Skip to main content

🔐 Roles & Permissions

UniPulse uses a 5-tier role-based access control (RBAC) system to ensure every team member and client has exactly the right level of access. Roles are assigned per workspace, so a user can be an Owner on one workspace and a Viewer on another.

Role Hierarchy

RoleContentConversationsAnalyticsTeam ManagementBillingWorkspace Settings
OwnerFull accessFull accessFull accessInvite, remove, change rolesFull accessFull access (including deletion)
AdminCreate, edit, approve, deleteFull accessFull accessInvite, remove, change roles (except Owner)View onlyMost settings
EditorCreate, edit, scheduleReply to conversations, use AI suggestView reportsNo accessNo accessNo access
ViewerView only (read-only)View onlyView reportsNo accessNo accessNo access
ClientReview & approve contentView conversationsView Client ReportsNo accessNo accessNo access

Role Details

👑 Owner

The workspace creator. Every workspace has exactly one Owner who can:

  • Do everything an Admin can do
  • Access and manage billing and subscription
  • Delete the workspace entirely
  • Transfer ownership to another member

🛡️ Admin

A trusted team member with broad access:

  • Manage team members (invite, remove, change roles — but cannot remove or demote the Owner)
  • Approve content and manage publishing
  • Configure AI Auto-Reply and Escalation Rules
  • Access all analytics and reports
  • Manage workspace settings (brand voice, integrations, etc.)

✏️ Editor

The content creator role:

  • Create, edit, and schedule posts
  • Reply to conversations in the Unified Inbox
  • Use AI suggestion tools
  • View analytics dashboards
  • Cannot approve content for publishing (requires Admin+)
  • Cannot manage team or settings

👁️ Viewer

Read-only access for stakeholders:

  • View all content, conversations, and analytics
  • Cannot create, edit, or reply to anything
  • Useful for executives or external auditors who need visibility

🤝 Client

Designed specifically for agency clients:

  • Review and approve/reject scheduled content
  • View performance reports generated for them
  • Leave comments and feedback on content
  • View conversation history (read-only)
  • Cannot create or edit content
  • Cannot access settings, team management, or billing

Managing Members

Inviting Members

  1. Navigate to Settings > Team
  2. Click Invite Member
  3. Enter their email address and select a role
  4. Click Send Invitation

The invitee receives a WorkspaceInvitation email containing a unique token. The invitation includes:

FieldDescription
emailThe invited email address
roleThe role they will receive upon accepting
invitedByWho sent the invitation
expiresAtWhen the invitation expires
acceptedAtTimestamp when accepted (null while pending)

API: POST /workspaces/:id/members

Changing Roles

Owners and Admins can change any member's role from Settings > Team:

  • Click the member's current role badge
  • Select the new role from the dropdown
  • Confirm the change

API: PUT /workspaces/:id/members/:userId

Removing Members

Owners and Admins can remove members from Settings > Team:

  • Click the remove button next to the member
  • Confirm removal

API: DELETE /workspaces/:id/members/:userId

tip

When removing a member, their authored content and conversation replies remain in the workspace. Only their access is revoked.

Roles in the Escalation System

Roles integrate directly with Escalation Rules:

  • assignToRole — Escalation rules can route conversations to any role (e.g., assign all VIP complaints to Admins)
  • notifyRoles — Additional roles can be notified when an escalation fires (e.g., notify Owners on CRITICAL priority)
  • Only members with Editor role or above can respond to escalated conversations

API Endpoints

MethodEndpointPurpose
GET/workspaces/:id/membersList all members and their roles
POST/workspaces/:id/membersInvite a new member with a specified role
PUT/workspaces/:id/members/:userIdUpdate a member's role
DELETE/workspaces/:id/members/:userIdRemove a member from the workspace