Skip to main content
Access control lets you grant each member only the access they need. Instead of a single level of access, you decide which actions every member can perform, following the principle of least privilege to keep sensitive data and settings protected.

How access control works

Access in Conversion is built from two concepts:
ConceptWhat it is
PermissionA single action that can be performed, such as creating a blast or editing a form.
RoleA named collection of permissions that you assign to members.
You can grant access at three levels:
LevelHow access is granted
MemberEach member is assigned a role that determines what they can do.
TeamMembers grouped into a team are granted permissions directly, which all members of the team inherit.
API keyProgrammatic access is granted a set of permissions, limiting what each key can do.
Only administrators can manage access — creating roles and teams, assigning roles, and managing API keys. See Members for how to manage who belongs to your workspace.

Roles

Every member is assigned a role. Conversion provides four predefined roles, and you can define your own to grant exactly the access you intend.
RoleAccess
AdministratorAll permissions, including administrative settings such as members, teams, authentication, and integrations.
ManagerAll non-administrative permissions, including the ability to publish, activate, and send — for example, sending blasts and activating workflows.
EditorCreate, edit, and delete content, but cannot publish, activate, or send. For example, an editor can build a blast or a workflow but cannot send the blast or activate the workflow.
ViewerView-only access across the workspace.
CustomA role you define yourself, granting exactly the permissions you choose.
Publishing, activating, and sending are the high-impact actions that make work go live — sending a blast, activating a workflow, or publishing a form. Reserving them for managers and administrators lets editors build and refine content safely without pushing it to your audience.

Permissions

Permissions are grouped by the area of the product they apply to. Each permission grants a single action, so you can build a custom role that allows exactly what you intend.
Administration permissions control sensitive settings such as inviting members, configuring identity and access, and managing integrations. Grant them only to members who need to manage the workspace itself.

Administration

PermissionDescription
Manage membersInvite, edit, and remove members, and assign their roles.
Manage teamsCreate and edit teams and assign their roles.
Manage authenticationConfigure SSO, SCIM, and other authentication settings.
Manage integrationsConnect and remove integrations such as Slack.
Manage email settingsConnect domains and edit communication limits and other email settings.
Manage CRM syncConnect a CRM and edit rate limits and sync rules.
Manage data warehouse integrationsConnect and remove data warehouse integrations.
Manage data warehouse syncsConfigure and run syncs to and from connected data warehouses.
Manage API keysCreate and manage API keys and their permissions.

Contacts

PermissionDescription
View contactsView contacts and their details.
Create contactsAdd new contacts.
Edit contactsUpdate existing contacts, including their field values.
Delete contactsPermanently delete contacts.

Companies

PermissionDescription
View companiesView companies and their details.
Create companiesAdd new companies.
Edit companiesUpdate existing companies, including their field values.
Delete companiesPermanently delete companies.

Opportunities

PermissionDescription
View opportunitiesView opportunities and their details.
Create opportunitiesAdd new opportunities.
Edit opportunitiesUpdate existing opportunities, including their field values.
Delete opportunitiesPermanently delete opportunities.

Fields

PermissionDescription
View fieldsView field definitions.
Create fieldsCreate new fields.
Edit fieldsEdit existing field definitions.
Delete fieldsDelete fields.
Fields permissions control the field definitions themselves — the schema shared across your workspace. Editing the values stored on an individual record is included in that object’s edit permission, such as Edit contacts.

Blasts and workflow emails

PermissionDescription
View emailsView blasts and workflow emails.
Create emailsCreate blasts and workflow emails.
Edit emailsEdit existing blasts and workflow emails.
Send blastsSend a blast to its recipients.
Publish workflow emailsPublish a workflow email so it can send within a workflow.
View email performanceView performance and analytics for sent emails.
Delete emailsPermanently delete blasts and workflow emails.

Templates

PermissionDescription
View templatesView email templates.
Create templatesCreate email templates.
Edit templatesEdit existing email templates.
Delete templatesPermanently delete email templates.

Workflows

PermissionDescription
View workflowsView workflows and their configuration.
Create workflowsCreate new workflows.
Edit workflowsEdit existing workflows.
Activate workflowsActivate a workflow so it begins running.
Delete workflowsPermanently delete workflows.

Forms

PermissionDescription
View formsView forms and their submissions.
Create formsCreate new forms.
Edit formsEdit existing forms.
Publish formsPublish a form so it can collect submissions.
Delete formsPermanently delete forms.

Audiences

PermissionDescription
View audiencesView audiences and their members.
Create audiencesCreate new audiences.
Edit audiencesEdit existing audiences.
Delete audiencesPermanently delete audiences.

Ads

PermissionDescription
View adsView ads and their performance.

Campaigns

PermissionDescription
View campaignsView campaigns and their members.
Create campaignsCreate new campaigns.
Edit campaignsEdit existing campaigns.
Delete campaignsPermanently delete campaigns.

Campaign types

PermissionDescription
View campaign typesView campaign types.
Create campaign typesCreate new campaign types.
Edit campaign typesEdit existing campaign types.
Delete campaign typesDelete campaign types.

Campaign tokens

PermissionDescription
View campaign tokensView campaign tokens.
Create campaign tokensCreate new campaign tokens.
Edit campaign tokensEdit existing campaign tokens.
Delete campaign tokensDelete campaign tokens.

Folders

PermissionDescription
View foldersView folders and their contents.
Create foldersCreate new folders.
Edit foldersEdit folders, including moving assets between them.
Delete foldersPermanently delete folders.

Agents

PermissionDescription
View agentsView agents, their configurations, and sessions.
Create agentsCreate new agents.
Edit agentsEdit agent configurations.
Delete agentsPermanently delete agents.

API keys

API keys are granted a set of permissions, just like teams, so that programmatic access is limited to the actions you intend. Only administrators can create and manage API keys.
Grant each API key the narrowest set of permissions that still lets it do its job. If a key is ever exposed, least-privilege scoping limits what an attacker can reach.