Access roles
Default access roles
In order to help you get up and running with multiple users, there are multiple default (managed) access roles that can be used without having to create a custom access role.
The table gives a description of what each role does and how it can be used.
AI Employees Viewer
This role grants read-only access to view AI employees in your workspaces.
AI Employees Admin
This roles grants full access to create, edit and delete AI Employees in your workspaces.
Knowledge Base Viewer
This role grants read-only access to view Knowledge Base resources.
Knowledge Base Admin
This role grants full access to create, edit and delete Knowledge Base resources.
Application Developer
This role allows a user to manage all applications in the Developer section. It also gives you the same level of access as the Campaigns Admin, Templates Admin, Flows Admin, and Audience Admin roles.
Audience Admin
This role allows a user to access and manage audiences. This includes editing existing segments, contacts, and suppressions, creating new ones, and importing and exporting contacts.
Analytics Admin
This role allows a user to access and manage analytics and insights. This includes performance reports, subscriber growth, and insights per channel.
Campaigns Admin
This role allows a user to access and manage all things related to your marketing campaigns, including existing marketing content.
Flows Admin
This role allows a user to access, create, and manage flows in your organization. Because Flows uses many other Bird products to function, we recommend that you combine this role with other useful roles, such as Templates Viewer.
Templates Admin
This role allows a user to access and manage all Marketing content. This includes editing and create templates and translation files.
Templates Viewer
This role allows a user read-only access to Marketing content. It is often useful in combination with other roles, like Flows Admin.
Inbox Agent
This role can be used for users that are agents within Inbox AI. This role grants access to the Inbox product alongside the content within the channels configured in Inbox across all workspaces.
It does not allow access to configure organization or workspace settings including channel management, billing, security, etc.
CX Manager
This role grants the same access as the Inbox Agent role however also gives access to Reporting in Inbox.
Organization Owner
This is the most privileged role in the organization. It can view all content and settings across the organization and alter any settings. It can add and remove users, update security and billing settings and manage all aspects of channels, workspaces, etc.
This role should be allocated to the initial user setting up the organization alongside a limited number of trusted individuals who may need to alter any settings or configurations across the organization.
Organization Admin
This role grants full access to all Organization resources. This includes adding users and managing permissions and billing related settings. It does not however grant any access to any workspaces and would need to be combined with an additional role to provide workspace access. Note that although this role does not grant any access to workspaces, it does have the ability to modify permissions and grant any user any permissions in the organization.
Organization Viewer
This role grants read-only access to all Organization resources. This gives the user the ability to view organization settings such as users, security settings and billing. It does not provide any access to workspaces or the ability to modify permissions.
Workspace Owner
This role can be used to give a user access to all workspaces and allow them to manage all aspects of a workspace including managing campaigns, channels, contacts, etc. It also gives access to all content within the organization.
It does not allow access to organizational level features such as user management, billing, and overall workspace management (e.g. adding and removing workspaces).
Payments Manager
This role grants full access payments related endpoints and allows you to manage all features of payments within your workspaces.
SCIM Client
For customers that want to automatically provision their users from a central identity provider, this role is necessary to enable the SCIM protocol to communicate with your organization. Further instructions are available under the SSO section of the docs.
Support Access
Provides access to raise, view and manage Support Cases. This role is best used in conjunction with another role as it does not provide any other access to the platform.
Tasks Reader
This role grants read-only access to view tasks.
Tasks Manager
This role gives the ability to manage all tasks in your workspaces.
Visitor
This is an internal role which is not designed for direct customer use.
Chat Widget
This is an internal role which is not designed for direct customer use.
Custom access roles
Assign access policies to create access roles, then assign roles to users.
Access roles are a way to assign specific access permissions to users within the MessageBird environment. An access role is a collection of access policies that are grouped together to define a specific set of permissions.
For example, you might create an access role called "Marketing Manager" that includes access policies allowing access to Campaigns.
Access roles allow you to control who has access to what data and functions within your organization's MessageBird environment. They are particularly useful when you have a large number of users who require varying levels of access to different areas of the software.
Assign access roles to users when you invite them, or edit a users' profile to add or change their access role.
Create an access role
Go to your Organization Settings and click Access roles.
Click the Create new role button.
Under "General", enter a role name and a role description.
Under "Policy", select the policy type (either 'Managed' for MessageBird-created policies, or 'Organization' for custom policies) from the "Type" drop-down.
From the "Policy" drop-down, select the access policy you want to apply to this role.
If required, click Apply another policy and repeat steps 4-5 to add additional access policies to this role.
Click Create new role to create your access role.
Assign an access role to a user
Go to your Organization Settings and click Users.
Locate the user that you want to assign access roles to and hover over their entry.
Click on the three dots that appear on the right-hand side of the screen.
Select Edit user from the dropdown menu.
In the "Access roles" section, click the dropdown menu and select the access role you want to assign to the user. You can assign multiple roles if needed.
Click Update roles to save the changes.
That's it! The user will now have the assigned access roles and be able to access the corresponding areas of the MessageBird environment based on the permissions granted by those roles.
Change a user's access role
Go to your Organization Settings and click Users.
Locate the user whose access role you want to change, hover over their entry, then click the three dots on the right-hand side of the screen.
Click Edit user.
Under the "Access roles" section, you will see the user's current access roles.
Select a new role from the drop-down.
Click Update roles to save the changes.
Remove a user's access role
Every user must have at least one access role assigned to them.
Go to your Organization Settings and click Users.
Locate the user whose access role you want to remove, hover over their entry, then click the three dots on the right-hand side of the screen.
Click Edit user.
Under the "Access roles" section, you will see the user's current access roles. If they have more than one role, you can delete the additional roles by hovering over it and clicking the delete icon.
Click Update roles to save the changes.
Last updated