LogoLogo
Get a demoLog inAcademyDevelopersMore docs
  • Bird CRM docs
    • Explore all products
    • Use cases
      • Bird for travel
        • Abandoned search recovery
        • Flight confirmation
        • Holiday search campaigns
        • Price change alerts
    • About Bird CRM
  • Inbox
    • Inbox
      • Concepts
        • Reports
      • Admin guide
        • Agents
          • Invite an agent to Inbox
          • Remove an agent from Inbox
          • FAQs
        • Tags
        • Routing
        • Teams
        • Feeds
        • Sender profiles
        • Reporting
      • Agent guide
        • 📚1. The basics
        • ⏰2. Your availability status
        • ✉️3. Send and receive messages
        • 💬4. Manage conversations
        • 👥5. View conversation participants
        • 👤6. View a contact's profile
  • Campaigns
    • Campaigns
      • Quickstarts
        • Send a campaign
      • Concepts
        • A/B tests
          • FAQs
        • Branded links
        • Calendar view
        • Campaign tags
        • Frequency limits
        • Scheduling
      • How-to
        • Schedule a campaign
        • Run an A/B test
        • Replicate a campaign
    • WhatsApp campaigns
      • How-to
        • Send a WhatsApp campaign
    • Email campaigns
      • How-to
        • Send an email campaign
    • SMS campaigns
      • Concepts
        • Best practices for MMS campaigns
      • How-to
        • Send an SMS campaign
    • Push notifications
      • How-to
        • Send a push notification campaign
    • New Campaign Builder
  • Automation
    • Journeys
      • Quickstarts
        • Create an abandoned cart recovery journey
      • Concepts
        • Journey templates
        • Journey runs
        • Journey insights
        • Journey reports
      • How-to
        • Use a send message step in a journey
        • Use a wait step in a journey
        • Use a conditional step in a journey
        • Use an update contact step in a journey
        • Use an end journey step in a journey
    • Flows
      • Quickstarts
        • Use template flows
        • Build an inbound flow
      • Concepts
        • Capabilities and limitations
        • Triggers
          • Agent triggers
          • Connector triggers
            • HubSpot triggers
          • Contact triggers
          • Conversation triggers
          • Feed item triggers
          • Message lifecycle triggers
          • Voice triggers
          • Webhook triggers
          • HTTP endpoint trigger
          • WhatsApp flow endpoint trigger
        • Actions
          • Bird API actions
            • Bots actions | API
            • Channel actions | API
            • Collaboration actions | API
            • Conversation actions | API
            • Engagements actions | API
            • Number management actions | API
          • Core actions
            • How to set up global variables in Flows
            • How to use the Filter Array Step
            • How to use the "Await Webhook" Step in Flows
          • Contact actions
          • Channel actions
          • Conversation actions
          • Connector actions
            • HubSpot actions
            • Open AI actions
          • Voice actions
      • How-to
        • Route conversations based on language
        • Route conversations based on sentiment
        • Set up a business hours auto-responder
        • Create a simple auto-responder
        • Set up conversational marketing
        • Create an FAQ bot
        • How to Match Regex in Flows
    • Approval Flow
  • Audience & Contacts
    • Sign-up forms
      • Quickstarts
        • Create a sign-up form
        • Create quizzes
      • Concepts
        • Sign-up process
        • Display
        • Colors
        • Targeting
        • Languages
        • Sign-up form analytics
    • Lists and segments
      • Quickstarts
        • Create a segment
      • Concepts
        • Segments
        • Lists
      • How-to
        • Create a segment based on contact activity
        • View contacts in a segment
        • Edit the setup of a segment
        • Delete a segment
        • Create a list
    • Contacts
      • Concepts
        • Contacts
        • Contacts directory
        • Contact profiles
        • Consent and subscriptions
          • Suppressions
          • Managing unsubscribes
          • Opt-ins, consent, and subscription statuses
            • Contacts with a 'blank' subscription status
      • How-to
        • Add contacts
        • Update the subscription status of your existing contacts
        • Send marketing campaigns to contacts with a 'blank' subscription status
        • Export contacts
        • How to bulk delete contacts
  • Content
    • Email templates
      • Concepts
        • Email content, styling, and personalization
        • Email design best practices
        • Advanced Email Templating
      • How-to
        • Create an email template
        • Import a custom HTML email
        • Use a prebuilt email template
        • Create personalized abandoned cart, browse and order placed emails
    • Message templates
      • Quickstarts
        • Create a message template
      • Concepts
        • Localization
        • Versioning
        • WhatsApp message templates
          • WhatsApp approved message templates
          • Reply to open conversation message template
          • Commerce messages
        • Apple Messages for Business
        • Push notifications
      • How-to
        • Localize a message template
        • Add variables to a message template
        • Create an SMS message template
        • Apple Messages for Business
          • Use dynamic variables in Apple Messages templates
          • Create a text Apple Messages template
          • Create an image Apple Messages template
          • Create a location Apple Messages template
          • Create a file Apple Messages template
          • Create a rich link Apple Messages template
          • Create a list picker Apple Messages template
          • Create authentication Apple Messages message types
