Access roles

Default access roles

In order to help you get up and running with multiple users, there are multiple default (managed) access roles that can be used without having to create a custom access role.

The table gives a description of what each role does and how it can be used.

Role name
Description

Application Developer

This role allows a user to manage all applications in the Developer section. It also gives you the same level of access as the Campaigns Admin, Templates Admin, Flows Admin, and Audience Admin roles.

Audience Admin

This role allows a user to access and manage audiences. This includes editing existing segments, contacts, and suppressions, creating new ones, and importing and exporting contacts.

Analytics Admin

This role allows a user to access and manage analytics and insights. This includes performance reports, subscriber growth, and insights per channel.

Campaigns Admin

This role allows a user to access and manage all things related to your marketing campaigns, including existing marketing content.

Flows Viewer

This role allows a user to access, create, and manage flows in your organization. Because Flows uses many other Bird products to function, we recommend that you combine this role with other useful roles, such as Templates Viewer.

Templates Admin

This role allows a user to access and manage all Marketing content. This includes editing and create templates and translation files.

Templates Viewer

This role allows a user read-only access to Marketing content. It is often useful in combination with other roles, like Flows Admin.

Inbox Agent

This role can be used for users that are agents within Inbox AI. This role grants access to the Inbox product alongside the content within the channels configured in Inbox across all workspaces.

It does not allow access to configure organization or workspace settings including channel management, billing, security, etc.

Organization Owner

This is the most privileged role in the organization. It can view all content and settings across the organization and alter any settings. It can add and remove users, update security and billing settings and manage all aspects of channels, workspaces, etc.

This role should be allocated to the initial user setting up the organization alongside a limited number of trusted individuals who may need to alter any settings or configurations across the organization.

Workspace Owner

This role can be used to give a user access to all workspaces and allow them to manage all aspects of a workspace including managing campaigns, channels, contacts, etc. It also gives access to all content within the organization.

It does not allow access to organizational level features such as user management, billing, and overall workspace management (e.g. adding and removing workspaces).

SCIM Client

For customers that want to automatically provision their users from a central identity provider, this role is necessary to enable the SCIM protocol to communicate with your organization. Further instructions are available under the SSO section of the docs.

Visitor

This is an internal role which is not designed for direct customer use.

Chat Widget

This is an internal role which is not designed for direct customer use.

Custom access roles

Assign access policies to create access roles, then assign roles to users.

Access roles are a way to assign specific access permissions to users within the MessageBird environment. An access role is a collection of access policies that are grouped together to define a specific set of permissions.

For example, you might create an access role called "Marketing Manager" that includes access policies allowing access to Campaigns.

Access roles allow you to control who has access to what data and functions within your organization's MessageBird environment. They are particularly useful when you have a large number of users who require varying levels of access to different areas of the software.

Assign access roles to users when you invite them, or edit a users' profile to add or change their access role.

Create an access role

  1. Go to your Organization Settings and click Access roles.

  2. Click the Create new role button.

  3. Under "General", enter a role name and a role description.

  4. Under "Policy", select the policy type (either 'Managed' for MessageBird-created policies, or 'Organization' for custom policies) from the "Type" drop-down.

  5. From the "Policy" drop-down, select the access policy you want to apply to this role.

  6. If required, click Apply another policy and repeat steps 4-5 to add additional access policies to this role.

  7. Click Create new role to create your access role.

Assign an access role to a user

  1. Go to your Organization Settings and click Users.

  2. Locate the user that you want to assign access roles to and hover over their entry.

  3. Click on the three dots that appear on the right-hand side of the screen.

  4. Select Edit user from the dropdown menu.

  5. In the "Access roles" section, click the dropdown menu and select the access role you want to assign to the user. You can assign multiple roles if needed.

  6. Click Update roles to save the changes.

That's it! The user will now have the assigned access roles and be able to access the corresponding areas of the MessageBird environment based on the permissions granted by those roles.

Change a user's access role

  1. Go to your Organization Settings and click Users.

  2. Locate the user whose access role you want to change, hover over their entry, then click the three dots on the right-hand side of the screen.

  3. Click Edit user.

  4. Under the "Access roles" section, you will see the user's current access roles.

  5. Select a new role from the drop-down.

  6. Click Update roles to save the changes.

Remove a user's access role

Every user must have at least one access role assigned to them.

  1. Go to your Organization Settings and click Users.

  2. Locate the user whose access role you want to remove, hover over their entry, then click the three dots on the right-hand side of the screen.

  3. Click Edit user.

  4. Under the "Access roles" section, you will see the user's current access roles. If they have more than one role, you can delete the additional roles by hovering over it and clicking the delete icon.

  5. Click Update roles to save the changes.

Last updated

#490: Add Entra ID SCIM settings

Change request updated