Skip to main content

People, Roles, and Permissions

Managing people, roles, and permissions in Meta Business Manager is crucial for secure collaboration, efficient workflows, and protecting your assets. This section explains the different types of users, how to add and assign access, and best practices to maintain control. By using granular permissions, you can delegate tasks without risking ownership or exposing sensitive data. Whether you're a small business adding team members or an agency partnering with clients, these features help scale operations while minimizing security risks. Note that only users with full control (admins) can manage these settings, and changes take effect immediately.

Users, partners, and system users

In Meta Business Manager, access is granted through different user types, each designed for specific collaboration needs. These distinctions help separate internal teams, external partners, and automated systems while ensuring secure, role-based access to business portfolios and assets.

  • Users (People): These are individual team members or employees added to your business portfolio via their email address. They are typically internal staff, such as marketers, analysts, or content creators, who need access to manage or view assets like Pages, ad accounts, or Pixels. Users can have full control or partial access, allowing them to perform tasks without owning the assets. They must have a personal Facebook account linked for verification, but their personal and business activities remain separate.
  • Partners: Partners refer to external organizations, such as agencies, vendors, or clients, that you collaborate with by sharing access to specific assets. Unlike individual users, partners are added using their Business Manager ID, enabling business-to-business sharing. This allows partial access to assets without transferring ownership, making it ideal for outsourced tasks like ad management. Partners can then assign their own team members to work on the shared assets.
  • System Users: These are non-human entities, like servers, software applications, or APIs, that interact with your assets programmatically. System users are used for automated processes, such as integrating third-party tools or running scripts via the Meta Conversions API. They don't require a personal Facebook account and are granted access tokens for secure, limited operations. This is common for developers or IT teams handling backend integrations.

Understanding these types ensures you add the right entity for the job—people for hands-on work, partners for B2B collaboration, and system users for automation—reducing risks like unauthorized access.

Adding people

Adding people to your Meta Business Manager is a straightforward process that allows you to bring in employees or team members securely. This keeps ownership with the business portfolio while granting specific access. Only admins (users with full control) can add people, and each added person must confirm via email.

Prerequisites:

  • You need full control of the business portfolio.
  • The person must have a Facebook account (they'll be prompted to create one if needed).
  • Have their work email ready—avoid personal emails for professionalism.

Step-by-Step Guide:

  1. Log in to Meta Business Suite or Business Manager at business.facebook.com.
  2. Go to Business Settings (gear icon or left menu).
  3. Under the Users tab, click People > Add.
  4. Enter the person's email address (you can add multiple at once, separated by commas).
  5. Select their role: Choose "Employee access" for limited tasks or "Admin access" for full control (more on roles in 4.3).
  6. Optionally, show advanced options to assign finance roles like Finance Analyst or Editor.
  7. Assign assets immediately: Select asset types (e.g., Pages, ad accounts), choose specific assets, and set permissions (e.g., manage ads, view insights).
  8. Click Invite or Send Invite. The person receives an email to accept and log in.

After adding, they appear in the People list, where you can edit access later. For partners, use the Partners tab instead, entering their Business ID. If adding system users, go to System Users > Add New System User and generate an access token. This process typically takes minutes, but confirmation may take longer if the invitee is new to Meta.

Assigning Roles

admin, employee, custom roles

Roles in Meta Business Manager define the level of access a user has to the business portfolio and its assets. Assigning the right role ensures users can perform their duties without unnecessary privileges, enhancing security. Roles are set during addition or edited later, and they can be combined with asset-specific permissions.

Key Roles:

  • Admin (Full Control): Highest level; can manage everything, including adding/removing people, claiming assets, editing settings, viewing all data, and deleting the portfolio. Ideal for owners or top managers. Includes options for finance access (e.g., manage payments).
  • Employee (Partial Access - Basic): Default for most users; allows working on assigned assets only, such as creating content or viewing reports. They can't change settings or add others. Suitable for team members like content editors.
  • Custom/Advanced Roles:
    • Apps and Integrations (Developer): For setting up APIs, monitoring events, or creating tokens—great for IT or devs.
    • Finance Analyst: View-only for financial info (invoices, spend).
    • Finance Editor: Edit payment methods plus view finances.
    • Temporary Access: Basic access for 3-75 days, auto-expires—useful for contractors.