          • Create a quick reply Apple Messages template
          • Create a time picker Apple Messages template
          • Create an iMessage App message template
          • Create a payment Apple Messages template
        • WhatsApp message templates
          • Create a WhatsApp approved message template
          • Create a reply to open conversation WhatsApp message template
          • Create a single product WhatsApp message template
          • Create a catalog WhatsApp message template
          • Create a coupon WhatsApp message template
          • Create an action WhatsApp message template
          • Create a limited time offer WhatsApp message template
          • Create a carousel WhatsApp message template
          • Create Approved WhatsApp Flows Template
          • Create reply to open conversation WhatsApp Flows Template
        • Create Push Notifications message templates
    • Chat widgets
      • Concepts
        • Send and receive messages
      • How-to
        • Build and install a chat widget on a Shopify store
        • Build and install a chat widget on your website
    • Media Library
      • How to Upload Images to the Media Library
    • Translation files
      • Creating and using translation files
    • External Data Sources
    • Lookup Tables
    • Discounts
    • Lookup tables
      • Managing lookup tables
      • Using lookup tables in Flows
    • Products
      • Custom Product Catalog Source
  • Analytics
    • Analytics
      • Concepts
        • Reporting metrics
        • Understanding the Attribution Model
        • List-unsubscribe in email headers
        • Understand Open Tracking
    • Channel analytics
      • Concepts
        • Channel logs
      • How-to
        • Analyze the performance of your channels
    • Campaign reports
      • Concepts
        • WhatsApp campaign reports
        • Email campaign reports
        • SMS campaign reports
      • How-to
        • View campaign reports
        • View A/B test campaign reports
        • See an overview campaign performance
  • Channels
    • Channels
      • Concepts
        • Quiet hours
      • Quickstarts
        • Find and install a channel
        • View information about an installed channel
        • View Channel Logs
      • Supported channels
        • Apple Messages for Business
          • Quickstarts
            • Install Apple Messages for Business
            • Use Apple Messages for Business
          • Concepts
            • Typing indicators
            • User device capabilities
          • How-to
            • Complete onboarding
            • Use entry points
            • Route messages
            • Send messages
            • Use Apple Pay
        • Email
          • Install email
          • Forwarding emails from Gmail
          • IP pools
          • Configure BIMI
        • Facebook Messenger
          • Install Facebook Messenger
          • Use Facebook Messenger
          • Facebook Messenger message types
        • Instagram Messaging
          • Install Instagram Messaging
          • Use Instagram Messaging
          • FAQs and Best Practices
          • Instagram message types
        • LINE
          • Install LINE
        • LinkedIn Pages Messaging
          • Install LinkedIn Pages messaging
          • Use LinkedIn Pages Messaging
          • LinkedIn Pages Messaging Types
        • Numbers
          • Quickstarts
            • Find and buy a new number
            • Activate a number
          • Concepts
            • Number types
            • Know-Your-Customer (KYC)
            • Activation, approval, and rejection
            • Number restrictions in China
          • How-to
            • Use a number
            • Cancel a number
            • Troubleshooting
            • FAQs
        • Push notifications
        • Google RCS
          • Create a Google RCS agent and install Google RCS as a channel
          • Testing and launching your agent
          • Create a Google RCS message template
          • RCS message template types
          • Create and send a Google RCS campaign
          • Create an RCS lead nurture journey with a fallback
          • Use RCS with an AI Agent
          • Grow RCS subscribers with a sign-up form
        • SMS
          • Quickstarts
            • Install SMS
            • Toubleshoot SMS Deliveries Faliures
            • (Missing) SMS delivery status
            • Troubleshoot Channel Health
          • Concepts
            • SMS parts and message length
            • SMS message types and compliance
            • Opt-in and opt-out compliance
            • Choose the right sender : Availability and restrictions by country
              • SMS Country Information Guide: Africa (A-L)
              • SMS Country Information Guide: Africa (M-Z)
                • South Africa
                • Nigeria
              • SMS Country Information Guide: Asia (A-K)
                • Japan
                • India
                • China
              • SMS Country Information Guide: Asia (L-Z)
                • Malaysia
                • Singapore
              • SMS Country Information Guide: Caribbean
              • SMS Country Information Guide: Central America
              • SMS Country Information Guide: Europe (A-M)
              • SMS Country Information Guide: Europe (N-Z)
              • SMS Country Information Guide: Middle East
                • United Arab Emirates
              • SMS Country Information Guide: North America
                • Messaging Best Practices - NORAM SMS / MMS
                • Canada
                • United States
                • Prohibited Content - NORAM SMS / MMS
              • SMS Country Information Guide: Oceania
                • New Zealand
                • Australia
              • SMS Country Information Guide: South America
            • MMS sizes and limitations
            • Automatic sender selection
            • SMS Registration
              • Use case requirements for SMS Registration
              • Setting up a SMS consent flow
              • SMS Privacy Policies
