Mautic Role Management: A Comprehensive Guide

Do you want to work with freelancers directly in your Mautic, but are afraid to give them full access to your Mautic dashboard? Do you want to restrict access to Mautic components based on your employee's role?

Discover how to integrate external contributors safely into your or limit employee access to their core tasks within Mautic.

You'll learn
• The fundamentals of roles and permissions in Mautic.
• Role management best practices.
• Common limitations within Mautic’s role system.
• Actionable tips for configuring roles to match your organizational needs.
• Practical examples to help you understand the application of these principles in real-world scenarios.

What are Roles?

Roles define what your Mautic dashboard users can and can not do. They are essentially predefined sets of permissions.

A proper role management allows you give people access to the dashboard without having to worry about security issues.

But what are roles and permissions exactly?

Permissions are specific actions that users are allowed to perform in Mautic. Examples are viewing or editing contacts, emails or campaigns.

Roles bundle these permissions into a package that is then assigned to users. This makes managing access to certain functionalities easy and scalable.

Now that we know that difference, let's differentiate roles and users.

Differences Between Roles and Users

The main difference is that a user is an individual with login credentials. A role is a set of permissions that can be applied to multiple users.

This means roles are about what users/persons can do, whereas the user is about who the person is that is interacting with Mautic.

Restricting access to certain functionalities of Mautic sounds great. How can you do that?

Before we dive into that, let's look at two best practices when it comes to creating access roles.

Best Practices for Your Role and Permission Management

There are two principles you might want to consider when creating your own role system in Mautic:

  1. Principle of least privilege
  2. Segregation of duties

Principle of Least Privilege

This principle suggests that users should be granted only the permissions they need to perform their tasks.

For example, someone who edits emails doesn’t need access to manage contacts. They have no business at looking at the contact database.

Implementing the principle of least privilege minimizes the risk of accidental or malicious misuse of sensitive information. If you have to comply with the GDPR or other data protection regulations following this principle is a must.

Segregation of Duties

This strategy involves splitting responsibilities and permissions among different roles to prevent any single user from having too much control.

This principle is more often than not about your business processes.

Let's say you have a couple of editors. They can create, view, and update emails, landing pages, and campaigns. But they cannot publish them.

In more general terms: The person who requests a transaction—publishing and sending an email—should not be the same person who approves it.

This ensures checks and balances in the workflow. This also makes sure people stick to pre-sending checklists or definitions of done or some other quality assurance mechanisms.

Roles for Mautic

If you have no role management at the moment, then here are some suggestions for roles you could implement:

  • Content Creators: Can create and edit their own drafts of emails and landing pages but cannot publish. This role is great if you hire freelancers. They can work in Mautic directly, so you don't need to import their work manually.
  • Content Collaborators: Those users can create and edit drafts of emails and landing pages regardless who owns the piece but cannot publish. This might be useful for proofreaders.
  • Marketing Collaborators: Can create and edit drafts of campaigns, dynamic web content, focus items, and forms.
  • Marketing Managers: Can review content, and campaigns, and have the ability to publish. They also can manage dynamic web content, focus items, and forms.
  • Lead Owner: Can manage leads they own.
  • Lead Managers: Can manage all leads and their segments, stages, and points.
  • Administrators: Have full access across the platform, including user management and system settings.

You don't need to implement every role. Mix and match, pick and choose.

How to Configure Roles in Mautic

Setting up roles in Mautic is straightforward:

  1. Navigate to the ‘Roles’ section in the Mautic settings.
  2. Create a new role by clicking on ‘New’ and give your role a name that clearly describes its purpose.
  3. Select and assign permissions to this role. Mautic will present you with a list of permissions divided into categories such as Contacts, Emails, and Reports. Tick the boxes next to the actions you wish this role to perform.
  4. Once you fully configured the permissions of your new role, save it. Then assign it to users from their profile settings.

Gotchas of Mautic's Role Management

You might come across a few limitations that could impact how you structure your team's permissions. I'll show the limitations I could identify to help you better plan your roles and maybe find creative workarounds to fit your needs.

Single Role Per User / No Role Composition

What It Means: Mautic does not support role composition. This is a feature in some systems. You would create a role that is basically a superset of already defined roles. Alternatively you would assign multiple to a single user.

Drawbacks: Without this, you must manually set up each role with all necessary permissions, even if many roles share common permissions. This limits your ability to create layered permission structures easily. It also increases the potential for errors.

Say you want to give someone the permissions of your Marketing Manager and your Lead Manager role. Without role composition or the ability to assign multiple roles to a single user you need to create an additional role, e.g., "Marketing & Lead Manager". Now, you'd have to give this role all the permissions of those to roles. I guess, you can see how this "copy & paste" approach might clutter your role management.

Workaround: You might consider restructuring tasks among team members to fit the permissions available within a single role. Although I'll admit that this may not always be practical.

Too Narrow or Broad Access Permissions

What It Means: In Mautic, the permission settings for viewing or editing items (leads, emails, pages, etc.) are generally limited to [create|view|edit|delete] own and [create|view|edit|delete] other. This means users can either see only the items they've created or all items, regardless of who created them. Unfortunately, there is no middle ground.

Drawbacks: This limitation makes it challenging to restrict access based on more granular criteria. You can't, for example, give users access to all emails of a certain category. Users might end up seeing more information than they need. This can increase the risk of someone editing the wrong thing or (worst case) of information leakage.

Workaround: You can temporarily set an editor as the owner for a specific email, page, etc., if they need to edit it. This is cumbersome but upholds the principle of least privilege.

Effective role management not only optimizes your team's workflow but also secures your data.

Implement some of the suggestions I made, but feel free to tweak everything that I said. Remember to review and refine your roles periodically.

Happy marketing!