Meta Ads Remove User Access | OpsBlu Docs

Meta Ads Remove User Access

How to revoke user access and offboard team members from Meta Ads. Covers account deletion, API key revocation, partial access removal, and security.

Remove User Access

Follow this process when someone no longer needs access to your Meta business, ad accounts, or related assets. This includes full offboarding (removing from the business entirely) and partial removal (removing specific assets while retaining others).

Deactivation Triggers

  • Offboarding: Employee or contractor leaves the company or completes their project.
  • Contract end: Agency or vendor contract expires and all asset access should be revoked.
  • Security incident: Account flagged for suspicious activity or compromised credentials.
  • Two-factor authentication failure: Repeated 2FA failures or account lockout.
  • Role elimination: User no longer needs any Meta Ads access due to job change.
  • Audit compliance: Quarterly or annual access review identifies inactive or unnecessary users.

Removal Options

Full Removal (Remove from Business)

Removes the user from the business entirely, revoking all ad accounts, pixels, catalogs, pages, and other assets.

Use when:

  • User is leaving the company permanently.
  • User no longer needs any Meta Ads access.
  • Security incident requires immediate revocation of all permissions.

Partial Removal (Remove Specific Assets)

Removes access to specific ad accounts or assets while keeping the user in the business with other permissions.

Use when:

  • User changes teams or markets and needs different assets.
  • Project ends but user still works on other campaigns.
  • Scope reduction without full offboarding.

Prerequisites

  • Business Manager Admin rights on the owning business.
  • Decision on whether to perform full removal (from business) or partial removal (specific assets).
  • Approval from manager or business owner for the removal.
  • Plan for ownership transfer of pixels, catalogs, payment methods, or other assets the user owns.

Full Removal Workflow

Step 1: Navigate to the User

  1. Go to Meta Business Suite (business.facebook.com) and sign in.
  2. Click the Settings gear icon in the top-right corner.
  3. In the left sidebar, select Users → People.
  4. Find and click the user you want to remove.

Step 2: Review Assigned Assets

  1. Review the user's Ad Accounts, Pixels, Catalogs, Pages, and Apps.
  2. Note any assets where the user is listed as the owner or primary contact.
  3. Plan to transfer ownership of critical assets before removal (see Step 4).

Step 3: Remove User from Business

  1. In the user's profile, scroll to the bottom.
  2. Click Remove from business (or Remove [Name]).
  3. Confirm the removal in the dialog box.
  4. Verify the user no longer appears in the People list.

Step 4: Transfer Ownership of Assets

Before or immediately after removal, transfer ownership of assets the user managed:

Pixel Ownership

  1. Go to Business Settings → Data Sources → Pixels.
  2. Select the pixel the user owned.
  3. Click Assign people and add a new Admin.
  4. Confirm the new Admin is set as the primary owner.

Catalog Ownership

  1. Go to Business Settings → Data Sources → Catalogs.
  2. Select the catalog the user owned.
  3. Click Assign people and add a new Admin.
  4. Confirm the new Admin can manage feeds and settings.

Payment Method Ownership

  1. Go to Business Settings → Payments → Payment Methods.
  2. Remove any credit cards or payment methods tied to the user's personal accounts.
  3. Ensure an active Admin is listed as the owner of business payment methods.

Custom Audiences & Saved Audiences

  • Custom audiences remain in the ad account and are accessible to other Admins/Advertisers.
  • No transfer needed, but document which audiences the user created for continuity.

Lead Forms & Offline Events

  • Lead forms remain in the ad account.
  • Transfer ownership or access to another Admin if the user managed integrations (CRM, email).

Step 5: Remove System Users & API Tokens

  1. Go to Business Settings → Users → System Users.
  2. Check if the user created any system users for API access (e.g., for Conversions API, automated reporting).
  3. Remove or reassign system users to another Admin.
  4. Revoke any API tokens or app access tied to the user's accounts.

Step 6: Check Partner Accounts

  1. Go to Business Settings → Users → Partners.
  2. Confirm the user was not also added as a partner account.
  3. If listed, remove them from the Partners list as well.

Step 7: Document the Removal

  1. Capture before and after screenshots from Business Settings → People.
  2. Update your internal access log or ticketing system with:
    • User name and email.
    • Date of removal.
    • Assets previously assigned.
    • Reason for removal and approver name.
    • Ownership transfers completed.
  3. Notify relevant teams (finance, security, campaign managers) of the removal.

Partial Removal Workflow

Step 1: Navigate to the User

  1. Go to Meta Business Suite (business.facebook.com) and sign in.
  2. Click the Settings gear icon in the top-right corner.
  3. In the left sidebar, select Users → People.
  4. Find and click the user whose access you want to reduce.

Step 2: Remove Specific Ad Accounts

  1. Scroll to the Ad Accounts section.
  2. Find the ad account(s) to remove.
  3. Click the X or Remove button next to each account.
  4. Confirm the removal in the dialog box.

Step 3: Remove Specific Assets

  1. Scroll to Pixels, Catalogs, Pages, or Apps.
  2. Find the asset(s) to remove.
  3. Click the X or Remove button next to each asset.
  4. Confirm the removal.

Step 4: Verify Remaining Access

  1. Review the user's profile to ensure they retain the correct assets.
  2. Confirm they can still perform their required tasks with the remaining permissions.

Step 5: Document the Change

  1. Capture a screenshot of the updated permissions.
  2. Update your internal access log with assets removed and reason for change.

