Skip to main content

Roles and permissions (RBAC)

A reference for what a permission template is built from: data domains and their visibility scope, menu items, and allowed actions. The templates themselves are created and edited on the Templates page.

A permission template consists of three parts:

  1. Which data is visible — for each domain, a read scope is chosen (and, where applicable, a write scope).
  2. Menu items — which sections are visible in the side menu.
  3. Allowed actions — which buttons and operations are available.

Visibility scopes

For each data domain, you set exactly what the user sees and whose objects they can act on.

ValueSees / changes
No accessThe section is closed, data isn't read (read-only)
OwnOnly the records they launched themselves
TeamEverything their team launched
AllData of all teams in the system

Changes (the write scope) is set only for domains with their own objects: PWA, Push, Websites, Domains, Pixels, Offers, Networks, Sources, Campaigns, Britva, Scripts. The other domains are read-only statistics.

Data domains

DomainWhat's inside
AdsAds and their statistics
Tracker campaignsTraffic distribution setup (TDS)
CreativesCreatives and their statistics
FB accountsFacebook accounts and their browser profiles
Ad accountsFacebook ad accounts: status, currency, counters
BrowsersAntidetect profiles (Dolphin / Antidetect)
GeoAnalytics by country
OffersNetwork offers and statistics
NetworksAffiliate networks and their finances
Traffic sourcesTraffic sources: CAPI and postbacks
PixelsFacebook CAPI pixels
VisitorsPWA landing visitors
FinancesThe financial report (usually admin-only)
WalletsUSDT transactions
PWAPWA apps and their push campaigns
PushPush campaigns
WebsitesLanding websites (white / pre / landing)
DomainsPurchased domains and their setup
BritvaAuto-pause rules and paused ads
Action logThe history of status changes and actions in the admin panel
NotificationsSent notifications (Telegram)
ScriptsUser background scripts
AI assistantWhose AI chats and spend the user can see

Which sections are visible in the side menu. You can hide an item from the menu without changing data access, and vice versa. When trying to open a hidden section via a direct link, the user will see the No access page.

Available items: Dashboard, Ads, Ad campaigns, Tracker campaigns, Creatives, FB accounts, Ad accounts, Browser profiles, Geo, Offers, Networks, Visitors, Finances, Wallets, PWA, Push, Domains, Britva, Service credentials, AI spend, Background jobs, Teams, Users, Permission templates.

Allowed actions

Without a checkbox, the corresponding button in the interface either won't work or will be hidden — even if the section is visible.

ActionWhat it allows
Manage teamsButtons on the Teams page
Manage usersCreate, edit, and ban users
Manage permission templatesCreate and edit permission templates
Manage service credentialsView and change third-party service keys
Run background jobsThe Run button in the background jobs list
Manage own teamFor a team lead: the users of their team
Pause / activate adsClicking an ad row
Toggle stats collection per accountThe Parse toggle on an FB account
Manage auto-pause rulesCreate and edit Britva rules
Activate auto-paused adsTake ads off auto-pause
Manage PWA appsCreate, edit, archive PWAs
Publish PWAThe Publish button in the PWA editor
Upload PWA assetsIcons, screenshots, videos
PWA reviewsEditing reviews in the landing
Manage push campaignsCreate and edit broadcasts
Send push broadcastThe Send button in a push campaign
Push subscriber groupsCreate groups for targeting
Buy domainsDomain registration via Namecheap
Domain setup (CF / DNS)Cloudflare, NS, SSL
Traffic-distribution setup (TDS)Distribution rules on a domain
Assign domain roleFor PWA / postback / admin panel
Manage networksAdding and editing networks
Manage offersAdding and editing offers
Manage tracker campaignsTraffic split, TDS rules
Manage websites (white/pre/landing)Whitepage, prelanding, landing
Manage FB pixelsAdding and editing pixels
Write to action logRecording status changes and actions
AI chatAccess to the built-in AI chat and agent
Own campaign patternsA buyer self-manages their own campaign-name ownership rules
Tip

Actions apply to all domains the user has access to. For example, Manage offers opens buttons only in the offers visible under the read scope.

Built-in templates

Several templates ship with the system by default (marked with the built-in badge). They can be edited but not deleted. You can delete only templates created manually, and only if no one is using them.

What's next