To Assign or Edit Roles:

  1. In Business Settings > People, select the user.
  2. Click Manage next to Business Portfolio Access.
  3. Toggle roles (e.g., full control on/off) and advanced options.
  4. Save changes—the user is notified if access changes.

Roles override other permissions, so start broad and refine with asset-level access (see 4.4). For partners, roles are assigned at the organization level, limiting what their users can do.

Granting asset-level Permissions

pages, ad accounts, pixels, etc.

Asset-level permissions allow fine-tuned control over specific resources like Facebook Pages, Instagram accounts, ad accounts, Pixels, or catalogs. This is separate from portfolio roles and ensures users only access what they need for their tasks.

Prerequisites:

  • Assets must be added or claimed in the portfolio.
  • You need full control to assign.
  • Limit to necessary permissions to reduce risks.

Step-by-Step Guide:

  1. In Meta Business Suite > Business Settings > People.
  2. Click the person's name > Assign Assets (top right).
  3. Select the asset type (e.g., Ad Accounts) and specific asset.
  4. Choose permissions: For example:
    • Pages: Create content, manage messages, view insights.
    • Ad Accounts: Manage ads, analyze performance, edit billing.
    • Pixels: View events, set up tracking. Full control allows all actions, including deletion; partial allows specific tasks.
  5. Click Assign Assets.

Alternatively, from Accounts > Select asset type > Choose asset > Assigned People > Add or edit. For shared assets with partners, permissions are limited to what the partner grants. Use switches to toggle tasks on/off. This granular approach prevents over-access, e.g., letting an analyst view ad data without editing campaigns.

Removing people and access

Removing people or revoking access is essential for security, especially during employee turnover. Meta doesn't auto-remove inactive users, so admins must handle it manually to prevent unauthorized access.

Step-by-Step Guide:

  1. Go to Business Settings > Users > People.
  2. Select the person > Click Remove (or Manage > Remove for specific assets).
  3. Confirm removal—choose to revoke from all assets or specific ones.
  4. For portfolio-level: In People > Select name > Remove from business portfolio.
  5. For assets: From the asset's page > Assigned People > Select > Remove Access.

Tips for Safety:

  • Revoke immediately upon departure to avoid data breaches.
  • Check all assigned assets to ensure complete removal.
  • For partners: Go to Partners > Select > Remove shared access.
  • For system users: Deactivate tokens in System Users.
  • No data is lost; ownership stays with the portfolio.
  • Notify the user if needed, but removal is instant and irreversible without re-adding.

This process maintains audit trails in activity logs for compliance.

Best practices for access governance

Effective access governance in Meta Business Manager minimizes risks, ensures compliance, and streamlines collaboration. Follow these guidelines to maintain a secure and efficient setup.

  • Principle of Least Privilege: Assign only necessary roles and permissions—e.g., employee access for most, full control for few. Regularly review and audit via People or asset lists.
  • Use Temporary Access: For short-term collaborators, set expiration to auto-revoke.
  • Separate Roles by Function: Admins for oversight; developers for integrations; finance roles for billing—avoid all-in-one access.
  • Enable Security Features: Require two-factor authentication in Security Center; use domain verification.
  • Document and Train: Keep a record of who has what access; train teams on using Business Manager to avoid errors.
  • Handle Partners Carefully: Share only required assets; monitor their activity.
  • Regular Reviews: Quarterly check for inactive users or outdated permissions; remove ex-employees promptly.
  • Backup Admins: Ensure at least two full-control admins to avoid lockouts.
  • Compliance Check: Align with data privacy laws; use activity logs for audits.

By adhering to these, you reduce breach risks, simplify management, and support growth without compromising control. If issues arise, consult Meta's Help Center for troubleshooting.