When using Iterable to create campaigns, you'll likely collaborate with multiple people—each of whom, depending on their responsibilities, may need access to a unique set of Iterable resources and capabilities. To help your team to work effectively, safely and with appropriate privacy, use org permissions, org admins and custom roles.
Table of contents
Org permissions
IMPORTANT
Org permissions are powerful. Assign them only to users who need the capabilities they enable.
Org permissions allow team members to manage various aspects of an Iterable organization. These permissions are granted outside the scope of any custom roles and are managed on a member-by-member basis. Iterable provides the following org permissions:
Manage Billing: Allows the permission holder to view usage data and update payment information for an Iterable organization
Create Projects: Allows the permission holder to create new projects in an Iterable organization
-
Manage Members: Allows the permission holder to create organization members and edit their account details, send password reset emails, disable two-factor authentication, and modify project membership and roles (for projects on which the permission holder is also a member).
This permission does not allow holders to assign/revoke org permissions, assign/revoke org admin status or remove organization members.
Manage Roles: Allows the permission holder to create custom roles and modify their included permissions
Org admins
Org admins are the most privileged members in your Iterable organization. These members:
- Have all org permissions.
- Can assign and revoke org permissions.
- Can assign and revoke org admin status.
- Can remove users from an organization.
- Automatically receive all permissions on every project in your organization (current and future).
NOTE
To learn how to grant org permissions and org admin status, read Creating and Managing Member Accounts.
Custom roles (and their permissions)
Custom roles are bundles of permissions that give team members access to the Iterable features and resources they need to efficiently do their jobs. They're defined for an organization and used as necessary across all its projects. Every custom role has a combination of the permissions described (by group) below.
NOTES
- To learn how to create and modify custom roles, read Creating and Updating Custom Roles.
- To learn how to view or assign a team member's roles, read Creating and Managing Member Accounts.
Channel Configuration
These permissions determine whether or not members can view or configure message channels and types, senders, DNS setup, ESP accounts, mail domains, mobile apps or web push settings:
- View: Allows members to view the pages where these items are configured
- Setup & Manage: Allows members to configure these items
Snippets
These permissions determine whether or not a member can modify an Iterable project's snippets:
- Create & Manage: Allows members to create, update and delete snippets
Segmentation & Lists
These permissions determine whether or not a member can create, update or delete static and dynamic lists:
- Create & Manage: Allows members to create, update and delete static and dynamic lists
IMPORTANT
For a member to be able to take any action that might create new users (such as upload CSV files), they'll also need User Profiles & Data > Create & Manage Contacts permission.
Project Configuration
These permissions determine whether or not a member can configure project settings, third-party integrations, Facebook integration, API keys, system webhooks and workflow webhooks:
- Project Settings: Allows members to access and make changes to an Iterable project's Settings > Project Settings screen
- Data Feeds, Third-Party Integrations, API Keys and Webhooks: Allows members to configure third-party integrations, Facebook integration, API keys, system webhooks and workflow webhooks (all found on the Integrations menu)
Catalogs
These permissions determine whether or not a member can view or manage catalogs or collections:
- View: Allows members to view the Content > Catalogs screen and the contents of catalogs
- Create & Manage: Allows members to create, update and delete catalogs
Reports
These permissions determine whether or not a member can view or manage reports:
- View: Allows members to view the Insights > Reports screen
- Create & Manage: Allows members to create, update and delete catalogs
Workflows, Campaigns & Experiments
These permissions determine how members can work with those items. Workflows, Campaigns & Experiments permissions include:
- View: Allows members to access view workflows, campaigns and experiments
- Draft: Allows members to draft or clone campaigns (but not schedule them)
- Activate & Manage: Allows members to activate workflows, campaigns and experiments
User Profiles & Data
These permissions determine whether or not a member can view, create, update or delete users (contacts):
- View: Allows members to view the contents of a project's user profiles
- Create & Manage Contacts: Allows members to create and delete users (contacts).
IMPORTANT
For a member to import users and create/manage static and dynamic lists, their role must include the Segmentation & Lists > Create & Manage permission.
Base Templates
These permissions allow users to create, update and delete base templates (which can be selected as the starting point for a new campaign).
- Create & Manage: Allows members to create, update and delete base templates
Example custom role
To demonstrate how custom roles can be useful, this section describes a hypothetical custom role that grants members the ability to create and send campaigns with pre-existing base templates and contact lists, but not view the users on those lists or their Iterable user profiles.
To support the above scenario, these team members will need to:
- Create and view reports for their campaigns, so the Reports > Create & Manage permission should be included.
- Create and manage campaigns, so the Workflows, Campaigns & Experiments > Activate & Manage permission should be included (which automatically includes View and Draft as well).
All other permissions can be left off of this custom role.
Migrating to custom roles
This section describes the roles and permissions available in Iterable prior to Custom Roles, and how they have been migrated to Custom Roles.
Original permissions
The following two tables describe the roles and permissions available in Iterable prior to the existence of the custom roles. These permissions are no longer applicable; they are shown only as reference.
