Role-Based Access Control (RBAC)

Role-Based Access Control enables organizations to manage user permissions across projects and environments. The system restricts feature access based on assigned user roles, supporting data governance requirements.

Roles

Freshpaint provides five user roles with distinct permission levels.

• Admin: Full administrative access including user management, project/environment creation, and HIPAA allowlist configuration.

• Data Manager: Elevated data access with the ability to view and modify PHI allowlists, and configure consent management settings.

• General User: Standard operational access for configuring destinations and events. General users have PHI visibility, but no ability to modify allowlists or consent settings.

• Event Manager: Focused access for managing event tracking and integrations without access to PHI or form submissions.

• Data Viewer: Read-only access limited to viewing analytics dashboards and reports.

User Permissions by Role

Access to Projects and Environments

Users can see the environments they have access to in the left navigation panel in Freshpaint. Admins always have access to all environments, and can grant access to specific environments to specific users.

When a new environment is created, all users have access by default. An admin must explicitly restrict access via the Teams page.

Granting Environment Access

To invite new users:

1. Navigate to Settings → Team Members

2. Click Add Teammate

3. Enter the user's email address

4. Select their role from the list

5. If non-Admin, select the projects and environments they can access

6. Click Send Invite

To grant access to existing users,

1. Navigate to Settings → Team Members

2. Select the user to configure

3. Under Environment Access, select the projects and environments

4. Click Save

Access to Freshpaint Audiences