Roles and Permissions
FunnelStory uses workspace roles to decide who can change configuration, who can write to customer records, and who can use Renari and MCP integrations. Roles are assigned per user in a workspace and can be paired with an optional designation (for example CSM or AE) for reporting—not for authorization by itself.
Role catalog
| Role | Who it is for | Typical capabilities |
|---|---|---|
| Super Admin | Tenant owners | Full read/write across workspace, users, billing-level actions where exposed, audit visibility, MCP administration, and destructive operations such as workspace delete where the product supports it |
| Admin | Operations and RevOps leaders | Manage users, connections, models, audiences, notifications, funnels, and most workspace settings—without some cross-tenant controls reserved for Super Admin |
| Data Admin | Analytics engineers | Own Configure paths: connections, queries, model mappings, and refresh behavior—without full user administration |
| Manager | Team leads | Read broadly, update accounts they coordinate, create tasks, and move work items; often paired with reassignment of needle movers |
| Account User | CSMs and AMs | Day-to-day portfolio work: assigned accounts, needle movers, predictions, notes, and tasks—no global configuration |
| Renari User | Copilot-only collaborators | Renari conversations, read access to accounts and engagement surfaces the role allows—intentionally narrow for vendors or executives who should not edit models |
| Access Token | Automation identities | Minimal read used for scoped API or MCP-style access—treat like a service account |
Exact permission strings evolve with the product; when in doubt, try the action in a staging workspace or ask a Super Admin to confirm.
Designations
Designation (CSM, AE, SE, CSE, or custom values) labels a user for filters and reporting. It does not, by itself, grant extra privileges—pair it with the correct role.
Account write vs configuration write
Most customer-facing teams care about this split:
- Configuration write — changing connections, models, property mappings, and workspace-wide rules. Restricted to Super Admin, Admin, and Data Admin depending on the screen.
- Account write — updating account fields, assignments, notes, tasks, and needle mover state. Granted to roles that carry accounts:write (for example Admin, Data Admin, Manager, Account User in typical setups).
MCP access
MCP (Model Context Protocol) clients use dedicated permissions for read and write of MCP resources. Super Admin and Admin usually configure which tools and datasets an assistant may call; end users consume MCP through approved clients.
See MCP server overview for the customer-facing introduction.
Changing roles
Super Admins and Admins can change another user’s role from Admin Settings → Team permissions. The product prevents removing the last Super Admin to avoid lockout.
Shared teams
Shared teams (user groups used with Account model team_id) are created and maintained under Admin → Team → Shared Teams, alongside invites on the same screen—only roles that can use Admin settings see them, not Manager or Account user. See Shared teams.