Access control shapes how teams collaborate effectively. When everyone has appropriate permissions for their responsibilities, campaigns run smoothly and sensitive data stays protected.
Linkbreakers implements role-based access control that balances collaboration with security. Each team member receives permissions aligned with their job function, preventing accidental changes while enabling productive teamwork.
Understanding these roles helps you assign appropriate access levels and maintain proper governance over your marketing campaigns.
Role-based access control overview
Role-based access control (RBAC) assigns specific permissions to predefined roles rather than individual users. This approach simplifies team management while ensuring consistent security policies across your workspace.
When you invite team members, you assign them roles that determine what features they can access and what actions they can perform. These permissions apply to all workspace resources including campaigns, analytics, settings, and team management.
The system protects critical functions like billing management and workspace configuration while enabling broad collaboration on campaign creation and optimization.
Three-tier permission system
Linkbreakers uses three primary roles that cover most organizational needs:
| Capability | Admin | Viewer | Tech |
|---|---|---|---|
| Campaign Management | |||
| Create/Edit QR Codes | ✓ | ✗ | ✓ |
| Delete Campaigns | ✓ | ✗ | ✓ |
| Build Workflows | ✓ | ✗ | ✓ |
| Custom Domains | ✓ | ✗ | ✓ |
| QR Code Templates | ✓ | ✗ | ✓ |
| Analytics & Reporting | |||
| View All Analytics | ✓ | ✓ | ✓ |
| Real-time Dashboards | ✓ | ✓ | ✓ |
| Lead Scoring Insights | ✓ | ✓ | ✓ |
| Export Data | ✓ | ✗ | ✓ |
| Team Management | |||
| Invite Team Members | ✓ | ✗ | ✗ |
| Change Member Roles | ✓ | ✗ | ✗ |
| Remove Team Members | ✓ | ✗ | ✗ |
| Force Sign-out | ✓ | ✗ | ✗ |
| Billing & Subscription | |||
| View Billing Info | ✓ | ✗ | ✗ |
| Change Subscription | ✓ | ✗ | ✗ |
| Manage Payment Methods | ✓ | ✗ | ✗ |
| Download Invoices | ✓ | ✗ | ✗ |
| Technical Integration | |||
| API Access | Standard | None | Enhanced |
| Webhook Configuration | ✓ | ✗ | ✓ |
| Advanced API Features | ✗ | ✗ | ✓ |
| System Monitoring | ✗ | ✗ | ✓ |
| DNS Management | ✗ | ✗ | ✓ |
This simplified structure reduces confusion while providing granular control over workspace resources.
Admin role capabilities
Admin roles provide comprehensive workspace access with full control over all features and settings. Team members with admin permissions can modify any campaign, invite new members, and manage billing configurations.
Campaign and content management
Admins create, modify, and delete QR codes, links, and workflows without restrictions. They can access all campaigns regardless of who created them originally.
This broad access enables admins to:
- Create and configure QR codes with custom designs
- Build and modify visitor workflows
- Set up custom domains and branded links
- Configure webhook integrations and API tokens
- Manage QR code templates and design presets
Campaign modifications made by admins affect live campaigns immediately. This power requires careful consideration when making changes to active marketing initiatives.
Team administration
Workspace team management falls under admin responsibilities. Only admins can invite new members, modify existing member roles, and remove people from the workspace.
Admin team management capabilities include:
- Sending member invitations with role assignments
- Changing existing member roles (including promoting/demoting other admins)
- Removing team members and revoking access
- Managing pending invitations and resending expired ones
- Forcing sign-out for security purposes
These permissions ensure admins maintain control over workspace access while enabling team growth and role adjustments as organizations evolve.
Billing and subscription management
Financial controls remain exclusively with admin roles. Admins handle subscription changes, payment method updates, and usage monitoring for the workspace.
Billing responsibilities encompass:
- Upgrading or downgrading subscription plans
- Managing payment methods and billing addresses
- Monitoring usage limits and overage charges
- Downloading invoices and payment history
- Configuring billing notifications and alerts
This financial control prevents unauthorized subscription changes while ensuring admins can optimize costs and plan capacity appropriately.
Analytics and reporting access
Admins access all analytics data without restrictions. They can view campaign performance, visitor behavior, conversion metrics, and detailed event tracking for every campaign in the workspace.
Advanced analytics features available to admins include:
- Real-time campaign performance dashboards
- Geographic visitor distribution analysis
- Device and browser usage patterns
- Lead scoring insights and visitor profiling
- Custom event tracking and conversion funnel analysis
This comprehensive analytics access enables admins to make data-driven decisions about campaign optimization and resource allocation.
Viewer role permissions
Viewer roles provide read-only access to workspace campaigns and analytics without the ability to modify configurations or create new content. This role suits stakeholders, clients, or team members who need visibility without operational responsibilities.
Dashboard and analytics access
Viewers can access all dashboard sections including campaign lists, analytics reports, and visitor tracking data. They see the same information as admins but cannot make changes to configurations.
Viewer dashboard access includes:
- Campaign performance metrics and analytics
- Visitor behavior and demographic data
- QR code scan tracking and geographic distribution
- Link click analysis and conversion rates
- Real-time activity monitoring and alerts
This visibility enables viewers to stay informed about campaign performance and contribute to optimization discussions without risking accidental modifications.
Limited interaction capabilities
While viewers cannot create or modify campaigns, they can interact with certain features in read-only modes. They can view workflow configurations, examine QR code designs, and review campaign settings.
Viewers cannot:
- Create new QR codes or shortened links
- Modify existing campaigns or workflows
- Change workspace settings or configurations
- Invite new team members or modify roles
- Access billing information or subscription details
- Create or modify webhook integrations
These restrictions protect campaign integrity while enabling meaningful participation in campaign analysis and planning.
