This article covers the following:
Overview
Role-Based Access Control (RBAC) in VWO helps you understand who can access and manage different parts of the platform. By assigning roles with predefined permissions, you can ensure that users have the right level of access based on their responsibilities.
This document outlines the specific actions and permissions available to VWO users based on their assigned roles. These permissions determine what users can view, create, edit, or manage across key areas such as accounts, campaigns, data, segments, workspaces, and other functional areas.
Use this document to:
- Understand what each permission allows a user to do in VWO.
- Compare access levels across different functional areas.
- Make informed decisions when assigning or reviewing user roles.
This information is especially useful for account administrators and team leads who are responsible for managing user access, security, and operational boundaries within VWO.
Roles in VWO
To manage user permissions and ensure a secure workflow, VWO employs a comprehensive Role-Based Access Control (RBAC) system comprising the following roles:
-
Owner: Manages the account with full administrative authority, including the ability to delete an account, dismiss agency delink nudge, and record element whitelisting. A user with this role has all permissions.
Note: The Owner can raise a request to VWO Support to transfer the ownership. -
Admin: Manages user accounts, defines access permissions, and configures system-wide settings. This role has all permissions except the ability to delete an account, dismiss agency delink nudge, and record element whitelisting.
-
Publish: Finalizes content and publishes it to the target audience.
-
Design: Creates new content, makes edits, and modifies the visual presentation of a campaign.
- Browse: Views and navigates the content only, without the ability to make any modifications.
Permissions for these roles span across various VWO functionalities. This includes managing accounts, users, campaigns, segments, triggers, metrics, events, attributes, workspaces, and reports.
Manage Permissions
This section provides a detailed breakdown of the role-based permissions for key VWO functional areas, which are outlined in the following sections.
Campaigns
Permissions to manage campaigns in VWO outline who can create new campaigns, modify existing campaigns, and control a campaign's live state (Running, Paused, or End).
The following table outlines the specific roles and their corresponding permissions to manage campaigns:
| Action | Owner | Admin | Publish | Design | Browse |
| Create a campaign | ✅ |
✅ |
✅ |
✅ |
❌ |
| Read/Browse campaigns | ✅ |
✅ |
✅ |
✅ |
✅ |
| Modify a campaign (In draft state) | ✅ |
✅ |
✅ |
✅ |
❌ |
| Modify a campaign (In Running state) | ✅ |
✅ |
✅ |
❌ |
❌ |
| Clone a campaign (same account) | ✅ |
✅ |
✅ |
✅ |
❌ |
| Clone a campaign (cross-account) | ✅ |
✅ |
✅ |
❌ |
❌ |
| Archive a campaign (not started) | ✅ |
✅ |
✅ |
✅ |
❌ |
| Archive a campaign (running) | ✅ |
✅ |
✅ |
❌ |
❌ |
| Launch a campaign | ✅ |
✅ |
✅ |
❌ |
❌ |
| Pause a campaign | ✅ |
✅ |
✅ |
❌ |
|
| End a campaign | ✅ |
✅ |
✅ |
❌ |
❌ |
| Resume a campaign | ✅ |
✅ |
✅ |
❌ |
❌ |
| Delete a campaign (not started) | ✅ |
✅ |
✅ |
✅ |
❌ |
| Delete a campaign (running) | ✅ |
✅ |
✅ |
❌ |
❌ |
| Bulk update campaign status | ✅ |
✅ |
✅ |
❌ |
❌ |
Users
Permissions for actions related to managing user accounts in VWO, such as inviting new members or modifying their roles, are primarily restricted to the Owner and Admin roles for security reasons.
| Action | Owner | Admin | Publish | Design | Browse |
| View/List Users | ✅ |
✅ |
✅ |
✅ |
✅ |
| Create/Invite User | ✅ |
✅ |
❌ |
❌ |
❌ |
| Update any user | ✅ |
✅ |
❌ |
❌ |
❌ |
| Update own profile | ✅ |
✅ |
✅ |
✅ |
✅ |
| Delete user | ✅ |
✅ |
❌ |
❌ |
❌ |
| Modify user permissions | ✅ |
✅ |
❌ |
❌ |
❌ |
| Invite user to multiple accounts | ✅ |
✅ |
❌ |
❌ |
❌ |
| Remove user from account | ✅ |
✅ |
❌ |
❌ |
❌ |
Workspaces
Workspace management primarily revolves around the administration of sub-accounts, also known as workspaces, in VWO. These permissions are essential for controlling who can add, update, enable, or disable different workspaces within your account.