              • SMS Toll-free number
                • TFN Verification
                • Additional Costs for using TFN
                • How-to Guides
                  • Purchase a Toll Free Number via Bird
                  • Register a US or Canadian TFN for SMS via Bird
              • SMS 10DLC
                • How-to Guides
                  • Purchase a 10DLC number via Bird
                  • Register a 10DLC brand via Bird
                  • Register a 10DLC campaign via Bird
                  • Install SMS 10DLC
                  • Delete inactive 10DLC campaigns to avoid additional charges
                • Throughput and Daily Caps
                • Brand registration
                • Campaign registration
                • Additional costs for using 10DLC
                • 10DLC FAQs
            • Page 1
        • WhatsApp
          • Quickstarts
            • Before you start
            • Install WhatsApp
          • Concepts
            • WhatsApp for Business
            • Accounts and verification levels
              • Verified Facebook Business Manager Account
              • Official WhatsApp Business Account (Green tick)
            • Use WhatsApp
            • WhatsApp message types
            • WhatsApp's Customer Care Window
            • FAQs
          • How-to
            • Verify your Facebook Business Manager Account
            • Set up commerce messaging
              • Product inquiries
              • Product orders
            • Create a WhatsApp Flow
              • Create a flow
              • Testing your flow
              • Publishing and sending your flow
              • Handling Flow submission
            • Enable conversational components
            • Become a WhatsApp Tech Provider
              • Onboard as a Tech Provider
              • Connecting to Bird as solutions provider
              • Meta Tech Partner Migration 2024
            • Migrate from Bird to another BSP (Business Service Provider)
        • Telegram
          • Install Telegram
          • Bot commands setup
  • AI
    • AI
      • Quickstarts
        • Create an FAQ model
        • Build a detect intent model
      • Concepts
        • AI Assistants
          • Agent Assistant
          • Flows Assistant
          • Studio Assistant
          • FAQ Assistant
          • Audience Assistant
        • AI flow actions
        • AI integrations
        • Detect language: Supported languages
      • How-to
        • Set up and deploy automated FAQs
        • Set up and deploy detect intent models
    • AI Agents
      • Concepts
        • Knowledge bases
        • OpenAI token usage
      • How-to
        • Build a knowledge base
        • Set up an AI Agent
        • Deploy an AI Agent
  • Payments
    • Bird Pay (Beta)
      • Quick Start
        • How to get Bird Pay access?
      • Concepts
        • Onboarding
        • Payment Link
        • Wallet
          • Transfer
          • Recipient
        • Payments
          • Disputes
        • My customers
        • Payouts
        • Payment methods
        • Bird Pay Coverage
        • Strong Customer Authentication (SCA)
      • How-to
        • Create a Payment link
        • Refund a Payment
        • Manage Payout
        • Respond to a Dispute
        • How to set up MFA using the Authenticator app?
      • FAQs
        • Why was my onboarding unsuccessful?
        • How do I update my business address?
        • What are foreign currency fees on my Bird Payments?
        • How to raise an issue with Bird Pay with support?
  • Integrations
    • Integrations
      • Quickstarts
        • Find and install an integration
      • Concepts
        • Integration data sync
      • Supported integrations
        • ActiveCampaign
        • OPERA Cloud
        • Calendly
        • Easyship
        • Google Cloud Translation AI
        • HubSpot
        • Magento 1
        • Magento 2
        • Monday.com
        • Notion
        • OpenAI
        • Rebrandly
        • Salesforce
        • Shopify
        • SugarCRM
        • Zoho CRM
        • TikTok Ads
        • Typeform
        • WooCommerce
        • Zendesk Support
        • Google BigQuery
        • Snowflake
        • Amazon S3
        • Salesforce Marketing Cloud
        • Meta ads
        • Google Ads
      • How-to
        • How to integrate the Salesforce Connector on Bird?
        • How to Delete Contacts in Bird when Deleted in Salesforce
  • Account & Billing
    • Account
      • Organization settings
        • General
        • Single-Sign On (SSO)
          • Set up Single-Sign On (SSO)
          • Enforce Single-Sign On (SSO)
          • Entra ID
          • Google Workspaces
          • Okta
        • SCIM
          • Okta setup
          • Okta setup - Workspace IAM
          • Entra ID
        • Security Settings
        • Business profile
        • Workspaces
        • Plans & Billing
        • Wallets
        • Users
        • Access policies
        • Access roles
        • Access keys
        • How to find your Organization ID
        • How to find a Workspace ID
        • How to limit a user's access to a single workspace
        • How to download usage report?
        • How to pay (settle) invoices via wallet?
  • Help & Reference
    • Bird support
      • Invite Bird support
    • Deliverability & compliance
      • Email compliance - Bulk sending
      • United States SMS/MMS compliance
        • Key US Regulations
        • General US content restrictions
        • US SMS/MMS compliance
        • US Voice compliance
        • US state-level laws and regulations
        • US compliance & best practices checklist
        • US compliance FAQs
      • Singapore SMS Compliance
    • Data protection
      • Approved subprocessors
    • Release notes
    • Glossary
Powered by GitBook
On this page
  • Limit a user's access to a single workspace
  • What you'll need
  • Step one: Create a custom policy
  • Step two: Create a custom role
  • Step three: Assign the custom role to a user
  • Allow a user view-only access to additional workspaces
  • What you'll need
  • Step-by-step

