Permissions & Roles
The Widget Builder uses your existing Staffbase account structure to control who can access and manage widgets. This guide explains how permissions work and how to configure them.
Role Hierarchy
The Widget Builder recognizes four Staffbase roles, ordered from least to most privileged:
| Role | Level | Description |
|---|---|---|
| Reader | 1 | Basic read-only access in Staffbase |
| Moderator | 2 | Can moderate content in Staffbase |
| Editor | 3 | Can create and edit content in Staffbase |
| Admin | 4 | Full administrative access in Staffbase |
By default, the Widget Builder requires the Admin role. This means only Staffbase administrators can sign in and manage widgets.
Minimum Role Setting
You can lower the minimum required role so that editors or moderators can also access the Widget Builder.
How to change the minimum role:
- Go to Settings in the Widget Builder sidebar.
- In the Widget Builder Permissions section, click Edit Client Permissions.
- Select the desired minimum role from the Minimum Role dropdown.
- Click Save.
Lowering the minimum role gives more people access to create and manage widgets. Make sure this is appropriate for your organization.
Group-Based Access
In addition to the role-based check, you can grant access to specific Staffbase groups. This is useful when you want to give Widget Builder access to a small team without changing the minimum role for everyone.
How to add a group:
- Go to Settings > Widget Builder Permissions.
- Click Edit Client Permissions.
- In the Staffbase Groups section, search for the group you want to add.
- Select the group from the results.
- Click Save.
You can add multiple groups. Each group links directly to its Staffbase admin page for easy management.
How to remove a group:
Click the remove button next to any group in the list, then save.
How Authorization Works
A user is granted access to the Widget Builder if either of these conditions is true:
- Role check — The user's Staffbase role is equal to or higher than the configured minimum role.
- Group check — The user belongs to at least one of the configured permission groups.
This means a user with a "Reader" role can still access the Widget Builder if they are a member of an authorized group, even if the minimum role is set to "Admin".
Combine role and group settings for flexible access control. For example, set the minimum role to "Admin" so all admins have automatic access, then add specific groups for non-admin team members who need Widget Builder access.
Authorization Caching
To ensure fast page loads, authorization checks are cached for 24 hours. This means:
- When you add or remove a group, it may take up to 24 hours for all affected users to see the change.
- When you change the minimum role, the cache is cleared immediately for that setting.
If a user reports they cannot access the Widget Builder after a permission change, ask them to wait or try signing out and back in.
Summary
| Setting | Where to find it | What it controls |
|---|---|---|
| Minimum Role | Settings > Permissions | The lowest Staffbase role that can access the Widget Builder |
| Staffbase Groups | Settings > Permissions | Additional groups granted access regardless of role |
Related Documentation
- Initial Setup — First-time configuration including OAuth and permissions
- Interface Overview — Visual guide to the Settings page