The permission system is role-based, but it also supports fine-grained control when the defaults are not enough. This gives agencies a clean way to let clients, internal staff, and contractors work inside the same account without everyone seeing everything.
If you are already familiar with organizations and locations, this guide is the access-control layer that sits on top of that structure.
The five roles
| Role | Who it fits | Access level |
|---|---|---|
| Viewer | Stakeholders and owners | Review and analytics visibility only |
| Responder | Customer service staff | Viewer access plus review replies and AI suggestions |
| Manager | Marketing and operations | Can manage campaigns, widgets, and forms |
| Admin | Senior operators | Can manage team members and locations with near-full control |
| Owner | Business owner or ultimate administrator | Full access |
Permission categories
Advanced permissions cover 51 permissions across categories such as Reviews, Widgets, Social, Collect, Campaigns, Contacts, Integrations, Automations, Locations, Team, Notifications, Reports, and API.
Most teams should start with roles and only use permission overrides when there is a clear operational reason.
Use location scoping to keep access clean
- All Locations is best for central marketing or leadership users
- Specific Locations is best for branch managers, regional reps, or customer-side staff
A sensible default
Give most internal agency operators the Manager role. Reserve Admin and Owner for people who genuinely need team, billing, or destructive settings access. That one decision prevents a surprising amount of operational mess later.