Team Roles
Affilync uses role-based access control (RBAC) to manage what each team member can see and do.
Role Hierarchy
Roles are ranked from most to least privileged:
- Owner -- full account control, including billing and ownership transfer.
- Admin -- everything except billing and ownership transfer.
- Manager -- can create/edit campaigns, manage affiliates and call flows, view analytics.
- Analyst -- view-only access to campaigns, affiliates, and analytics; can export data.
- Viewer -- read-only access to campaigns, affiliates, and analytics.
A user can only assign roles at or below their own level. For example, an Admin cannot create another Owner.
Permissions Matrix
| Permission | Owner | Admin | Manager | Analyst | Viewer |
|---|---|---|---|---|---|
| View dashboard | Yes | Yes | Yes | Yes | Yes |
| View campaigns | Yes | Yes | Yes | Yes | Yes |
| Create/edit campaigns | Yes | Yes | Yes | No | No |
| Delete campaigns | Yes | Yes | No | No | No |
| View affiliates | Yes | Yes | Yes | Yes | Yes |
| Manage affiliates | Yes | Yes | Yes | No | No |
| Approve/reject affiliates | Yes | Yes | Yes | No | No |
| Block/unblock affiliates | Yes | Yes | No | No | No |
| View analytics | Yes | Yes | Yes | Yes | Yes |
| Export analytics data | Yes | Yes | Yes | Yes | No |
| View call flows | Yes | Yes | Yes | Yes | Yes |
| Manage call flows | Yes | Yes | Yes | No | No |
| View call recordings | Yes | Yes | Yes | Yes | Yes |
| View financial data | Yes | Yes | Yes | Yes | No |
| View payouts | Yes | Yes | Yes | No | No |
| Process payouts | Yes | Yes | No | No | No |
| Send affiliate messages | Yes | Yes | Yes | No | No* |
| Create/revoke API keys | Yes | Yes | No | No | No |
| Manage integrations | Yes | Yes | No | No | No |
| View brand settings | Yes | Yes | Yes | No | No |
| Edit brand settings | Yes | Yes | No | No | No |
| View team members | Yes | Yes | Yes | Yes | Yes |
| Invite team members | Yes | Yes | No | No | No |
| Change member roles | Yes | Yes | No | No | No |
| Remove team members | Yes | Yes | No | No | No |
| View audit log | Yes | Yes | No | No | No |
| Manage subscription/billing | Yes | No | No | No | No |
| Transfer ownership | Yes | No | No | No | No |
| Delete account | Yes | No | No | No | No |
*Analysts and Viewers can message affiliates if explicitly granted the can_message_affiliates permission.
Custom Roles
All subscription tiers support custom roles. Custom roles allow you to define granular permissions tailored to your team's needs while maintaining the built-in role structure.
To create a custom role:
- Go to Settings > Team.
- Click Custom Roles.
- Click New Role.
- Name the role, set its permission level, and toggle individual permissions on or off.
- Save and assign to team members.
Custom roles appear alongside the built-in roles in the role selector. You cannot modify the five built-in roles (Owner, Admin, Manager, Analyst, Viewer), but custom roles can be edited or deleted at any time.
Role Assignment
Assign at Invite
When inviting a new team member, select the role in the invitation form. The invitee receives the role upon accepting.
Change an Existing Role
- Go to Settings > Team.
- Click the three-dot menu next to the member.
- Select Change Role.
- Choose the new role and confirm.
Role changes take effect immediately. The member sees updated navigation and permissions on their next page load.
Best Practices
- Principle of least privilege: assign the minimum role needed for each person's job.
- Limit Owner and Admin count: only people who need billing or team management access.
- Use Manager for day-to-day operations: they can manage campaigns, affiliates, and call flows without access to billing or security settings.
- Use Analyst for reporting: investors, partners, or executives who need data visibility but should not modify anything (except they cannot export unless explicitly allowed).
- Use Viewer for limited access: stakeholders who need to see dashboards and reports but should not modify campaigns or affiliates.
- Review roles quarterly: as responsibilities change, update roles accordingly.
Audit Trail
All role changes are logged in Settings > Audit Log with:
- Who made the change.
- What the previous and new roles were.
- Timestamp and IP address.