Was this helpful?

  1. Account & Billing
  2. Account
  3. Organization settings

How to limit a user's access to a single workspace

Last updated 1 year ago

Was this helpful?

In this guide:

If your organization has multiple , you may want to limit a user's access to a specific workspace that's relevant to their role, while preventing them from accessing the other workspaces in your .

Example

For example, let's say that you have separate workspaces set up for 'Sales', 'Marketing', and 'Support'. A new marketer joins your company, and you want to give them access to the 'Marketing' workspace so that they can set up and send marketing campaigns, but prevent them from reading customer's messages in the 'Support' workspace.

In this situation, you can set up and assign custom access permissions that allow them to access and edit a single workspace by following the steps outlined in this guide.

Limit a user's access to a single workspace

What you'll need

  • Your

  • The you want to limit a user's access to

Step one: Create a custom policy

  1. In the top left-hand corner, click your organization's logo, then click Organization settings.

  2. Click Access Policies.

  3. Click Create custom policy.

  4. In the 'Policy name' and 'Policy description' fields, enter a name and description for this policy.

Policy naming: When naming your custom policy, we recommend that you add the name of the user and the workspace you are limiting their access to. This will make the policy easier to identify in the future.

Set up the workspace-level policy definition

Now, let's set up the first policy definition. For this definition, you'll need to have your workspace ID on hand.

  1. In the 'Definition' section, set the 'Effect' to 'Allow'.

  2. Set the 'Action' to 'Any'.

  3. Click Add resource.

  4. Now, let's add a second policy definition. Click Add definition.

  5. In the 'Definition' section, set the 'Effect' to 'Allow'.

  6. Set the 'Action' to 'View'.

Set up the organization-level policy definition

Now, let's set up the second policy definition. For this definition, you'll need to have your Organization ID on hand. This time, we'll be adding six resources.

  1. In the 'Resource' field, enter the following text: /organizations/{orgId}. Remember to replace {orgId} with your organization ID.