Post-Removal Checklist

After removing a user (fully or partially), complete these follow-up steps:

  • Transfer pixel ownership to an active Admin to maintain tracking and Conversions API.
  • Transfer catalog ownership to ensure product feeds and dynamic ads continue running.
  • Remove payment methods tied to the user's personal accounts.
  • Revoke API tokens and system users created by or associated with the user.
  • Check Partners tab to ensure the user isn't also listed as a partner.
  • Update internal rosters: Remove from SSO groups, access logs, and password vaults.
  • Notify relevant teams: Inform finance, campaign managers, and security of the removal.
  • Save screenshots: Document the removal in Business Settings → People for compliance.
  • Review ad account activity: Check for any pending campaigns, approvals, or billing changes the user initiated.

Common Removal Scenarios

Scenario 1: Employee Offboarding

Trigger: Employee leaves the company.

Steps:

  1. Remove from business entirely (full removal).
  2. Transfer pixel, catalog, and payment method ownership.
  3. Revoke system users and API tokens.
  4. Update internal access logs and notify finance.

Scenario 2: Agency Contract Ends

Trigger: Agency partnership expires.

Steps:

  1. Remove agency users from the Partners tab (if added as partners).
  2. Remove individual agency employees from the People tab.
  3. Transfer ownership of any assets the agency managed (pixels, catalogs).
  4. Revoke API tokens used for reporting or automation.
  5. Document the removal and notify the client.

Scenario 3: Security Incident

Trigger: Account flagged for suspicious activity.

Steps:

  1. Immediately remove from business (full removal).
  2. Revoke all API tokens and system users.
  3. Remove payment methods to prevent unauthorized ad spend.
  4. Document the incident and notify security team.
  5. Review recent ad activity for unauthorized changes.

Scenario 4: User Changes Teams

Trigger: User moves to a different market or product line.

Steps:

  1. Remove old ad accounts and assets (partial removal).
  2. Add new ad accounts and assets via the Update Access workflow.
  3. Verify the user can access their new scope and no longer sees old assets.

Scenario 5: Contractor Project Completion

Trigger: Contractor finishes a specific project.

Steps:

  1. Remove from business if no future work is planned.
  2. Or, remove specific assets (partial removal) if they will work on other projects.
  3. Transfer ownership of any project-specific assets.
  4. Set a review date to confirm no lingering access.

Ownership Transfer Details

Pixel Ownership Transfer

Why: Ensure pixel continues to fire, Conversions API stays active, and event configuration is maintained.

How:

  1. Go to Business Settings → Data Sources → Pixels.
  2. Select the pixel.
  3. Click Assign people and add a new Admin.
  4. The new Admin becomes the primary owner.

Critical: Without an active pixel Admin, Conversions API may stop working and domain verification can lapse.

Catalog Ownership Transfer

Why: Maintain product feed updates and dynamic ad delivery.

How:

  1. Go to Business Settings → Data Sources → Catalogs.
  2. Select the catalog.
  3. Click Assign people and add a new Admin.
  4. Verify feed uploads and scheduled updates continue working.

Payment Method Revocation

Why: Prevent unauthorized billing charges or ad spend.

How:

  1. Go to Business Settings → Payments → Payment Methods.
  2. Remove credit cards or bank accounts tied to the departing user.
  3. Ensure at least one active Admin has a valid payment method on file.

System User & API Token Revocation

Why: Prevent automated scripts or integrations from continuing to run under the user's credentials.

How:

  1. Go to Business Settings → Users → System Users.
  2. Find system users created by the departing user.
  3. Generate new tokens under a service account or active Admin.
  4. Update integrations (Conversions API, reporting tools) with the new tokens.
  5. Delete or disable the old system user.

Troubleshooting

User Still Has Access After Removal

  • Verify you clicked Remove from business and confirmed the action.
  • Check the Partners tab to ensure they weren't also added as a partner.
  • Ask the user to log out and back in to refresh their access.

Cannot Remove User (Error Message)

  • Confirm you have Business Manager Admin rights.
  • Check if the user is the sole Admin on a payment method or critical asset.
  • Transfer ownership first, then retry the removal.

Ownership Transfer Failed

  • Ensure the new owner has Admin rights on the asset.
  • Verify the new owner is Active (not Pending) in the business.
  • Try removing and re-adding the new owner with Admin role.

Guardrails & Best Practices

  • Transfer ownership before removal: Avoid service disruptions by moving critical asset ownership to active Admins.
  • Document everything: Capture screenshots, update access logs, and note the reason for removal.
  • Revoke API tokens: System users and API tokens are separate from human users; check and revoke independently.
  • Check Partners tab: Users can be added both as employees and partners; remove from both if applicable.
  • Notify stakeholders: Inform finance, campaign managers, and security teams of removals, especially for Admins.
  • Review payment methods: Remove personal cards or accounts to prevent billing issues.
  • Audit regularly: Conduct quarterly access reviews to identify and remove inactive users proactively.

Checklist

  • Business Manager Admin access confirmed.
  • Removal approved by manager or business owner.
  • Assets owned by the user identified (pixels, catalogs, payment methods).
  • Ownership transferred to active Admins.
  • User removed from People tab (full removal) or specific assets removed (partial removal).
  • System users and API tokens revoked.
  • Partners tab checked and user removed if applicable.
  • Payment methods tied to the user removed.
  • Screenshots captured from Business Settings → People.
  • Internal access log updated with removal details.
  • Relevant teams notified (finance, security, campaign managers).
  • Recent ad activity reviewed for unauthorized changes (if security incident).
Nach oben