Team & permissions
Go to Settings → Team to manage who has access to your workspace and what they can do.
Inviting members
Click Invite to add a team member by email. They’ll receive an invitation to join the workspace via Clerk (your auth provider). Once accepted, they appear in the member list.
Each member has:
- Name and email — from their Clerk account
- Role — determines what they can access
- Status — active, pending (invite sent), or deactivated
Roles
Active Reach has two types of roles:
System roles (built-in)
| Role | Permissions |
|---|---|
| Owner | Full access to everything, including billing and danger zone |
| Admin | Everything except billing and workspace deletion |
| Member | Create campaigns, segments, journeys. Cannot manage team or settings. |
| Viewer | Read-only access to analytics and campaign results |
Custom roles
Create roles with granular permissions at Settings → Team → Roles.
Permission categories:
- Campaigns — create, edit, send, approve, delete
- Journeys — create, edit, publish, pause
- Contacts — read, create, edit, delete, export
- Segments — create, edit, delete
- Analytics — read, export
- Settings — view, edit, manage channels, manage billing
- Team — invite, remove, assign roles
- Ads — create campaigns, manage budgets, approve spend
Location-scoped permissions
For chains with multiple outlets, every role binding can be narrowed to a subset of locations. A teammate can have the Manager role across all outlets, or the same role limited to just two stores.
The resolver UNIONs each user’s org-level bindings with their location-level bindings, so a user with org-tier read + location-tier write on loc_juhu can view brand-wide data and edit only the Juhu outlet’s records.
- Org binding — applies to the whole brand (legacy default for existing teams)
- Location binding — applies to a single location or a location group
- Location group — bundle several outlets (e.g. “West Region”) and bind a role once
Add and edit bindings from Settings → Team → Roles → [role] → Scope. Bindings are evaluated on every authenticated request — no cache lag when you grant or revoke.
Activity log
The team page shows a recent activity feed — who logged in, who created a campaign, who changed settings. For the full audit trail, see Audit log.
What’s next
- Campaign approvals — require role-based sign-off
- Multi-workspace — locations, portfolio, and agency access