snapshot-permissions

CRM: Adjust Granular Permissions for Snapshots for Admins in Your SaaS Agency

Charles Higgins

Charles Higgins

10 min read
Featured
Featured

In our instructional video produced by the channel's creator, we walk through a practical, step-by-step method for controlling who on your team can manage and deploy snapshots inside the platform. This feature gives agency owners and admins a powerful way to protect critical templates and configurations, reduce accidental changes, and make sure only the right people can push live updates to client accounts.

We’ll cover everything you need to know: why granular snapshot permissions matter, exactly how to change them, what each permission does, recommended permission sets for typical roles, real-world examples, best practices, troubleshooting tips, and a detailed FAQ to answer common questions. Our focus is on practical outcomes: saving time, reducing tech headaches, and helping busy teams focus on what matters most.

Table of Contents

Why Granular Snapshot Permissions Matter

Snapshots are the building blocks of efficient agency operations. They let us save complete configurations—funnels, automations, settings, and assets—and apply them across many client accounts quickly. But with great power comes risk. Giving too many people the ability to create, edit, push, or delete snapshots can lead to:

  • Accidental overwrites or deletions of critical templates
  • Inconsistent client onboarding experiences when snapshots are changed unpredictably
  • Security gaps when external contractors get unnecessary access
  • Confusion about which snapshot is the “source of truth” for live deployments

Granular permissions let us minimize these risks. We can keep the operational advantages of snapshots while ensuring control, accountability, and continuity by limiting specific actions—like pushing a snapshot to live client accounts—to trusted roles.

Quick Overview: What We’ll Walk Through

  • How to access and change snapshot permissions for admins and agency owners
  • What each snapshot permission actually lets someone do
  • Recommended permission configurations for common roles
  • Best practices and safety nets to protect snapshots
  • Troubleshooting when permissions don’t seem to apply
  • Frequently asked questions with clear, actionable answers

Step-by-Step Guide: Adjust Snapshot Permissions

Follow these straightforward steps to change snapshot permissions for admins and agency owners. We’ll use neutral names for UI elements so you can map these instructions to your platform easily.

  1. Log in to your agency account.Make sure you’re signed in with an account that has owner or admin access. Only accounts with the right privileges will be able to edit other admins’ permissions.
  2. Open Settings (usually in the bottom-left corner).Navigate to your main settings area where team and account controls live.
  3. Choose the Team area from the left-hand menu.Look for a section labeled "Team," "Users," or similar. This is where you manage people and roles.
  4. Select the drop-down for account type and pick "Agency and admins."This ensures you are viewing the list of administrative users at the agency level—not client sub-accounts or end users.
  5. Find the admin whose permissions you want to edit and click the edit icon.Each admin entry typically has an edit or pencil icon on the right-hand side—click it to open their profile and role options.
  6. Click on Roles and Permissions.This opens the granular permission toggles where snapshot permissions live.
  7. Scroll to the Snapshots section.Here you’ll see separate toggles for each snapshot action: view, create, edit, push, refresh, share/import, and delete.
  8. Toggle permissions on or off for each action.You can switch everything off, grant specific capabilities, or leave all permissions enabled—depending on the role’s needs.
  9. Save your changes (usually a Save button at the bottom-right).Always click Save. Changes won’t be applied until you do.

What Each Snapshot Permission Means

Understanding each permission is key to making the right choices. Here’s exactly what each toggle controls and a short example of when to grant it.

  • View snapshots — Allows a user to see the list and details of snapshots.Grant this to support and onboarding staff so they can reference templates without changing them.
  • Create snapshots — Lets a user save a current account configuration as a new snapshot.Useful for technical staff who produce new templates. We usually limit this to trusted team members to avoid cluttered or duplicated snapshots.
  • Edit snapshots — Permits a user to modify existing snapshot content or settings.Only give this to people responsible for maintaining templates, like a product owner or lead developer.
  • Push snapshots — Enables a user to deploy a snapshot to other accounts (for example, client accounts).This is the most sensitive permission. Restrict it to agency owners or a designated “snapshot manager” to avoid accidental live changes.
  • Refresh snapshots — Lets a user update an existing snapshot with new data or changes from a source account.Useful for centralizing updates. Grant it to the person responsible for version control of templates.
  • Share or import snapshots — Allows exporting snapshots or bringing in snapshots from other sources.Only grant this when team members need to move templates between systems or collaborate across accounts.
  • Delete snapshots — Permits deletion of snapshots from the system.We recommend restricting delete rights to agency owners or implementing a two-person approval process before final deletion.

Below are sensible defaults we use for typical agency roles. Use these as a starting point and adapt them to your team size, maturity, and trust model.

