A complete reference for what UniLink's Owner, Admin, Editor, Viewer, and Billing roles can and cannot do across every part of the platform.
- UniLink has five roles: Owner, Admin, Editor, Viewer, and Billing — each with a distinct permission scope.
- Permissions cover pages, settings, integrations, billing, team management, analytics, and publishing.
- Only Owners and Admins can manage team members; only Owners can transfer account ownership.
When you bring collaborators into your UniLink account, understanding exactly what each role can and cannot do prevents both accidental changes and frustrating access gaps. A well-designed permissions structure is the difference between a team that moves fast confidently and one that constantly asks "wait, can I change that?" This article is the complete reference for UniLink's permission model — bookmark it and share it with your team during onboarding.
What Permissions Overview Does
UniLink's permission system is role-based access control (RBAC). Every team member is assigned a single role per account (or per sub-account on the Agency plan), and that role determines which actions they can take and which sections of the Dashboard they can see. Permissions are enforced both in the UI — locked controls appear greyed out or hidden — and at the API level, so they cannot be bypassed by calling endpoints directly.
The five roles form a hierarchy: Owner has the most access and is the only role that cannot be duplicated, while Viewer has the least. In between, Admin, Editor, and Billing are additive in different directions — Admin expands operational and settings access, Billing is a narrow role focused exclusively on payment and invoice management, and Editor sits in the middle focused on content creation without touching configuration. This design reflects how real teams are structured: people who build pages, people who approve strategy, people who handle money, and people who just need to observe.
Permissions matter beyond day-to-day usability. They define your security posture. A compromised Editor credential can publish or unpublish pages but cannot change your payment method or modify integrations. A compromised Billing credential can update a credit card but cannot touch any page content. Understanding the blast radius of each role helps you make informed decisions when onboarding new members or auditing existing ones.
How to Get Started
- Open the Team panel. Log in at
app.unilink.us, go to the sidebar, and click Team. This panel shows all current members with their assigned roles and invitation status. Team features require the Pro plan or higher. - Review your current team list. Check who has what role. Look specifically for any member assigned Admin who only performs editorial work — they may be over-provisioned. This audit takes two minutes and is worth doing before adding new members.
- Cross-reference roles against this article. Use the permissions tables below to understand exactly what each current member can do. If someone's role does not match their actual responsibilities, change it now before adding more people.
- Invite new members with the appropriate role. Click Invite Member, enter their email, and select the role that matches their job function. Use the role descriptions in this article as the reference, not the brief label in the invite dialog.
- Communicate the access scope to new members. When a team member accepts their invitation, tell them explicitly what they can and cannot do. Discovering access limitations mid-task is frustrating — a two-minute briefing during onboarding prevents it.
How to Use Permissions
- Use the Owner role for account security decisions. The Owner is the root account — they can transfer ownership, close the account, and override any setting. Protect Owner credentials carefully: use a strong password, enable two-factor authentication, and never share the login.
- Assign Admin to trusted operations leads. Admins can do everything except transfer ownership and close the account. Use this role for a senior team member or agency account manager who needs full operational control but should not have the ability to permanently end the account.
- Use Editor for anyone creating or updating page content. Editors can add and edit blocks, create and update pages, manage products, and publish or unpublish. They cannot change account settings, manage integrations, or invite new team members.
- Assign Viewer to stakeholders who need visibility without control. Viewers can browse all published and draft pages, view analytics dashboards, and see the team list — but every action button is locked. Use this for clients who want to observe progress or executives who review performance.
- Reserve Billing for financial contacts only. The Billing role can view and update payment methods, download invoices, and see billing history. They cannot see any page content, settings, or analytics. This is the tightest non-Viewer role — ideal for an accountant or finance team contact.
Key Settings
| Setting | What It Does | Recommended |
|---|---|---|
| Role assignment | Determines what the team member can see and do across the entire account | Assign the lowest role that covers the person's actual responsibilities |
| Per-account scoping (Agency) | Allows the same person to have different roles on different client sub-accounts | Use for agency contractors who work across multiple clients with different trust levels |
| Role change | Updates permissions for an existing member without re-invitation | Change roles immediately when a member's responsibilities change — do not wait |
| Access revocation | Removes all access for a team member immediately | Revoke the moment a working relationship ends — do not leave dormant accounts active |
| Two-factor authentication | Adds a second verification step at login to protect the account | Require 2FA for all Owner and Admin accounts at minimum |
Get the Most Out Of Permissions
The most effective way to use UniLink's permission system is to treat it as a living document rather than a one-time setup. Teams evolve — contractors finish projects, employees change roles, clients graduate from active to maintenance mode. A permission structure that was correct three months ago may be dangerously over-provisioned today. Schedule a quarterly review of your Team list as a recurring calendar event. During that review, ask: does this person still need this role? Are there members with Admin access who now only perform editorial tasks?
