Role-Based Access Control (RBAC)
Understand how roles and permissions control access to features across Email, SMS, RCS and WhatsApp on the Netcore CPaaS dashboard.
Overview
Netcore CPaaS uses Role-Based Access Control (RBAC) to manage what each team member can see and do within the platform. Admins assign one or more roles to each user, and those roles determine which screens, features, and actions are available to them across Email, SMS, and WhatsApp.
RBAC in CPaaS is designed to be simple, consistent, and cross-channel. The same roles apply regardless of which channel a user is working in.
Note
Only Admin users can assign or modify roles. Role assignments are managed through Settings > Access Management.
Key Concepts
Multiple Roles Per User
Each user can hold one or more roles simultaneously. Permissions are additive — a user with both Analyst and Marketing roles receives all permissions from both. When you assign the Admin role, it automatically grants full access and disables individual permission selection.
Cross-Channel Roles
All roles apply uniformly across Email, SMS, and WhatsApp. There are no separate per-channel configurations. A user's access to a channel is determined entirely by their assigned roles.
Admin Protection
The Admin role comes with built-in safety guardrails. The last remaining Admin on an account cannot be removed or downgraded, and the primary account owner's Admin role is permanently immutable. This prevents accidental account lockout.
System Roles
CPaaS provides eight pre-defined system roles. Each role is described below, along with the capabilities it grants across channels.
Admin
Full access to all features and settings across Email, SMS, and WhatsApp. Admins are also responsible for managing users and roles through Access Management.
| Capability | SMS | ||
|---|---|---|---|
| Full platform access | ✓ | ✓ | ✓ |
| Access Management (invite / edit / remove users) | ✓ | ✓ | ✓ |
| All settings and configurations | ✓ | ✓ | ✓ |
| Billing and invoices | ✓ | ✓ | ✓ |
| All integrations and webhooks | ✓ | ✓ | ✓ |
Admin Rule
At least one Admin must exist at all times. The last Admin cannot be removed or downgraded until a second Admin is promoted.
Analyst
Read-only access focused on analytics, reporting, and monitoring. Ideal for data analysts and reporting teams who need visibility without the ability to make changes.
| Capability | SMS | ||
|---|---|---|---|
| View live feed | ✓ | ✓ | ✓ |
| View analytics and sub-account analytics | ✓ | ✓ | ✓ |
| Download reports | ✓ | ✓ | ✓ |
| View suppression / tag lists | ✓ | — | — |
| View warmup details | ✓ | — | — |
| View dashboards | — | ✓ | ✓ |
Marketing
Focused on campaign execution and audience management. Marketing users can create and manage campaigns and templates but do not have access to integrations or billing.
| Capability | SMS | ||
|---|---|---|---|
| View live feed and analytics | ✓ | ✓ | ✓ |
| Download reports | ✓ | ✓ | ✓ |
| Edit suppression lists | ✓ | — | — |
| Full access to templates | — | ✓ | ✓ |
| Full access to campaigns | — | — | ✓ |
| Integrations and webhooks | ✗ | ✗ | ✗ |
| Billing access | ✗ | ✗ | ✗ |
Designer
Focused on content creation and template management. Designers can build, edit, and duplicate templates and access content configuration, but cannot manage campaigns or settings.
| Capability | SMS | ||
|---|---|---|---|
| Create templates | ✓ | ✓ | ✓ |
| Edit templates | ✓ | ✓ | ✓ |
| Duplicate templates | ✓ | ✓ | ✓ |
| Delete templates | ✓ | ✓ | ✓ |
| Content configuration access | ✓ | ✓ | ✓ |
Accounts / Billing Manager
Focused on financial operations. Intended for finance and accounts teams who need access to billing information, invoices, and usage logs without needing access to campaigns or audience data.
| Capability | SMS | ||
|---|---|---|---|
| Access billing and invoices | ✓ | ✓ | ✓ |
| View credit logs | ✓ | ✓ | ✓ |
| Purchase dedicated IPs | ✓ | — | — |
| Full billing access | — | ✓ | ✓ |
Tech
Broad technical access covering all operational and integration features. Ideal for developers and technical team members. The Tech role excludes billing information to maintain financial data separation.
| Capability | SMS | ||
|---|---|---|---|
| All platform features (except billing) | ✓ | ✓ | ✓ |
| Integrations and webhooks | ✓ | ✓ | ✓ |
| Campaign and template management | ✓ | ✓ | ✓ |
| Suppression and consent list management | ✓ | ✓ | ✓ |
| Billing access | ✗ | ✗ | ✗ |
Suppression
Focused on list hygiene and compliance. Designed for compliance officers or operations staff who manage who receives communications.
| Capability | SMS | ||
|---|---|---|---|
| Manage suppression lists | ✓ | — | — |
| Manage consent lists | — | ✓ | ✓ |
Support
Read-only access for customer support and operations teams. Support users can monitor live activity and view warmup details but cannot make changes to any configuration.
| Capability | SMS | ||
|---|---|---|---|
| View live feed | ✓ | ✓ | ✓ |
| View warmup details | ✓ | — | — |
Role Summary
The table below provides a quick comparison of all system roles and their high-level access scope.
| Role | Primary Use Case | Billing Access | Campaign Access | Settings / Admin |
|---|---|---|---|---|
| Admin | Full platform management | ✓ | Full | ✓ |
| Analyst | Reporting and monitoring | ✗ | View only | ✗ |
| Marketing | Campaign execution | ✗ | Limited | ✗ |
| Designer | Template and content creation | ✗ | None | ✗ |
| Accounts / Billing Manager | Finance and billing operations | ✓ | None | ✗ |
| Tech | Technical / developer access | ✗ | Full | ✗ |
| Suppression | List hygiene and compliance | ✗ | None | ✗ |
| Support | Monitoring and support | ✗ | View only | ✗ |
Assigning and Editing Roles
Roles can be assigned when inviting a new user or updated at any time for existing users through Access Management.
Invite Users
Follow the steps given below to assign roles to your team members.
- Navigate to Settings > Access Management.
- Click Invite User.
- Enter the user's email address and username.
- In the role selector, check one or more roles to assign.
- If you select Admin, all individual role checkboxes are automatically disabled. Admin grants full access by default.
- Click SEND INVITE.
Editing Roles for Existing Users
Follow the steps given below to update roles for existing users.
- Navigate to Settings > Access Management.
- Find the user in the list and click ⋮ (more options).
- Select Edit User.
- Update the role selection using the checkboxes.
- Click Save to apply changes.
Admin Safety
You cannot remove the Admin role from the last remaining Admin or from the primary account owner. Assign another Admin first before making changes.
Updated 7 days ago