Create & assign custom roles
PremiumThis feature is available for Premium plans. EnterpriseThis feature is available for Enterprise plans. UpdatedAccount Admins can grant team members access to workspaces by assigning them workspace-level roles. If you’re on a Premium or Enterprise plan, you can create roles with custom permission sets. Otherwise, you’ll assign one of our standard roles with predefined permissions.
Overview
Customer.io has two types of workspace-level roles: standard roles and custom roles. Standard roles come with a predefined set of permissions, while custom roles allow you to specify your own set of permissions across content, integrations, and more.
Account Admins can create custom roles in Account Settings > Roles. You can create roles from scratch or start from an existing role. A few things to keep in mind:
- Custom roles must minimally have all view permissions. When you create a role, you’ll see the checkboxes in the Permissions table reflect the minimum permissions needed.
- Permissions accumulate; to grant a permission on the right, you need all the permissions on the left. For instance, to delete campaigns, you must also be able to view, edit, and create them.
Before you finish creating a role, make sure you specify whether people with this role should see sensitive data.
Compare permissions
Customer.io breaks permissions into four categories:
- Messaging & Content: Manage which workflows and content people have access to.
- People, Objects, & Activity: Manage the data in your workspace.
- Integrations, Imports, & Exports: Programmatically manage data, including Collections. Visibility of sensitive data across the workspace is controlled by the feature Hide sensitive attributes.
- Workspace & Message Channel Configuration: Manage workspace settings, integration of message channels, and your subscription center.
Every role must have view permissions
These are checked when you first create a role.
Messaging & Content
| Feature | Permissions |
|---|---|
| Campaigns | |
| View | View all aspects of a campaign: settings, workflow, metrics, etc. Can export messages. |
| Edit | Edit all aspects of a campaign's workflow and settings, including messages. Permissions include:
|
| Create | Create or duplicate campaigns. Schedule (start and stop) campaigns. Archive campaigns. |
| Delete | Delete campaigns. |
| View | View all aspects of a broadcast or newsletter: settings, messages, metrics, etc. Can export messages. |
| Edit | Edit a broadcast or newsletter, including messages:
|
| Create | Create or duplicate broadcasts or newsletters. Schedule (start and stop) broadcasts or newsletters. |
| Delete | Delete broadcasts or newsletters. |
| Transactional Messages | |
| View | View all aspects of a transactional message: settings, messages, metrics, etc. Can export messages. |
| Edit | Edit a transactional message, including the content:
|
| Create | Create or duplicate transactional messages. To send a transactional message, you need an App API key. See Integrations for more info. |
| Delete | Delete transactional messages. |
| Anonymous In-App Messages | |
| View | View all aspects of an anonymous in-app message: settings, messages, metrics, etc. |
| Edit | Edit an anonymous message. |
| Create | Create or duplicate anonymous in-app messages. Schedule (start and stop) anonymous in-app messages. |
| Delete | Delete anonymous in-app messages. |
| Content Library & Design Studio | |
| View | View all aspects of the Content Library: assets, layouts, snippets, message library, and in-app messages. View Design Studio files: templates, emails, components, and styles. Can export Design Studio files. |
| Edit | Edit assets, layouts, snippets and Design Studio files. Can both create and edit global styles for Design Studio messages. |
| Create | Organize files and create or duplicate components, emails, and templates in Design Studio. Can upload files to Assets or Design Studio. |
| Delete | Delete files. |
People, Objects, & Activity
These permissions control whether you can manage people, objects, segments, and ad audiences in the UI of your workspace. They do not control whether you can programmatically manage them through our APIs. See Integrations, Imports, & Exports for more.