  2. Click Add resource and repeat the process, adding the following text to each new 'Resource' field. Always remember to replace {orgId} with your organization ID, and {worksapceId} with your workspace ID as required.

    1. /organizations/{orgId}/workspaces

    2. /organizations/{orgId}/workspaces/*

    3. /organizations/{orgId}/workspaces/{worksapceId}

    4. /organizations/{orgId}/configurations/groups/*/keys/*

    5. /organizations/{orgId}/iam-roles

  3. Once you've added the six resources, click Create policy.

Step two: Create a custom role

Now that you've set up your custom policy, it's time to assign it to a custom role.

  1. In the top left-hand corner, click your organization's logo, then click Organization settings.

  2. Click Access Roles.

  3. Click Create new role.

  4. In the 'Role name' and 'Role description' fields, enter a name and description for this policy.

Role naming: When naming your custom role, we recommend that you add the name of the user and the workspace you are limiting their access to. This will make the role easier to identify in the future.

Attach a policy

Now, let's attach the custom policy that you created in step one.

  1. In the 'Policy' section, set the 'Type' to 'Organization'.

  2. Click Create new role.

Step three: Assign the custom role to a user

Your custom role is now ready to be assigned to a user.

  1. In the top left-hand corner, click your organization's logo, then click Organization settings.

  2. Click Users.

  3. Find the user that you want to assign the custom role to.

  4. Click the three dots on the right-hand side, then click Edit user.

  5. Click Update roles.

You've successfully limited a user's access to a single workspace!

Allow a user view-only access to additional workspaces

If you want to grant a user view-only to additional workspaces, but prevent them from being able to edit or perform tasks in those workspaces, follow the steps outlined in this guide.

What you'll need

Step-by-step

  1. In the top left-hand corner, click your organization's logo, then click Organization settings.

  2. Click Access Policies.

  3. Select the custom access policy that you want to add workspace view-only permissions to.

Set up the allow view policy definition

Now, let's set up the first policy definition. You'll need to have your workspace ID on hand.

  1. Click Add definition.

  2. Set the 'Effect' to 'Allow'.

  3. Set the 'Action' to 'View'.

  4. In the 'Resource' field, enter the following text: /workspaces/{workspaceID}. Remember to replace {workspaceID} with the ID of the workspace you are granting view-only access to.

  5. Click Add resource, and repeat the process, adding the following text to each new 'Resource' field, and always remembering to replace {workspaceID} with your organization ID:

    1. /workspaces/{workspaceID}/**

    2. /workspaces/{workspaceID}/insights

    3. /workspaces/{workspaceID}/insights/*

Set up the allow create policy definition

Now, let's set up the second policy definition. You'll need to have your workspace ID on hand.

  1. Click Add definition.

  2. Set the 'Effect' to 'Allow'.

  3. Set the 'Action' to 'Create'.

  4. In the 'Resource' field, enter the following text: /workspaces/{workspaceID}/insights. Remember to replace {workspaceID} with the ID of the workspace you are granting view-only access to.

  5. Click Add resource, and repeat the process, adding the following text to each new 'Resource' field, and always remembering to replace {workspaceID} with your organization ID:

    1. /workspaces/{workspaceID}/insights/*

    2. /workspaces/{workspaceID}/insights/reporting/insights-ql

  6. When you're done, click Create policy.

You've just added view-only workspace access to your custom access policy. Any custom access roles that contain this policy will be updated automatically. Any users who are assigned that custom policy will now be able to view additional workspaces.

In the 'Resource' field, enter the following text: /workspaces/{workspaceID}/**. Remember to replace {workspaceID} with you are limiting the user's access to.

In the new 'Resource' field, enter the following text: /workspaces/{workspaceID}. Remember to replace {workspaceID} with you are limiting the user's access to.

Set the 'Policy' to the policy you created in .

In the 'Roles' section, select the custom role you created in .

Make sure you've followed all of the steps to before you start.

An existing

The you want to grant view access to

To allow view-only access to more workspaces, continue to add policy definitions to this custom access policy. Remember to add both the and the for each workspace.

the ID of the workspace
the ID of the workspace
IDs of each workspace
workspaces
organization
Organization ID
ID of the workspace
Limit a user's access to a single workspace
Allow a user view-only access to additional workspaces
step one
step two
limit a user's access to a single workspace
custom access policy
allow view definition
allow create definition