Permission catalogue
Every permission Level ships with, grouped by category. Use this as the reference when designing roles.
Level ships a fixed set of 11 permissions across 4 categories. Roles bundle them — you can't add new permissions, but you can mix and match them into any role you want.
The Permissions editor (under Roles & Permissions in Users & Teams) groups them the same way.
Administration
Permissions that reshape the workspace itself.
| Permission | What it grants |
|---|---|
| Manage Teams & Users | Create, edit, delete teams and sub-teams. Add and remove members. Send invitations. |
| Manage Roles | Create, edit, delete roles. Edit role permissions. Apply per-user permission overrides. |
These are the most powerful permissions. Assign them to leads, admins, and ops people who actually need to reshape the workspace.
Reporting
Permissions for working with reports.
| Permission | What it grants |
|---|---|
| View Analytics & Reports | Open reports, view KPI cards and tables, change date ranges, customize column / row visibility for one's own view. |
| Export Data | Download reports (where available — see the exporting note for current support). |
| Manage Reports | Create new reports, edit existing reports, delete reports. |
A typical read-only stakeholder role grants View Analytics & Reports only — they can see numbers but not change report definitions or export.
Configuration & Operations
Permissions for the day-to-day setup of placements, segments, budgets, and workspace settings.
| Permission | What it grants |
|---|---|
| Manage Placements | Create, edit, delete placements; start / stop / retry sync; reconnect. |
| Manage Segments | Create, edit, delete segments; assign segments to campaigns; bulk-assign. |
| Manage Budgets | Set and adjust planned budgets used in pacing (where the workspace uses them). |
| Manage Settings | Change workspace-level configuration. |
A typical channel manager role bundles Manage Placements + Manage Segments so they can wire up new ad accounts and tag campaigns.
Clients
Permissions for the client records themselves (the brand objects, not the data inside them).
| Permission | What it grants |
|---|---|
| View Clients | See clients in the list and switcher. Without this, the client list is empty. |
| Edit Clients | Create new clients; edit name, description, logo on existing ones. |
View Clients is foundational — without it a user sees nothing useful in the workspace, since every other section is scoped to a client.
Designing roles around the catalogue
A few patterns that work:
- Owner — every permission. Built-in, protected. Granted by your administrator.
- Admin — Manage Teams & Users + Manage Roles, plus everything in Configuration & Operations and Reporting. Effectively Owner without the lock-in.
- Channel manager — View Clients + View Analytics & Reports + Manage Reports + Manage Placements + Manage Segments. Can run their channel; can't reshape the workspace.
- Analyst — View Clients + View Analytics & Reports + Export Data. Read and export only.
- Stakeholder / viewer — View Clients + View Analytics & Reports. Pure consumption.
- Ops — Manage Teams & Users + View Clients + Edit Clients. Onboarding and client management without report or placement access.
Build roles around the responsibilities of the people in your organization, not around an idealised hierarchy.