Update User Access in Apple Search Ads

Apple Search Ads Role Hierarchy

Before changing roles, understand what each level grants:

Role changes take effect immediately. The user does not need to re-authenticate or accept a new invitation.

Changing Roles in the UI

1. Log in to Apple Search Ads with an Account Admin account
2. Click the gear icon (top right) > Account Settings > User Management
3. Find the user in the list and click their row to expand details
4. Select the new role from the Role dropdown
5. If changing to Limited Access, the campaign group selector appears -- check the groups the user should access
6. Click Save

The user's active session updates on next page navigation. No logout/login required.

Adjusting Limited Access Campaign Groups

Limited Access users see only their assigned campaign groups. To modify group assignments without changing the role:

1. In User Management, click the Limited Access user
2. Under Campaign Group Access, check or uncheck groups
3. Click Save

If you need to create a new campaign group for scoping:

1. Go to Campaigns > Campaign Groups
2. Click Create Campaign Group
3. Name the group and assign campaigns to it
4. Return to User Management and assign the group to the user

Changing Roles via the Apple Search Ads API

Use the PUT /acls endpoint to update a user's role programmatically. This requires an API certificate with Admin privileges.

# Update user role to Campaign Manager
# First, get the user's ACL entry
curl -X GET "https://api.searchads.apple.com/api/v5/acls" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "X-AP-Context: orgId=$ORG_ID"

# Response includes userId and current role:
# { "data": [{ "userId": "123456", "roleName": "Read Only", "orgId": 7890 }] }

# Update the role
curl -X PUT "https://api.searchads.apple.com/api/v5/acls" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "X-AP-Context: orgId=$ORG_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "123456",
    "roleName": "Campaign Manager",
    "orgId": 7890
  }'

Valid roleName values: Account Admin, Campaign Manager, Limited Access, Read Only.

Common Role Change Scenarios

Promoting a team member to Admin

When a senior team member needs billing and user management access:

1. Change role from Campaign Manager to Account Admin
2. Verify they can see Account Settings > Billing and User Management
3. Maintain at least two Admins at all times to prevent lockout

Restricting agency access after campaign launch

When an agency finishes setup and only needs monitoring:

1. Change from Campaign Manager to Read Only
2. The agency retains report access and export capability
3. They lose the ability to modify bids, budgets, or targeting

Scoping a contractor to specific campaigns

When a contractor should only manage a subset of campaigns:

1. Create a dedicated Campaign Group containing their campaigns
2. Change role from Campaign Manager to Limited Access
3. Assign only the relevant Campaign Group
4. The contractor sees nothing outside that group

Audit Trail

Apple Search Ads does not provide a built-in user activity log. To maintain an audit trail for role changes:

1. Document every change in your internal access register (who, what role, when, why)
2. Export the current user list periodically via the API for compliance records:

curl -X GET "https://api.searchads.apple.com/api/v5/acls" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "X-AP-Context: orgId=$ORG_ID" | jq '.data[] | {userId, roleName}' > access-snapshot-$(date +%F).json

3. Review access quarterly and after any team changes

Troubleshooting

User cannot see campaigns after role change: Confirm the role saved correctly in User Management. If Limited Access, verify campaign group assignments include the relevant campaigns.

Cannot change the last Admin: Apple Search Ads prevents removing Admin access from the only remaining Admin. Add a second Admin before modifying the current one.

API role update returns 403: Verify your API certificate belongs to an Account Admin and the orgId in X-AP-Context matches the target organization.