To redact people’s data from team members, you must mark profile attribute as sensitive in the Data Index and assign “Hide sensitive attributes” to the custom role. See Hide sensitive attributes to learn more.
| Feature | Permissions |
|---|---|
| People | |
| View | View people including their attributes, devices, and more. |
| Edit | Edit people and their data. Manage subscription preferences and profile merges. Add or update attributes. |
| Create | Create people manually. To import a CSV of people, add Import permissions. To programmatically add people, add Integration permissions. |
| Delete | Delete people. |
| Custom Objects | |
| View | View all objects and object types. |
| Edit | Add/edit object attributes. |
| Create | Create objects. Add/edit relationships between objects and people. To import a CSV of objects, add Import permissions. To programmatically add objects, add Integration permissions. |
| Delete | Delete objects or relationships. |
| Custom Object Types | |
| View | View object types in Workspace Settings. You must also grant View permissions for Workspace Settings. |
| Edit | Edit object type details. Enable/disable object types in Workspace Settings. |
| Create | Create object types. |
| Delete | Delete object types. |
| Segments | |
| View | View all segments. |
| Edit | Edit segment details and conditions. |
| Create | Create or archive segments. Import/add existing people to manual segments. |
| Delete | Delete segments. |
| Ad Audiences | |
| View | View ad audiences (part of segments). |
| Edit | Edit ad audiences. |
| Create | Create ad audiences within segments. To integrate your ad network, add Integration permissions. |
| Delete | Delete ad audiences. |
| Activity Logs | |
| View | View all logged activities in your workspace. |
Integrations, Imports, & Exports
Permissions for API keys
For complete access to API keys, you need two permissions:
- The account-level permission “Manage API credentials”—gives you the ability to create and delete keys for all of our APIs: Track, App, and Pipelines
- The Edit permission for “Integrations”—gives you the ability to view and copy Pipelines API keys
You assign “Manage API credentials” under Account-level permissions when adding or editing a team member. People will only see keys to the workspaces they have access to.
You need the account-level “Manage API credentials” permission to access and copy Track and App API credentials; you don’t need this permission to access and copy Pipelines API keys. To view Pipelines API keys, you only need the Edit permission for “Integrations”.
For more on the differences between our APIs and when to use each, check out our comparison article.
Each key gives you access to the complete API, regardless of permissions set on your custom role. For instance, if you have the “Manage API credentials” permission, then you can create people and send events even if you don’t have the Edit or Create permissions for People.
Permissions for data-out integrations
You may need permissions under “Export data” and “Integrations” depending on the service you want to integrate:
- For Mixpanel or Amplitude, you need “Export data” permissions to manage them.
- For data warehouses like Amazon Redshift or Google BigQuery, you need “Export data” permissions and permissions for “Integrations”.
- For all other data-out integrations including reporting webhooks, you won’t need Export permissions, only permissions for “Integrations”.
Breakdown of integration permissions
| Feature | Permissions |
|---|---|
| Integrations | |
| View | View the integrations page, including the list of services your workspace is integrated with and our directory of options. |
| Edit | Manage existing integrations:
|
| Create | Add integrations to your workspace. To add reporting webhooks, you only need the Edit permission. |
| Delete | Remove/delete integrations from your workspace, including reporting webhooks. |
| Import data | |
| View | View imports in Data & Integrations. |
| Edit | Edit imports labeled as "Action needed:" for instance, you can edit the mapping of CSVs to fields in your workspace but can't actually start an import. |
| Create | Import people, events, objects, and relationships and send test events in the UI:
|
| Delete | Cancel imports. |
| Export data | |
| View | View export logs in Data & Integrations. |
| Edit | Edit data warehouse exports/syncs or your integrations with Mixpanel and Amplitude. |
| Create | Export data in your workspace and integrations:
|
| Delete | Cancel exports. |
| Collections | |
| View | View all collections. |
| Edit | Edit collection details and upload new files. |
| Create | Add collections. |
| Delete | Delete collections. |
| Data Index | |
| View | View lists of attributes for people, objects, and relationships in your workspace. View list of events. |
| Edit | Edit attribute details like descriptions and tags. Mark profile attributes as sensitive. |
Workspace & Message Channel Configuration
| Feature | Permissions |
|---|---|
| Workspace Settings | |
| View | View workspace settings, including your AI business profile, subscription center configuration, and URL parameters. |
| Edit | Update workspace details like name, how to identify people, and your AI business profile. Other permissions include:
|
| Message Channel Settings | |
| View | View message channel settings and configuration in workspace settings. |
| Edit | Update message configurations in workspace settings. Add, verify, and delete email sending domains. Edit language settings, which includes the attribute Customer.io uses to identify a person's language preferences. |
| Create | Enable and configure SMS, in-app messages, push notifications, or Slack. Email configuration is controlled by the Edit permission. |
| Delete | Disable and remove SMS, in-app messages, push notifications, or Slack. Email configuration is controlled by the Edit permission. |
| Subcription Center & Topics | |
| View | View your subscription center in workspace settings. |
| Edit | Update your workspace's subscription center, including:
|
| Create | N/A—The Edit permission controls the ability to add to the subscription center. |
| Delete | Delete topics or translations. |
Create a custom role
To create a custom role, you must be an Account Admin on a Premium or Enterprise plan. Every custom role must have a minimum set of view permissions. By default, we check these for you when you start.