Permissions for accessing Iterable resources
| Reader | Contributor | Publisher | Admin | Super Admin | Account Manager | |
|---|---|---|---|---|---|---|
| View lists | X | X | X | X | X | X |
| View segmentation | X | X | X | X | X | X |
| View campaign metrics | X | X | X | X | X | X |
| Create and edit workflow | X | X | X | X | X | |
| Create, clone, edit, delete templates | X | X | X | X | X | |
| Delete lists | X | X | X | X | X | |
| Channel subscribe and unsubscribe users | X | X | X | X | X | |
| Import and update lists | X | X | X | X | X | |
| Create, edit, review, stop experiments | X | X | X | X | X | |
| Activate and deactivate triggered campaigns | X | X | X | X | X | |
| Create, submit, review and edit campaigns | X | X | X | X | X | |
| Schedule, send and cancel campaigns | X | X | X | X | ||
| Enable and disable workflows | X | X | X | X | ||
| Export to Facebook Custom Audience | X | X | X | |||
| Set up third-party integrations | X | X | X | |||
| Export lists | X | X | X | |||
| Export unsubscribes | X | X | X | |||
| Manage payments info | X | X | X | |||
| Add and edit senders | X | X | X | |||
| Add and edit sending domains | X | X | X | |||
| Manage API keys | X | X | X | |||
| Manage mobile apps and push integrations | X | X | X | |||
| Create and update projects | X | X | X | |||
| Access to all projects | X | |||||
| Bulk delete users from a project | X | X | ||||
| Edit channel bindings | X | |||||
| View the ESP accounts page | X |
Permissions for creating and managing members
| Reader | Contributor | Publisher | Admin | Super Admin | Account Manager | |
|---|---|---|---|---|---|---|
| Create Super Admins | X | X | ||||
| Add members to an organization | X | X | X | |||
| Remove members from an organization | X | X | ||||
| Change member first/last names | X | X | X | |||
| Add members to a project | X | X | X | |||
| Assign project roles | X | X | X | |||
| Remove members from a project | X | X | X |
Default custom roles
Before Iterable added custom roles, organizations managed member access through various predetermined roles, as described above.
To migrate existing organizations to Custom Roles, Iterable created a set of new custom roles to mimic the original roles and assigned these new roles to project members as necessary. These newly created custom roles are described below; feel free to modify them as necessary for your organization.
| Reader | Contributor | Publisher | Admin | Super Admin | Account Manager | |
|---|---|---|---|---|---|---|
| Channel Configuration > View | X | X | X | |||
| Channel Configuration > Set Up & Manage | X | X | X | |||
| Snippets > Create & Manage | X | X | X | X | X | |
| Segmentation & Lists > Create & Manage | X | X | X | X | X | |
| Project Configuration > Project Settings (Labels, Custom Events, etc.) | X | X | X | |||
| Project Configuration > Data Feeds, Third-Party Integrations, API Keys and Webhooks | X | X | X | |||
| Catalogs > View | X | X | X | X | X | X |
| Catalogs > Create & Manage | X | X | X | X | X | |
| Reports > View | X | X | X | X | X | |
| Reports > Create & Manage | X | X | X | X | X | |
| Workflows, Campaigns & Experiments > View | X | X | X | X | X | X |
| Workflows, Campaigns & Experiments > Draft | X | X | X | X | X | |
| Workflows, Campaigns & Experiments > Activate & Manage | X | X | X | X | ||
| User Profiles & Data > View | X | X | X | |||
| User Profiles & Data > Create & Manage Contacts | X | X | X | X | X | |
| Base Templates > Create & Manage | X | X | X | X | X |
Mapping the original roles to the default set of custom roles
This table maps Iterable's original roles to the new, custom roles created when migrating an organization to Custom Roles. It also describes the org permissions given to each migrated user and whether or not they receive org admin status.
| Original Role | Role After Migration to Custom Roles | Org Permissions | Org Admin? |
|---|---|---|---|
| Reader | Reader | No | |
| Contributor | Contributor | No | |
| Publisher | Publisher | No | |
| Admin | Admin | Create Projects, Manage Members, Manage Billing | No |
| Super Admin | Super Admin | Create Projects, Manage Members, Manage Billing, Manage Roles | Yes |
| Account Manager | Account Manager | Create Projects, Manage Members, Manage Billing, Manage Roles | No |
Post-migration role differences
The following table lists differences between Iterable's original roles and the default custom roles that replace them:
| Action | Original Role Requirement | Role Requirement After Migrating to Custom Roles |
|---|---|---|
| Promote member roles | Admin | Manage Members org permission |
| View archived campaigns | Reader | Publisher |
| Export campaign analytics | Reader | Admin |
| View data feeds | Reader | Admin |
| Delete API-scheduled messages | Contributor | Admin |
| Resend emails from the user profile page | Reader | Admin |
| Resend emails from the sent messages page | Reader | Admin |
| Change contact's list and channel subscriptions | Reader | Admin |
| View user data | Reader | Admin |
Comments
0 comments
Article is closed for comments.