The following table outlines all the actions a user can take to manage a workspace based on their role.
| Action | Owner | Admin | Publish | Design | Browse |
| View workspace | ✅ |
✅ |
✅ |
✅ |
✅ |
| Add a new workspace | ✅ |
✅ |
❌ |
❌ |
❌ |
| Update workspace name | ✅ |
✅ |
❌ |
❌ |
❌ |
| Enable/Disable workspace | ✅ |
✅ |
❌ |
❌ |
❌ |
Accounts
Account management actions primarily relate to billing, security, and global application settings. The following table outlines all the actions a user can perform based on their assigned role to manage accounts and billing-related operations in VWO.
| Action | Owner | Admin | Publish | Design | Browse |
| View account details | ✅ |
✅ |
✅ |
✅ |
✅ |
| Delete/Cancel account | ✅ |
❌ |
❌ |
❌ |
❌ |
| View billing details | ✅ |
✅ |
✅ |
✅ |
✅ |
| Update billing info | ✅ |
✅ |
❌ |
❌ |
❌ |
|
Manage payment methods
|
✅ |
✅ |
❌ |
❌ |
❌ |
| View invoices | ✅ |
✅ |
✅ |
✅ |
✅ |
| Update account settings | ✅ |
✅ |
❌ |
❌ |
❌ |
| Enable/Disable 2FA for the account | ✅ |
✅ |
❌ |
❌ |
❌ |
| Manage IP restrictions | ✅ |
✅ |
❌ |
❌ |
❌ |
| Configure SAML/SSO | ✅ |
✅ |
❌ |
❌ |
❌ |
| Manage integrations | ✅ |
✅ |
❌ |
❌ |
❌ |
Events
The following table outlines the specific permissions for VWO users across different roles for managing events in VWO.
| Action | Owner | Admin | Publish | Design | Browse |
| Create an event | ✅ |
✅ |
✅ |
✅ |
❌ |
| Read/Browse events | ✅ |
✅ |
✅ |
✅ |
✅ |
| Edit/Update an event | ✅ |
✅ |
✅ |
❌ |
❌ |
| Archive an event | ✅ |
✅ |
✅ |
❌ |
❌ |
| Unarchive an event | ✅ |
✅ |
✅ |
❌ |
❌ |
| Update event visibility | ✅ |
✅ |
✅ |
❌ |
❌ |
Metrics
Metrics define the Key Performance Indicators (KPIs) used for measuring specific goals. Changing or deleting a metric is restricted based on the user’s role to ensure accurate reporting over time.
The following table outlines the specific permissions for VWO users across different roles for managing metrics in VWO.
| Action | Owner | Admin | Publish | Design | Browse |
| Create a metric | ✅ |
✅ |
✅ |
✅ |
❌ |
| Read/Browse metrics | ✅ |
✅ |
✅ |
✅ |
✅ |
| Update a metric | ✅ |
✅ |
✅ |
❌ |
❌ |
| Clone a metric | ✅ |
✅ |
✅ |
❌ |
❌ |
| Delete a metric | ✅ |
✅ |
✅ |
❌ |
❌ |
| Archive a metric | ✅ |
✅ |
✅ |
❌ |
❌ |
Attributes
Attributes are user-level properties used for segmentation and personalization across the platform. Since they directly affect how data is classified and how audiences are targeted in campaigns, any changes to these attributes require restricted access.
The following table provides a detailed breakdown of the role-based restrictions to manage attributes:
| Action | Owner | Admin | Publish | Design | Browse |
| Create an attribute | ✅ |
✅ |
✅ |
✅ |
❌ |
| Read/Browse attributes | ✅ |
✅ |
✅ |
✅ |
✅ |
| Edit/Update an attribute | ✅ |
✅ |
❌ |
❌ |
❌ |
| Delete an attribute | ✅ |
✅ |
❌ |
❌ |
❌ |
| Archive an attribute | ✅ |
✅ |
❌ |
❌ |
❌ |
| Unarchive an attribute | ✅ |
✅ |
❌ |
❌ |
❌ |
| Update attribute visibility | ✅ |
✅ |
❌ |
❌ |
❌ |
| Toggle identity stitching | ✅ |
✅ |
❌ |
❌ |
❌ |
Triggers
Triggers define the conditions that initiate specific actions. Access to create or modify these conditions is typically granted to roles responsible for defining campaign logic.
The following table outlines the specific permissions for managing triggers across different user roles.
| Action | Owner | Admin | Publish | Design | Browse |
| View/Browse triggers | ✅ |
✅ |
✅ |
✅ |
✅ |
| Create trigger | ✅ |
✅ |
✅ |
✅ |
❌ |
| Edit/Update trigger | ✅ |
✅ |
✅ |
✅ |
❌ |
| Delete trigger | ✅ |
✅ |
✅ |
✅ |
❌ |
| Clone trigger | ✅ |
✅ |
✅ |
❌ |
❌ |
| Get trigger DSL | ✅ |
✅ |
✅ |
✅ |
✅ |
Segments
Segments are groups of users defined by specific criteria, such as demographics, behavior, or technology. They are crucial for targeted experimentation, personalization, and detailed analysis.
Given their critical role, restricted control over segment creation, modification, and deletion is vital. The following table outlines all the actions a user can take to manage segments based on their role.
| Action | Owner | Admin | Publish | Design | Browse |
| View/Browse segments | ✅ |
✅ |
✅ |
✅ |
✅ |
| Create segment | ✅ |
✅ |
✅ |
✅ |
❌ |
| Edit/Update segment | ✅ |
✅ |
✅ |
✅ |
❌ |
| Delete segment | ✅ |
✅ |
✅ |
✅ |
❌ |
| Bulk delete segments | ✅ |
✅ |
✅ |
✅ |
❌ |
| Clone segment | ✅ |
✅ |
✅ |
❌ |
❌ |
Reports
All reports in VWO are Read-only for all roles. Users with access to reports can view and browse report data, but cannot modify report content or configuration.
Need more help?
For more information or further assistance, contact VWO Support.