- Go to Account Settings > Roles.
- Click Create role.
- Enter a Name for the role. This is what you see when assigning roles to team members.
- (Optional) Add a Description so you remember what this role is for.
- (Optional) Under Quick Setup, decide whether to start from a standard role or previously made custom role. This will populate the permissions table.
- Edit permissions by checking or unchecking the boxes.
- Click the check box to the left of a permission to grant full access to it.
- Click individual checkboxes to the right to give granular access.
- If you want to hide sensitive data from team members with this role, choose Hide sensitive attributes from the dropdown.
- Click Submit.
Next, assign the role to a team member.
Hide sensitive attributes
If you’re on a Premium or Enterprise plan, then Account and Workspace Admins can mark profile attributes as “sensitive” in the Data Index and decide whether to hide this data from team members. This redacts values but not attribute names from the workspace.
Members with custom roles can also mark attributes as sensitive and hide them from team members depending on their level of access.
- If the team member has the Edit permission for the Data Index, they can mark attributes as sensitive.
- Then if they have the Edit permission for Workspace Settings, they can manage which Authors or Viewers can see these attributes. Note, this permission only lets them manage sensitive data for Authors and Viewers, not team members with custom roles.
Mark attributes as sensitive
Account admins and workspace admins can mark profile attributes as sensitive in the Data Index. This redacts values but not attributes names from the workspace and helps ensure data privacy across team members. If you have a custom role that includes the Edit permission for the Data Index, you can also mark attributes as sensitive.
The index also includes events, objects, and relationship attributes; however, you can only mark profile attributes as sensitive at this time. If an event attribute has the same name as a profile attribute marked as sensitive, those event values will also be redacted.
- In the Attributes tab, click an attribute.
- Click Edit in the panel.
- Click “Make sensitive.” To unhide sensitive attributes, select the box to uncheck it.
Not seeing Make sensitive?
Check that you’re an Account Admin or Workspace Admin in Team Members. If you are, then check whether you’re on a Premium or Enterprise plan or reach out to someone with billing access. Otherwise, you’ll have to upgrade for access.
- Click Save.
- Next, assign “Hide sensitive attributes” to team members.
Choose “Hide sensitive attributes” when creating custom roles
To redact sensitive data from team members, you must be an Account Admin:
- While editing a role, choose “Hide sensitive attributes” from the dropdown in the Permissions table.
- Click Save.
Any team members with that role will now see values redacted for sensitive attributes. If they send test messages or webhooks from your workspace, those messages and responses will also contain redacted values.
Edit a custom role
You must be an Account Admin to edit a custom role.
- Go to Account Settings > Roles.
- Click the name of the role.
- Modify the name, description or permissions as you see fit. You can also change whether to hide sensitive data.
- Click Save.
Changes to permissions take effect immediately. If you reduce permissions and the role is assigned to someone logged in, they may lose their work. For instance, if you edit a role down to view only permissions for a campaign and the team member is currently editing an email in a campaign, they won’t be able to save their changes. Make sure you communicate with your team before editing roles in use.
You can find who will be impacted by permission changes on the Roles page under Users. We do not notify people if their permissions changed.
Duplicate a custom role
You must be an Account Admin to edit a custom role. Duplicating a role only creates the role; you must manually assign it to team members.
- Go to Account Settings > Roles.
- Click and choose Duplicate.
- Click the new role to edit it. It will have “(Copy)” in front of the original role’s name.
- Click Save.
Delete a custom role
To delete a custom role, you must be an Account Admin. You must remove the role from all team members before you can delete it.
- Go to Account Settings > Roles.
- Click and choose Delete.
- Confirm your action.
