Learn how Facebook Business Manager access rights work on two levels (business and asset), which roles exist for Pages and ad accounts, and which best practices—least privilege, regular reviews, and clean offboarding—help prevent errors, misuse, and compliance issues.
Assigning access rights correctly in Facebook Business Manager is one of the most important—and most frequently underestimated—tasks in social media marketing. Too many rights for too many people open doors to mistakes, misuse, and compliance violations. Too few rights bring day-to-day work to a standstill.
This article explains the Business Manager role system in full—and gives clear recommendations on who should get which permissions.
Business Manager basically distinguishes between two levels:
Business level: Determines who has general access to Business Manager and with which role (Employee or Admin).
Asset level: Determines who has access to which specific assets (Pages, ad accounts, Pixels, etc.) and with which permissions.
Both levels must be configured correctly. Someone can be a Business Manager employee, but without asset assignments they effectively won’t have access to anything.
Admin: Full control over all Business Manager settings. Can add and remove people, assign assets, manage payment methods, and administer the entire Business Manager. Recommendation: Max. 2–3 people.
Employee: Can only access assets that have been explicitly assigned. No admin rights. Recommendation: Default for all team members.
Rule: Business-level admin rights should only be given to people who are actually responsible for managing the Business Manager—not every campaign manager.
For Facebook Pages, there are several roles within Business Manager:
Admin: Full Page permissions. Can do everything, including assigning roles to others.
Editor: Can create and publish posts, run ads, and view insights. No access to Page settings or roles.
Moderator: Can reply to and moderate comments, manage messages. No permission to create posts.
Advertiser: Can run ads for the Page. No organic content permissions.
Analyst: Can only view insights. No action permissions.
Admin: Full control: create and edit campaigns, view billing, assign roles.
Advertiser: Can create and edit campaigns. No access to payment information or role management.
Analyst: Read-only access to campaign data and insights.
For external agencies and service providers, there are two ways to grant access:
Partner access request: The agency has its own Business Manager and requests access to your assets. Recommended: The agency retains full control over its employees, and you control which assets they can access.
Direct invitation as an employee: Agency staff are invited directly into your Business Manager. More control for you, but more admin overhead.
Recommendation: For long-term agency relationships, the partner access request is the cleaner solution.
Principle of Least Privilege: Everyone gets only the minimum permissions needed for their job.
Regular access reviews: Review who has which rights at least quarterly.
Immediate offboarding: When employees leave or an agency relationship ends, revoke all access immediately.
Never share passwords: Each person has their own access.
Don’t use personal accounts for company activities.
Former employees or former agencies still have access (privilege creep).
Everyone gets admin rights because it’s “easier.”
Access rights are never reviewed or updated.
Agencies get direct platform access instead of partner access requests.
For teams managing multiple accounts and agencies at the same time: a social media management tool with an integrated role concept complements Business Manager with a team-wide approval workflow.
Business Manager’s access-rights system is powerful and flexible—but only if used intentionally. If you assign rights according to the least-privilege principle, review them regularly, and offboard cleanly, you lay the foundation for secure, compliant Facebook marketing.