Agency Owner / Founder

  • View: Yes
  • Create: Yes
  • Edit: Yes
  • Push: Yes
  • Refresh: Yes
  • Share/Import: Yes
  • Delete: Yes (or limited to a soft-delete + final approval workflow)

Owners need full control, but we suggest adding a soft-delete or archive policy so deleted snapshots can be recovered if removed accidentally.

Snapshot Manager / Technical Lead

  • View: Yes
  • Create: Yes
  • Edit: Yes
  • Push: Optional (recommended: Yes, if they handle deployments)
  • Refresh: Yes
  • Share/Import: Yes
  • Delete: No (or only allowed with owner approval)

This role focuses on maintaining and deploying templates while avoiding unilateral destructive actions.

Onboarding Specialist

  • View: Yes
  • Create: No (or limited)
  • Edit: No
  • Push: No
  • Refresh: No
  • Share/Import: No
  • Delete: No

Onboarding specialists need access to use snapshots but not to change the templates themselves.

Customer Support

  • View: Yes
  • Create: No
  • Edit: No
  • Push: No
  • Refresh: No
  • Share/Import: No
  • Delete: No

Support should be able to reference snapshots when helping clients but not make configuration changes.

Contractors / Freelancers

  • View: Depends on tasks (often No)
  • Create: No
  • Edit: No
  • Push: No
  • Refresh: No
  • Share/Import: No
  • Delete: No

Only grant very narrow, temporary permissions for contractors, and always revoke them after the job is done.

Practical Examples and Scenarios

Here are a few scenarios that show how these permissions help solve real problems in an agency setting.

Scenario 1: Protecting the Core Agency Snapshot

We maintain a single "agency snapshot" that contains the official templates for all client onboarding. If everyone can edit or push that snapshot, changes can be made without coordination, causing different clients to receive inconsistent setups.

Solution: Restrict edit and push to the agency owner and a designated snapshot manager. Give view access to onboarding and support. This preserves a single source of truth while allowing team members to reference the template.

Scenario 2: Rolling Out an Update Across Clients

We need to update a campaign or automation across 30 clients. The snapshot manager prepares the updated snapshot, refreshes the snapshot to include the new automation changes, and then pushes it to client accounts during a scheduled maintenance window.

Solution: Only allow the snapshot manager and owner to refresh and push. This prevents accidental mid-day pushes that could disrupt running campaigns.

Scenario 3: Temporary Contractor Work

A contractor needs to import specific assets into a staging account and test templates. We don’t want them to see or change production snapshots.

Solution: Create a temporary user with view and create permissions in a test environment only. Revoke access and delete the temporary user when the job is completed.

Best Practices for Managing Snapshots Safely

Permissions are an important piece of the puzzle, but they work best when paired with good processes. These best practices reduce risk and make team operations smoother.

  • Implement version control and a naming convention.Include a date and short description in every snapshot name (e.g., "2025-08-Release-Email-Automation"). This makes it easy to find the right snapshot and roll back if needed.
  • Use a "Snapshot Manager" role.Instead of the owner handling every deployment, assign a trusted team member to act as the snapshot gatekeeper. This centralizes accountability and reduces the owner’s operational burden.
  • Schedule pushes during maintenance windows.Avoid midday pushes that can disrupt active campaigns. A scheduled window reduces surprises and gives time for testing.
  • Require approvals for destructive actions.For deletion or large-scale pushes, consider a two-person approval policy or a written sign-off in your project management tool before proceeding.
  • Keep an archived copy.Before deleting or overwriting a critical snapshot, save a dated archive version. This is your safety net.
  • Document who made changes and why.Maintain a change log: who edited, refreshed, or pushed a snapshot, and the reason. This is invaluable for troubleshooting and audits.
  • Train your team.Permissions are only effective if people understand why they exist. Train the team on when to request changes and how to work with the snapshot manager.

Troubleshooting Common Permission Issues

Even with a clear process, issues can arise. Here are common problems and how to resolve them quickly.

Changes Don’t Apply After Editing Permissions

Often the missing step is not clicking Save. Always ensure you save role changes. If you do and the permissions still don’t apply:

  • Log the affected user out and back in. Some permission changes only take effect after re-authentication.
  • Clear the browser cache or test in an incognito window to rule out browser caching issues.
  • Double-check that you edited the correct account level (agency vs. client-level admins).

Someone Has Unexpected Access

If an admin has a permission they shouldn’t, review the roles assigned to them. They may inherit permissions from a role or group. Adjust role-level permissions and check for any higher-level permissions that override the setting.