For agencies, the combination of the Agency plan's per-account scoping and clear role assignments creates an audit trail that protects both the agency and the client. When a client asks "who can change my page?" you can answer precisely: here are the two Editors and one Admin on your account, with their names and email addresses. This transparency builds trust and is often a differentiator when pitching enterprise clients who have internal IT security requirements.
One underused combination is granting a client the Viewer role on their own account while your agency team holds Editor and Admin roles. The client can see everything happening in real time — analytics, page updates, new blocks — without being able to accidentally publish something incomplete or change a setting that breaks an integration. It is a collaboration model that keeps the client informed and in control of their visibility without giving them the keys to break something.
When in doubt about which role to assign, always go lower. It takes less than thirty seconds to upgrade a member's role if they report a capability gap. It can take much longer to repair damage caused by an over-provisioned member who had more access than they needed. The friction of asking "can you upgrade my role so I can do X" is a feature, not a bug — it surfaces exactly what access people actually need rather than what they thought they might need.
Troubleshooting
| Problem | Cause | Fix |
|---|---|---|
| Member reports they cannot access analytics | They may have the Billing role, which does not include analytics visibility | Change their role to Viewer or higher in Dashboard → Team |
| Editor cannot publish a page | The page may be locked by the Owner or Admin using a page-level lock (Agency feature) | Check the page settings for a publish lock; only Admin or Owner can unlock it |
| Cannot see certain team members in the Team list | You may have a role (Editor or below) that does not have full visibility into the team list | Only Admin and Owner can see the full team list; contact your account Admin |
| Member still has access after role change | They are in an active session — role changes apply on next login | Ask the member to log out and log back in to refresh their permissions |
- Five distinct roles cover the full spectrum from full ownership to read-only access
- Permissions enforced server-side — cannot be bypassed via API calls
- Agency plan per-account scoping enables granular access across multiple client accounts
- Role changes take effect immediately without requiring re-invitation
- No custom role creation — you are limited to the five built-in roles
- Per-page permission scoping requires the Agency plan
- Role changes only take effect after the member's next login, not instantly in active sessions
Can the Owner role be transferred to another person?
Yes. The account Owner can transfer ownership to another team member via Account → Settings → Transfer Ownership. After transfer, the previous Owner becomes an Admin unless their role is changed. This action cannot be undone without the new Owner's cooperation.
Can an Editor manage integrations like Stripe or Mailchimp?
No. Integrations are in the Settings section, which is accessible only to Owner and Admin roles. Editors can use the outputs of integrations (e.g., a Stripe-connected product page) but cannot configure, disconnect, or add integrations.
Can a Viewer see unpublished draft pages?
Yes. Viewers can see all pages in the Dashboard, including drafts and unpublished content. They cannot make any changes, but they have full read access to the account's page library and analytics.
What happens to the account if the Owner's access is revoked?
The Owner role cannot be revoked by other team members — only the Owner can remove themselves or transfer ownership. If you need to remove an Owner from an account, contact UniLink support.
Do permissions apply to API access as well as the Dashboard UI?
Yes. UniLink enforces permissions at the API level. A team member's API token (if they generate one) is bound to their role. An Editor's token cannot make requests that require Admin or Owner permissions.
- UniLink has five roles: Owner (singular), Admin, Editor, Viewer, and Billing — each with a distinct, non-overlapping permission scope.
- Permissions are enforced server-side, not just in the UI, protecting against API-level bypass attempts.
- The Billing role is uniquely narrow — it covers payment management only, with no access to pages or settings.
- Per-account role scoping on the Agency plan enables clean isolation between client accounts and contractors.
- Conduct a quarterly team audit: verify every member's role still matches their current responsibilities and revoke access for anyone no longer active.
Get full control over who can do what on your UniLink account. Review and configure your team permissions at app.unilink.us.