Give teammates access without giving away the keys.
Build custom roles with resource-level permissions. Campaign operators can run campaigns without touching sending servers. Auditors can see everything without changing anything.
- Roles per workspace
- CustomRoles per workspace
- Resource-level
- RBACResource-level
- Every change logged
- AuditEvery change logged
- Premium & Enterprise
- SSOPremium & Enterprise
What each role can actually do.
A realistic example with four roles — Owner, Admin, Operator, and Viewer. Clone, adjust, or build custom roles per workspace.
| Resource | Owner | Admin | Operator | Viewer |
|---|---|---|---|---|
Campaigns | Full | Full | Full | Read |
Mail Lists | Full | Full | Read | Read |
Automations | Full | Full | Full | — |
Templates | Full | Full | Full | Read |
Forms | Full | Full | Read | — |
Sending Servers | Full | Full | — | — |
Sending Domains | Full | Read | — | — |
Members & Roles | Full | — | — | — |
Audit Logs | Full | Read | — | — |
Every row is per-resource. Full = read + write. Read = read-only. — = no access.
Outbound is high-blast-radius. Access must match.
A misconfigured sending server or a stray campaign can burn domain reputation for months. RBAC is how serious teams prevent that.
Least privilege by default
New teammates inherit the minimum permissions needed to do their job — not full admin.
Infrastructure-safe delegation
Campaigns, lists, and templates stay editable. Sending servers, domains, and API keys stay locked.
Scoped API keys
API keys inherit role-like scopes, so a marketing service account cannot rotate provider credentials.
Governance questions teams ask before rollout.
Grow the team. Keep outbound safe.
Custom roles, scoped keys, audit logs, and workspace isolation — the controls you need to run serious volume with more than one person.