Choose the Right User Permissions to Protect Your Organization

Messaging is vital in providing a direct line from companies to their audience, but with great power comes great responsibility. After all, even large corporations can mess up and confuse their audience - see Starbucks’ seank or HBO Max’s intern. Messaging mistakes have real consequences, from bad press to a cascade of dreaded unsubscribes.

That’s why it is important to be purposeful in making sure your users have the right permissions. Companies often have various teams working on different projects. Perhaps you’re a global company with multiple teams operating independently in various geographies. Or you’re a gaming company managing a portfolio of games. Or you’re an agency managing multiple clients. In each case, you likely want more control over who can do what.

Role-Based Access Control (RBAC) is a common safeguard for companies to restrict system access based on role types. Here at OneSignal, we offer three role types at both the app and organization levels to help improve your account security.

Benefits of Multiple Roles

• Restrict who can send messages to guard against accidental sends
• Control access to account credentials and keys to protect against hacked accounts and publicly exposed API keys
• Increase access and visibility to more people in your company without worrying they might mess something up
• Prevent different teams or regions from accessing each other’s instances
• Exercise more oversight over new employees that are getting up to speed​​

Admin Role

The Admin role has full control. Admins can change important account information such as user management, API keys, platform settings, and integrations. Organization Admins also have the ability to manage apps, security, and billing. This role is well-suited for account owners, developers, and trusted users that need full access.

Editor Role

The Editor role has control over messaging, including creating and sending messages as well as updating any live messages, such as those in Journeys. This also includes managing user Data Tags, which affects the target audience. This role is well-suited for day-to-day users that are trusted to manage campaigns, including content writers, external contractors, and designers.

Viewer Role

The Viewer role permits read-only access to view user and notification data. These users just need simple access to see campaigns and associated data. This role is well-suited for interns, data analysts, or consultants.

If you’d like to dig deeper, you can find a more granular chart breaking down differences between roles in our documentation.

Ready to improve your account security? All paid plans can assign Viewer roles, while Editor roles are available for Professional and Enterprise Plans.