Advvy Platform – Security Roles
How user access, team ownership, branch management, and admin access work together
The Two Foundation Roles
Trigger
User record is created
Admin manually creates the user
Manualassigns
Trigger
Client record is created
System auto-creates a client team
Automaticassigns to team
How a User Gets Operational Access
Standard User alone grants no client data access. The user must also be added to a client team.
Standard User
Can log in &
see ref data
see ref data
+
Team Membership
User added to
client team
client team
=
Client Access
Inherits team's
Standard Team role
Standard Team role
→
Operational Data
Full CRUD on that
client's work data
client's work data
Escalated Access Roles
These roles are manually assigned to user records — like Standard User — but grant broader operational access without requiring per-team membership.
Role Comparison at a Glance
| Standard User | Standard Team | Branch Manager | Standard Admin | |
|---|---|---|---|---|
| Assigned to | User record | Client team | User record | User record |
| How assigned | Manual | Automatic | Manual | Manual |
| Reference data | Read-only | Read-only | Read-only | Read-only |
| Client ops data | No access | Full CRUD | Full CRUD | Full CRUD |
| Scope of ops access | — | Own team's data | BU + child BUs | Entire environment |
| Requires team membership? | N/A | Yes | No | No |
Advvy Standard Team – Operational Entities (Full Detail)
These are the entities the Standard Team role grants Create / Read / Write / Delete access to. All access is at 'User' level (team-owned records).
Entity | Create | Read | Write | Delete |
| Advvy Activity | ● | ● | ● | ● |
| Advvy Activity Interested User | ● | ● | ● | ● |
| Advvy Portal Comment | ● | ● | ● | ● |
| Advvy Portal Login Audit | ● | ● | ● | ● |
| Advvy Time Log Entry | ● | ● | ● | ● |
| Auto Post | ● | ● | ● | ● |
| Auto-Number | — | ● | ● | — |
| Booking | ● | ● | ● | — |
| Booking Summary | ● | ● | ● | ● |
| Brief | ● | ● | ● | — |
| Campaign | ● | ● | ● | — |
| Campaign Actual | ● | ● | ● | ● |
| Campaign Brief | ● | ● | ● | — |
| Campaign Fee | ● | ● | ● | ● |
| Campaign Fee Flighting | ● | ● | ● | ● |
| Campaign Flighting | ● | ● | ● | ● |
| Campaign Import Job | ● | ● | ● | ● |
| Campaign Media Type | ● | ● | ● | ● |
| Campaign Queue Item | ● | ● | ● | — |
| Campaign Rate Card Item | ● | ● | — | ● |
| Campaign Summary | ● | ● | ● | ● |
| Client Medium Override | ● | ● | — | ● |
| ● | ● | ● | ● | |
| Flighting Aggregate | ● | ● | ● | ● |
| Import Job Detail | ● | ● | ● | ● |
| Invoice | ● | ● | ● | — |
| Invoice Summary | ● | ● | ● | ● |
| MBA | ● | ● | ● | — |
| MBA Fee | ● | ● | ● | — |
| MBA Fee Flighting | ● | ● | ● | — |
| MBA Flighting | ● | ● | ● | — |
| MBA Media Type | ● | ● | ● | — |
| MBA Summary | ● | ● | ● | — |
| MBA Template | ● | ● | — | — |
| Project | ● | ● | ● | — |
| Schedule | ● | ● | ● | — |
| Task Note | ● | ● | ● | ● |
| User Feedback | ● | ● | ● | — |
| Workflow | ● | ● | ● | ● |
| Workflow Activity Hierarchy | ● | ● | ● | ● |
| Workflow Activity History | ● | ● | ● | ● |
| Workflow Role Assignment | ● | ● | ● | ● |
| Workflow Stage | ● | ● | ● | ● |
Advvy Standard Team – Reference Entities (Read-Only)
These entities are readable at organisation level. No create, write, or delete access.
Agency Type
Approval
Audience
Auto-Name
Aux Data
Aux Data Type
Brand
Business Unit
Campaign Objective
Campaign Type
Client
Client Type
Config Setting - Flighting
Config Setting - Theme
Configuration Setting
Contact
Contact Type
Country
Dataset Type
Division
Ethnicity
Fee
Finance Invoice Theme
Finance Tax Type
Finance Tracking Category
Funding Source
Language
Market
Market Type
Master Client
Media Owner
Media Sub Type
Media Type
Media Type Class
Media Type Group
Media Type Segment
Media Type Speciality Activity
Media Type Speciality User
Medium
Medium - Media Owner
Network
Other Supplier
Partner Agency
Phase
Product
Product Classification
Rate
Rate Card Item
Tag
Workflow Activity Definition
Workflow Activity Hierarchy Definition
Workflow Deliverable
Workflow Reporting Pillar
Workflow Role
Workflow Stage Definition
Workflow Template
Key Takeaways
1
Standard User alone = read-only passenger. They can log in and see reference data but cannot touch any client operational data.
2
Team membership unlocks client data. When a user is added to a client team, they inherit the Standard Team role and get full CRUD on that client's operational data.
3
Teams are created automatically. Every new client record triggers programmatic creation of a team and assignment of the Standard Team role — no manual setup needed.
4
Branch Managers see their whole branch. Same operational privileges as Standard Team, scoped to their business unit hierarchy — no per-team membership required.
5
Admins see everything. Same operational privileges as Standard Team, but scoped to the entire environment — full visibility across all business units and client teams.
6
All four roles share the same privilege model. The difference is always about scope — single team, branch, or entire environment — not the type of access granted.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article