Team collaboration benefits
Viewer access facilitates transparent collaboration between operational teams and stakeholders. Executives can monitor campaign performance, clients can review agency work, and cross-functional partners can stay informed about marketing initiatives.
This transparency builds trust and enables better decision-making without the risk of accidental changes to live campaigns.
Tech role specifications
Tech roles provide comprehensive system access designed for advanced integrations and technical implementations. This role typically serves developers, system administrators, and technical consultants working with Linkbreakers APIs and integrations.
Advanced API access
Tech roles unlock enhanced API capabilities including bulk operations, advanced automation, and integration development features. These permissions enable sophisticated technical implementations.
Technical capabilities include:
- Full API access with elevated rate limits
- Webhook configuration and debugging tools
- Advanced analytics export and data integration
- Custom domain configuration and DNS management
- System monitoring and performance metrics
System-level operations
Tech roles can perform system-level operations that affect workspace infrastructure and technical configurations. These capabilities support enterprise deployments and complex integration scenarios.
System operations encompass:
- Advanced security configuration and audit logging
- Integration debugging and troubleshooting tools
- Performance optimization and capacity planning
- Custom authentication and access control setup
- Advanced workflow automation and scripting
Tech role access requires careful assignment as these permissions can affect workspace stability and security posture.
Role assignment best practices
Principle of least privilege
Assign the minimum role necessary for each team member to perform their responsibilities effectively. This approach reduces security risks while maintaining operational efficiency.
Start with viewer access for new team members and upgrade roles as responsibilities expand. This progression helps people learn the platform before gaining modification permissions.
Regular access reviews
Periodically review team member roles to ensure they align with current responsibilities. Remove access for departed team members and adjust roles for people whose duties have changed.
Schedule quarterly access reviews where you examine:
- Active team members and their current roles
- Recent role changes and their business justification
- Departed team members requiring access removal
- Upcoming organizational changes affecting access needs
Documentation and training
Document role assignments and the reasoning behind permission decisions. This documentation helps maintain consistency and provides context for future access decisions.
Train team members on their role capabilities and limitations. Clear understanding prevents frustration and reduces requests for unnecessary permission changes.
Managing role transitions
Promoting team members
When promoting someone to admin status, ensure they understand the additional responsibilities and potential impact of their expanded permissions. Consider gradual transitions where appropriate.
Promotion considerations include:
- Business justification for expanded access
- Training on new capabilities and responsibilities
- Understanding of billing and team management implications
- Awareness of security responsibilities and best practices
Demoting or restricting access
Role reductions require careful planning to minimize operational disruption. Communicate changes clearly and ensure alternative arrangements for affected responsibilities.
Before demoting roles, consider:
- Active campaigns or projects requiring continued access
- Knowledge transfer needs for specialized responsibilities
- Communication with affected team members about changes
- Transition planning for ongoing work assignments
Emergency access procedures
Establish procedures for emergency role changes when immediate access modification becomes necessary. These situations might include security incidents, staff departures, or critical operational needs.
Emergency procedures should include:
- Clear escalation paths for urgent access changes
- Documentation requirements for emergency modifications
- Review processes for emergency decisions
- Communication protocols for affected team members
Frequently Asked Questions
Can I have multiple admins in one workspace?
Yes, workspaces can have multiple admin users. All admins have identical permissions and can manage each other's access levels. Consider carefully before assigning multiple admin roles.
What happens if the only admin leaves the organization?
Contact Linkbreakers support immediately if you lose access to all admin accounts. Support can help restore admin access with proper verification procedures, but this process takes time and verification.
Can viewers see billing information?
No, billing information remains exclusively accessible to admin roles. Viewers cannot see subscription details, payment methods, or usage charges.
Do role changes take effect immediately?
Yes, role modifications apply instantly. Team members gain or lose access to features immediately when their roles change.
Can team members belong to multiple workspaces?
Yes, users can join multiple workspaces with different roles in each. Their permissions in one workspace don't affect their access in others.
What's the difference between Admin and Tech roles?
Admin roles focus on business operations including team management and billing, while Tech roles emphasize technical capabilities like advanced API access and system configuration.
Can I create custom roles beyond the standard three?
Currently, Linkbreakers provides the three standard roles (Admin, Viewer, Tech) without custom role creation capabilities. These roles cover most organizational needs effectively.
How do I know what role to assign someone?
Consider their job responsibilities and required access level. Use viewer access as the default and upgrade to admin only when team management or billing access is necessary.
Effective role assignment protects your workspace while enabling productive collaboration. Take time to understand each role's capabilities and assign permissions thoughtfully based on actual business needs rather than convenience.
Regular role reviews ensure your access control remains aligned with organizational changes and security requirements. When in doubt, start with more restrictive access and expand permissions as needs become clear.
About the Author
Laurent Schaffner
Founder & Engineer at Linkbreakers
Passionate about building tools that help businesses track and optimize their digital marketing efforts. Laurent founded Linkbreakers to make QR code analytics accessible and actionable for companies of all sizes.
Related Articles
How to create contact cards (vCard) in Linkbreakers
Step-by-step guide to creating customized contact card pages and direct VCF download links for seamless contact sharing
How to create branded links in Linkbreakers
Learn how to set up custom domains and create branded short links that reinforce your brand identity while maintaining professional appearance across all marketing channels.
How to invite team members to Linkbreakers
Step-by-step guide to inviting team members to your Linkbreakers workspace, managing invitations, and ensuring proper collaboration setup for your marketing campaigns.
On this page
Need more help?
Can't find what you're looking for? Get in touch with our support team.
Contact Support