share a campaign or task with another user:

  1. Click Share in a campaign or task.
  2. Enter the name of the person or team you want to share the campaign with. You can provide them with Can Edit, Can View, or Can Comment access.

    custom-roles-share-campaign-2.png

  3. Click Share to add them to the campaign or task. 

Share and watch tasks

Individual users or teams can share tasks. Click Manage Watchers to add watchers to your task so that stakeholders can stay informed about a task's progress.

You can share individual tasks with users without giving them access to the campaigns. This lets task owners manage task access and ensures that each user has access only to the activities related to their work and keeps the rest of the campaign, sub-campaigns, or other tasks private.

Create default campaign sharing

With default campaign sharing, admins can define which teams or individuals automatically get access to created campaigns, and their level of access (edit, view, or comment).

To set your Default Campaign Sharing setting:

  1. Click on your avatar and go to Organization > Default Campaign Sharing and click +.
  2. Enter the name of the team or user you want to add to your setting. Select Can Comment, Can Edit, or Can View access for them. 

    custom-roles-share-campaign-3.png

  3. Click Add to save your selection. When you create a campaign, the teams and users you add here automatically get the appropriate level of access.

Inherit campaign and task actions

Users with comment or view access to a campaign inherit the same access to associated sub-campaigns and tasks in that campaign.

Share confirmations

Users can share a campaign, task, or event by mentioning a user in a comment. If you mention someone who does not have access to the campaign, task, or asset, you can share view, comment, or edit access after you post the comment by clicking Comment or Reply. By default, a user without any access gets comment access after you post the comment. 

Request access

If you try to access a campaign but do not have permission, click Request Access.

custom-roles-share-tasks-2.png

This lets marketers manage user permissions without going to Users & Teams.

Create a sub-campaign with inheritance turned on

If the campaign creator chooses to inherit permissions from a parent campaign, users who have edit, comment, or view access to the parent campaign automatically get the same access level to the newly created sub-campaign. You cannot downgrade or remove the sub-campaign if it is  inherited from the parent campaign.

To create a sub-campaign with inheritance turned on (the default), ensure Inherit permissions from parent campaign is selected.

 

custom-roles-share-tasks-3.png

Create a sub-campaign with inheritance turned off

If you create a sub-campaign and do not select the Inherit permission check box, the sub-campaign is created and shared with the default teams or users selected in the Default Campaign Sharing settings.

Task inheritance

Users with edit, comment, or view access to a campaign have the same access to tasks within that campaign.

Workflow actions

You can grant a user access to a task by assigning a step in a workflow. Assigning a user gives them access to that task, regardless of their role in a workflow, even if they do not already have access from the campaign.

For example, as a creator, if you want to give someone on your legal team approver ability, assign a collaborator role to this person in the platform, and then assign them to the Approve step within a specific task.

Discern rigid versus flexible workflow permissions

When you grant users access to a task, you can give them one of the following permission levels:

  • View-Only – Users can download content or attachments; they cannot edit, comment, or upload attachments.
  • Comment – Users have the same level of access as those with view-only access plus they can comment and upload attachments on the task.
  • Edit
    • Rigid workflow –  users can edit the Brief, Title, Campaign, Metadata, or Step and Task Due Date, and so on, and share the task with others.
    • Flexible workflow – users with edit access can perform all actions, including changing step assignees, editing, approving, and publishing content, and more.

The following table shows actions a user with View, Comment, or Edit access can take in a rigid versus a flexible workflow:

  Rigid Workflow Flexible Workflow
Actions:

Comment/View

Edit
(Admin)
Edit
(Task Creator/ Assignee)
Considerations

Comment/View
(All)

Edit
(All)
Change Task Title or Campaign No Yes Yes* *If you do not want step-assignees to do this, grant them Comment access to the task No Yes
Archive or Delete Task No Yes Yes* *If you do not want step-assignees to do this, grant them Comment access to the task No Yes
Change Step Assignee No Yes Yes* *Only for unassigned steps No Yes
Change Step Due Date No Yes Yes   No Yes
Undo Step Yes* Yes Yes* *Only if the last completed step is assigned to that user No Yes
Send Back Step Yes Yes Yes   No Yes
Skip Step N/A N/A N/A   No Yes
Add or Remove Steps or Step Description N/A N/A N/A   No Yes
Complete Step Yes* Yes Yes* *Only if assigned a step and it is the current step No Yes
Mark Actions Complete Yes* Yes Yes* *Only if assigned a step and it is the current step No Yes
Complete "Publish" & "Approve" Steps Yes* Yes Yes* *Only if assigned a step, it is the current step, and it has the Publish or Approve action.    
Comment Yes Yes Yes   Yes/No Yes
Upload/Remove Attachments No Yes     No Yes
Fields No Yes Yes   No Yes

*For a list of workflow actions, see the Optimizely Content Marketing Platform (CMP) Glossary.