Roles and permissions (RBAC)
A reference for what a permission template is built from: data domains and their visibility scope, menu items, and allowed actions. The templates themselves are created and edited on the Templates page.
A permission template consists of three parts:
- Which data is visible — for each domain, a read scope is chosen (and, where applicable, a write scope).
- Menu items — which sections are visible in the side menu.
- Allowed actions — which buttons and operations are available.
Visibility scopes
For each data domain, you set exactly what the user sees and whose objects they can act on.
| Value | Sees / changes |
|---|---|
| No access | The section is closed, data isn't read (read-only) |
| Own | Only the records they launched themselves |
| Team | Everything their team launched |
| All | Data of all teams in the system |
Changes (the write scope) is set only for domains with their own objects: PWA, Push, Websites, Domains, Pixels, Offers, Networks, Sources, Campaigns, Britva, Scripts. The other domains are read-only statistics.
Data domains
| Domain | What's inside |
|---|---|
| Ads | Ads and their statistics |
| Tracker campaigns | Traffic distribution setup (TDS) |
| Creatives | Creatives and their statistics |
| FB accounts | Facebook accounts and their browser profiles |
| Ad accounts | Facebook ad accounts: status, currency, counters |
| Browsers | Antidetect profiles (Dolphin / Antidetect) |
| Geo | Analytics by country |
| Offers | Network offers and statistics |
| Networks | Affiliate networks and their finances |
| Traffic sources | Traffic sources: CAPI and postbacks |
| Pixels | Facebook CAPI pixels |
| Visitors | PWA landing visitors |
| Finances | The financial report (usually admin-only) |
| Wallets | USDT transactions |
| PWA | PWA apps and their push campaigns |
| Push | Push campaigns |
| Websites | Landing websites (white / pre / landing) |
| Domains | Purchased domains and their setup |
| Britva | Auto-pause rules and paused ads |
| Action log | The history of status changes and actions in the admin panel |
| Notifications | Sent notifications (Telegram) |
| Scripts | User background scripts |
| AI assistant | Whose AI chats and spend the user can see |
Menu items
Which sections are visible in the side menu. You can hide an item from the menu without changing data access, and vice versa. When trying to open a hidden section via a direct link, the user will see the No access page.
Available items: Dashboard, Ads, Ad campaigns, Tracker campaigns, Creatives, FB accounts, Ad accounts, Browser profiles, Geo, Offers, Networks, Visitors, Finances, Wallets, PWA, Push, Domains, Britva, Service credentials, AI spend, Background jobs, Teams, Users, Permission templates.
Allowed actions
Without a checkbox, the corresponding button in the interface either won't work or will be hidden — even if the section is visible.
| Action | What it allows |
|---|---|
| Manage teams | Buttons on the Teams page |
| Manage users | Create, edit, and ban users |
| Manage permission templates | Create and edit permission templates |
| Manage service credentials | View and change third-party service keys |
| Run background jobs | The Run button in the background jobs list |
| Manage own team | For a team lead: the users of their team |
| Pause / activate ads | Clicking an ad row |
| Toggle stats collection per account | The Parse toggle on an FB account |
| Manage auto-pause rules | Create and edit Britva rules |
| Activate auto-paused ads | Take ads off auto-pause |
| Manage PWA apps | Create, edit, archive PWAs |
| Publish PWA | The Publish button in the PWA editor |
| Upload PWA assets | Icons, screenshots, videos |
| PWA reviews | Editing reviews in the landing |
| Manage push campaigns | Create and edit broadcasts |
| Send push broadcast | The Send button in a push campaign |
| Push subscriber groups | Create groups for targeting |
| Buy domains | Domain registration via Namecheap |
| Domain setup (CF / DNS) | Cloudflare, NS, SSL |
| Traffic-distribution setup (TDS) | Distribution rules on a domain |
| Assign domain role | For PWA / postback / admin panel |
| Manage networks | Adding and editing networks |
| Manage offers | Adding and editing offers |
| Manage tracker campaigns | Traffic split, TDS rules |
| Manage websites (white/pre/landing) | Whitepage, prelanding, landing |
| Manage FB pixels | Adding and editing pixels |
| Write to action log | Recording status changes and actions |
| AI chat | Access to the built-in AI chat and agent |
| Own campaign patterns | A buyer self-manages their own campaign-name ownership rules |
Actions apply to all domains the user has access to. For example, Manage offers opens buttons only in the offers visible under the read scope.
Built-in templates
Several templates ship with the system by default (marked with the built-in badge). They can be edited but not deleted. You can delete only templates created manually, and only if no one is using them.