Security Roles and Descriptions

Modified on Tue, 2 Dec, 2025 at 2:14 PM

Advvy Security Roles – Full Matrix Table

Security Role	Requires	Key Capabilities / Description	Limitations / Notes
Advvy Standard User	None (base role)	- Basic access to Advvy - Create Campaigns, Briefs, Master Clients, Clients, Products - Read all reference data - Access operational data for their profile	- Cannot create/edit/delete reference data - Cannot manage users/workflows
Advvy Standard Extension	Advvy Standard User	- Create/read/write campaign reference entities (media types, plans, segments, workflows) - Delete own-created records	- Cannot delete global reference data - Cannot manage user profiles
Advvy Standard Branch Admin	Advvy Standard User	- Full Business Unit visibility - Create client/campaign/product records under BU - Manage Team Groups - Manage user records within the BU	- Not system-wide admin
Advvy Standard Admin	Advvy Standard User + Advvy Standard Branch Admin	- System-wide visibility - Read/write/delete across all BUs - Manage workflows & security roles - Perform data imports - Create/manage Business Units, Teams & user settings	- Not a Microsoft platform admin
Advvy Tracker User	None (Tracker base role)	- Create campaigns, briefs, clients, products - Read all reference data - View operational data	- Cannot create/edit/delete reference data - No dashboard, portal, briefs management, or media plan fee visibility
Advvy Tracker Extension	Advvy Tracker User	- Create/read/write campaign reference entities - Delete own-created records - View dashboards, fees/totals, flighting - Access Client Portal & Client Briefs	- Cannot delete global reference data - Cannot manage user profiles
Advvy Tracker Branch Admin	Advvy Tracker User	- Full Business Unit visibility (Tracker) - Create clients/campaigns/products - Manage Team Groups & BU-level user access	- No system-wide admin
Advvy Tracker Admin	Advvy Tracker User	- System-wide visibility - Read/write/delete across all BUs - Manage workflows, security roles, user settings - Perform data imports - Create/manage Business Units & Teams	- Not a Microsoft platform admin
Advvy User Management	Advvy Standard User or Advvy Tracker User	- Manage users/teams within their Business Unit - View roles, people, teams across accessible BUs	- Cannot manage users outside their BU - Causes errors if used without base role
Advvy Workflow User	Depends on implementation	- Workflow-related permissions	- Highly configuration-dependent
Advvy Guest User	None	- Limited guest/external access	- Access restricted to implementation rules
Advvy Initiative Staff	None	- Agency-specific staff role	- Purpose varies
Advvy Media Plan Agent	None	- Specialised media plan duties	- Limited/feature-specific
Advvy Portal Manager	None	- Manages Client Portal functions	- Implementation-specific
Advvy Portal Approval	None	- Approves portal-submitted items	- Implementation-specific
Advvy PowerBI	None	- Enables Power BI reporting access	- Reporting only
Advvy Reference Data Editor	None	- Edit/manage reference data	- Powerful role; use sparingly
Advvy UM Staff	None	- Designed for user mgmt-related tasks	- Limited authority
Advvy Support User	Internal Advvy use only	- System support/debugging	⚠ Should not be assigned to client users

Access to Changing Security Permissions

1. Navigating to Security Permission Settings

To change a user’s security permissions:

Go to Agency Settings (bottom of the navigation menu)
Select Users
Double-click a user to open their User Profile

2. Switching to the Security Roles Form

Once inside the user profile:

Locate the form selector directly under the user’s name.
Change the form from “Advvy User Details” to “Advvy Security Roles”.

This switches the view to the area where you can manage all security roles for that user.

3. Selecting Security Roles

In the Advvy Security Roles form:

You may select more than one security role for each user.
Many roles must be combined to function (e.g. Standard User + Extension + Branch Admin).

Administrators should refer to the Security Roles Matrix to ensure the correct combination of roles are applied.

4. Importance of Business Unit Assignment

Before assigning security roles, confirm the user’s Business Unit is correctly set.

Navigate back to the User Details form overview.
Ensure the Business Unit field reflects the correct Branch or organisational unit.

Why Business Unit matters

A user’s Business Unit determines what data they can see (Clients, Campaigns, Products).
Security roles define what they can do (view, edit, create, manage).
Both must be aligned to ensure users have the correct access.

⚠ Important: Changing a user’s Business Unit will clear all existing security roles, requiring you to reapply their permissions.

Summary

Step	Description
1. Open Agency Settings → Users → Select User	Access user profile
2. Switch form to Advvy Security Roles	Enter the role management view
3. Select one or more roles	Apply required security permissions
4. Confirm Business Unit assignment	Ensures correct data visibility