Roles and permissions by channel are in beta. If you'd like to try out this feature, talk to your customer success manager.
Roles are bundles of permissions that give team members access to the Iterable features and resources they need to efficiently do their jobs. They're defined for an organization and assigned to members. Each role has a custom set of the permissions described below.
When roles and permissions by channel are enabled, you can control access to specific message mediums (email, push, web push, in-app, and SMS).
These changes give you more flexibility creating and managing permissions. Now, you can provide targeted privileges to specialists on your team, such as your marketing team members who focus on specific message mediums or on campaigns but not journeys.
This article covers what is changing with channel-based permissions, a description of each role permission, and how to create and update roles in your Iterable project.
In this article
For this update, we've split the Journeys, Campaigns, and Experiments > Activate and Manage permission into two separate permissions:
Manage and Publish Journeys
Manage and Publish Campaigns
This permission is further split into specific message mediums: Email, SMS, In-app, Push, and Web Push.
Along with this change, you'll also see:
A new page design for Settings > Roles.
An updated workflow when creating a new role.
A new user interface for managing a role's permissions.
Minor changes to the title and language for role permissions and their descriptions—but their privileges remain the same.
Impact to SAML users
If your organization uses SAML to manage members and sign in, then members are assigned roles via your identity provider's SAML settings. Roles migrate to the new permissions as described above.
To change a role's permissions, a member with the Manage Roles permission can make updates on the Settings > Roles page. See Updating Roles below for instructions.
To give a member a different role, your IT administrator must make changes with your organization's identity provider.
Roles are assigned to members for each project, and members can have different roles for different projects.
Roles can include permissions taken from the following groups:
These permissions determine whether or not a member can configure project settings, third-party integrations, Facebook integration, API keys, system webhooks, and journey webhooks:
Manage Settings: Allows members to access and make changes to an Iterable project's Settings > Project Settings screen and the Settings > Custom Event Usage page. More specifically, it allows users to:
View and update project settings.
Create, rename, and delete labels.
View and update custom event settings.
View list and journey references (such as in the Settings > Custom Event Usage page).
Manage Integrations: Allows members to configure third-party integrations, Facebook integration, API keys, system webhooks, and journey webhooks (all found on the Integrations menu).
These permissions determine whether or not members can view or configure message channels and types, senders, DNS setup, sending platforms, mail domains, mobile apps, and web push settings:
View: Allows members to view channel configuration pages. It can be useful to view these settings when working with campaigns.
Setup and Manage: Allows members to create and configure channels.
Journeys, Campaigns, and Experiments
These permissions determine how members can work with journeys, campaigns, and experiments:
View: Allows members to view journeys, campaigns, and experiments.
Draft: Allows members to draft or copy journeys, campaigns, and experiments (but not launch or schedule them).
Manage and Publish Journeys: Allows members to manage and activate journeys.
Manage and Launch Campaigns: Allows members to send, schedule, activate, and manage campaigns and experiments. When you select this permission, you must also select one or more message mediums:
- Web push
Project members can manage and publish campaigns and experiments only for the message mediums included in their project role.
If a member doesn't have permission to launch campaigns for a given message medium, that action will be disabled in Iterable's UI.
These permissions allow users to create, update, and delete templates.
- Create and Manage: Allows members to create, update, and delete templates on the Content > Templates page.
These permissions determine whether or not a member can modify an Iterable project's snippets:
- Create and Manage: Allows members to create, update, and delete snippets.
These permissions determine whether or not a member can view or manage catalogs or collections:
View: Allows members to view the Content > Catalogs screen and the contents of catalogs.
Create and Manage: Allows members to create, update, and delete catalogs.
Segmentation and Lists
These permissions determine whether or not a member can create, update, or delete static and dynamic lists:
- Create and Manage: Allows members to create, update, and delete static and dynamic lists.
For a member to be able to take any action that might create new users (such as upload CSV files), they'll also need Create and Manage User Profiles and Data permission.
User profiles and data
These permissions determine whether or not a member can view, create, update or delete users:
View: Allows members to view the contents of a project's user profiles.
Create and Manage Users: Allows members to create, update, and delete users.
For a member to import users and create/manage static and dynamic lists, their role must include the Create and Manage Segmentation and Lists permission.
These permissions determine whether or not a member can view or manage Predictive Goals:
View: Allows members to view the contents of a Predictive Goal.
Create and Manage: Allows members to create and delete Predictive Goals.
To add Predictive Goals to your Iterable account, talk to your customer success manager.
These permissions determine whether or not a member can view or manage reports:
View: Allows members to view the Insights > Reports screen.
Create and Manage: Allows members to create, update and delete reports.
When selecting permissions, you may notice that some of them are pre-selected, grey, and uneditable. Permissions in this state are automatically included by another, higher-order permission that you've also selected.
Example: If you select the Create and Manage Catalogs permission, then View Catalogs is also selected. This is because a member must first be able to view catalogs before they can create and manage them.
Viewing and creating custom roles
Members with the Manage Roles org permission can view, create, and edit roles.
To view all existing roles, and go to Settings > Roles.
To see the selected permissions for an existing role, hover over the count in the Permissions column.
To create a new role:
Click New Role.
Provide a name for the new role.
(Optional) To start with an existing permission set, choose from the dropdown underneath Copy Permissions From...
Click Create Role
Select permissions as necessary.
Click Save role.
Remember to save your work! Changes are not auto-saved when creating or changing a role. If you leave the page without clicking Save Role, you'll need to start over. If you see an error that says Role permissions could not be saved, try again.
Example custom role
Consider a hypothetical custom role for an email marketer. This member would need a role that grants the ability to create and send email campaigns from pre-existing templates and contact lists, but not view the users on those lists or their Iterable user profiles, nor send from any other message medium. Members with this role might also need to access reports to review campaign results.
This custom role should have the following permissions:
Create and Manage Reports, for creating and viewing reports
for their campaigns.
Manage and Launch Campaigns for Email (which automatically includes View and Draft), for creating and managing email campaigns.
Any member with the Manage Roles org permission can edit the name of an existing role and its assigned permissions.
To edit a role:
Go to Settings > Roles.
Click the name of the role you wish to change.
To edit the role's name, click the pencil icon next to it and enter the new name.
To update permissions, check and uncheck permissions as needed.
Click Save Role to complete your changes.
It isn't currently possible to delete custom roles. However, they can be renamed, modified, and reused.
When you modify a custom role, users who already have that role receive its updated set of permissions.
To learn how to assign roles to team members, and how to grant org permissions and org admin status, read Creating and Managing Member Accounts.