Permissions Are Missing from the UI

If a snapshot toggle is not visible, ensure you are in the agency-level settings, not a client account. Only agency-level owners typically see admin-level permission controls.

Snapshot Push Failed

If a push fails, check the following:

  • Does the user pushing the snapshot have push permission? If not, they’ll get an error.
  • Are there conflicts in the target account (e.g., naming collisions)?
  • Is there a network or platform outage? Retry during a maintenance window.

Security Considerations and the Principle of Least Privilege

We recommend following the principle of least privilege: give people only the permissions they need to do their job. This reduces mistakes, limits exposure from compromised accounts, and makes it easier to audit activity.

  • Minimize the number of users with push and delete permissions.
  • Use temporary access for contractors and remove it immediately after the work is done.
  • Keep owner-level access to a small, trusted group.
  • Consider periodic reviews of admin permissions to confirm roles are still accurate.

How This Saves Time and Reduces Tech Headaches

When we use snapshot permissions intentionally, the differences are tangible:

  • Fewer accidental changes mean less firefighting—teams spend more time delivering value and less time fixing mistakes.
  • Clear role responsibilities make onboarding and handoffs smoother. Everyone knows who to ask when a template needs updating.
  • Controlled pushes enable scheduled, predictable deployments—no surprises for clients or active campaigns.
  • Auditability and versioning reduce stress and provide a clear path to recovery when things go wrong.

We always emphasize transparency: use these controls to create predictable processes, and be clear with the team about permissions and responsibilities. That clarity saves time and prevents confusion.

Sample Checklist Before Changing Snapshot Permissions

  • Confirm the account you’re in is the agency-level account.
  • Identify who needs which snapshot actions and why.
  • Create or identify a snapshot manager role if you don’t already have one.
  • Set permissions based on the recommended role templates above.
  • Communicate changes to the team in writing and update your internal SOPs.
  • Save and test by logging in as a user with the updated role.
  • Monitor for any unexpected behavior for the next 48–72 hours.

Real Team Testimonial

“After we centralized snapshot control and limited push permissions to a single snapshot manager, deployments became predictable and error-free. The onboarding team could still access and reference templates without the risk of accidental changes.” — A small agency owner

Frequently Asked Questions (FAQ)

Q: What exactly is a snapshot?

A snapshot is a saved configuration of an account—templates, funnels, automations, settings, and assets—that can be applied to other accounts. It’s a packaged setup we use to replicate a consistent environment across multiple client accounts quickly.

Q: What does "push snapshot" mean?

To "push" a snapshot means to deploy that saved configuration into another account. This can be used to onboard a new client or update existing client accounts with centralized changes. Because it affects live accounts, push permission is one of the more sensitive controls.

Q: Who should be allowed to push snapshots?

Only trusted personnel. At minimum, agency owners and a designated snapshot manager should have push rights. We recommend limiting this to people who understand the timing, dependencies, and impact of pushes.

Q: Can a snapshot be restored if deleted?

That depends on your platform’s retention and archive policy. To be safe, maintain versioned snapshots and an archive policy before performing deletions. If deletion is irreversible, implement an approval or soft-delete workflow to avoid accidental loss.

Q: How do we grant temporary access to a contractor?

Create a temporary user with the minimum permissions required for the task, set an expiration date if your system supports it, and revoke access immediately upon job completion. Document the change in your logs.

Q: What’s the best way to manage snapshot versions?

Use consistent naming that includes a date and short description. Keep a change log for what changed and why. Archive older versions before making major updates so you can roll back if necessary.

Q: How often should we review admin permissions?

We recommend reviewing permissions quarterly or whenever there’s a staffing change. This helps ensure people don’t keep access they no longer need and reduces security risks.

Q: Can we set up approvals for pushing or deleting snapshots?

Some teams implement a two-person approval process using internal communication tools or project management tasks to document sign-off. If the platform doesn’t support built-in approvals, use a manual workflow to require owner sign-off before destructive actions.

Conclusion

Granular snapshot permissions give agencies the balance they need: the speed and efficiency of template-driven deployments with the controls required for consistency and security. By setting the right permissions, defining roles like snapshot manager, and following some simple best practices—naming conventions, versioning, maintenance windows, and documented approvals—we minimize risk and keep our operations predictable.

Start by reviewing who currently has access in your agency account, limit push and delete rights to a trusted few, and create a clear process for requesting changes. These small steps will dramatically reduce accidental errors, improve client consistency, and free your team to focus on strategic work instead of fixing preventable problems.

We encourage you to update your role settings today and document the new process with your team. If you have questions about recommended permission configurations based on your team size or a particular workflow, consult your internal operations playbook or schedule a short team review to agree on responsibilities and approval steps.

Read more