Overview
Modifying user permissions in Spotify Ad Studio ensures team members have appropriate access levels as their roles evolve. Whether promoting a team member to Admin, adjusting campaign-level permissions, or restricting access for departing contractors, understanding the update process maintains security while enabling productivity.
When to Update Permissions
Role Promotions
Update access when team members need expanded capabilities:
| Scenario | Current Role | New Role | Trigger |
|---|---|---|---|
| Campaign manager promoted | Member | Admin | New responsibilities |
| Contractor becomes employee | Viewer | Member | Employment change |
| Team lead assignment | Member | Admin | Organizational restructure |
| Cross-functional project | Viewer | Member | Project requirements |
Role Restrictions
Reduce access when appropriate:
| Scenario | Current Role | New Role | Reason |
|---|---|---|---|
| Project completion | Admin | Member | Scope reduction |
| Team restructure | Member | Viewer | Role change |
| Access review findings | Admin | Member | Least privilege |
| Contract wind-down | Member | Viewer | Engagement ending |
Temporary Access Changes
Common scenarios requiring time-limited updates:
- Campaign launches: Elevated access for specific campaigns
- Audits: Read-only access for external reviewers
- Training: Expanded access during onboarding
- Coverage: Temporary admin access during team absences
Role Hierarchy and Permissions
Available Roles
| Role | Campaigns | Billing | Team Management | Reports | Settings |
|---|---|---|---|---|---|
| Owner | Full | Full | Full | Full | Full |
| Admin | Full | View | Add/Remove | Full | Modify |
| Member | Create/Edit | None | None | Full | None |
| Viewer | View Only | None | None | View | None |
Permission Details
Owner Capabilities:
- Complete account control
- Billing and payment management
- Transfer ownership
- Delete account
- All Admin capabilities
Admin Capabilities:
- Create, edit, pause, and delete campaigns
- View billing history (no modifications)
- Invite and remove team members
- Modify member roles
- Access all reporting
- Configure account settings
Member Capabilities:
- Create and manage campaigns
- Access full reporting suite
- Cannot modify team or billing
- Cannot access account settings
Viewer Capabilities:
- Read-only access to campaigns
- View reports and analytics
- Cannot make any modifications
- Limited to observation
Step-by-Step Update Process
Method 1: Via Team Settings
Step 1: Access Team Management
- Log in to Spotify Ad Studio
- Click your profile icon (top right)
- Select Account Settings
- Navigate to Team Members tab
Step 2: Locate the User
- Review the team member list
- Use search if many members exist
- Identify the user to modify
- Note their current role
Step 3: Modify the Role
- Click the role dropdown next to the user's name
- Select the new role from available options:
- Admin
- Member
- Viewer
- Confirm the selection when prompted
- Changes take effect immediately
Step 4: Verify the Change
- Refresh the Team Members page
- Confirm the new role displays correctly
- Ask the user to log out and back in
- Have them verify new permissions work
Method 2: Re-invitation (For Major Changes)
For significant role changes, sometimes re-inviting is cleaner:
- Remove the existing user (see Remove Access)
- Send a new invitation with the correct role
- User accepts the new invitation
- Old sessions automatically invalidate
Upgrading Access Levels
Upgrading to Admin
What the User Gains:
- Billing information visibility
- Team member management
- Full campaign control
- Account settings access
- API credential management
Pre-Upgrade Checklist:
□ Business justification documented
□ Manager approval obtained
□ User understands new responsibilities
□ Current access audit completed
□ Training on admin functions provided
□ Emergency procedures reviewed
Post-Upgrade Tasks:
- Notify the user of their new capabilities
- Review billing sensitivity with them
- Ensure they understand team management
- Document the change with justification
- Schedule follow-up review (30 days)
Upgrading from Viewer to Member
What the User Gains:
- Campaign creation abilities
- Campaign editing and management
- Full reporting access
- Cannot manage team or billing
Process:
- Navigate to Team Members
- Find the user currently as Viewer
- Change role to Member
- Notify user of new capabilities
- Provide training on campaign management
Downgrading Access Levels
Downgrading to Viewer
When to Downgrade:
- Project completion
- Role change within organization
- Access review recommendations
- Contractor engagement ending
- Security incident response
What the User Loses:
- Campaign creation/editing
- Campaign management
- Only retains viewing access
Process:
- Communicate First: Inform the user before making changes
- Transfer Ownership: Reassign any campaigns they created
- Make the Change: Update role in Team Settings
- Verify Access: Confirm they can view but not edit
- Document: Record the change and reason
Emergency Downgrade
For immediate security needs:
- Navigate directly to Team Members
- Change role to Viewer immediately
- Notify security team
- Document the incident
- Communicate with user appropriately
- Review for permanent removal if needed
Campaign-Level Permission Considerations
When Changing Roles
Consider the impact on active campaigns:
| Original Role | New Role | Campaign Impact |
|---|---|---|
| Admin → Member | Member | Loses team management, keeps campaigns |
| Admin → Viewer | Viewer | Cannot edit existing campaigns |
| Member → Viewer | Viewer | In-progress campaigns need reassignment |
| Viewer → Member | Member | Can now edit campaigns |
Draft Campaigns
- Downgrading Creators: Reassign draft campaigns before downgrade
- Scheduled Campaigns: Verify scheduled campaigns have valid editors
- Active Campaigns: Ensure ongoing campaigns have appropriate oversight
Bulk Updates
Multiple User Changes
For organization-wide restructures:
- Plan the Changes: Create a spreadsheet of all updates
- Communicate First: Notify affected users
- Execute Systematically: Update users one by one
- Verify Each: Confirm changes applied correctly
- Document All: Record each change with timestamp
Common Bulk Scenarios
- Team restructure: Multiple role adjustments
- Access review results: Applying principle of least privilege
- New project teams: Expanding access for new initiatives
- Contractor transitions: Adjusting external partner access
Audit Trail and Documentation
What to Record
For each access change, document:
## Access Change Record
**Date**: [Date of change]
**User**: [Email/Name]
**Changed By**: [Admin who made change]
**Previous Role**: [Old role]
**New Role**: [New role]
**Justification**: [Business reason]
**Ticket/Request**: [Reference number]
**Approved By**: [Manager/Owner]
**Expiration**: [If temporary, when to review]
Screenshot Evidence
Capture before and after:
- Team Members list before change
- Confirmation dialog during change
- Team Members list after change
- User's view of their own permissions
Retention Requirements
- Keep access change records for 2+ years
- Store with IAM documentation
- Include in quarterly access reviews
- Reference during security audits
Troubleshooting Common Issues
Role Change Not Applying
Symptoms: User still has old permissions
Solutions:
- Have user clear browser cache
- Try incognito/private browsing
- Complete logout and fresh login
- Check if multiple accounts exist
- Contact Spotify support if persists
Cannot Find User in List
Symptoms: User not visible in Team Members
Possible Causes:
- User was already removed
- Different Ad Studio account
- User never accepted invitation
- Wrong email address
Resolution:
- Search by email address
- Check pending invitations
- Verify correct Ad Studio account
- Re-invite if necessary
Insufficient Permissions to Make Changes
Symptoms: Cannot modify other users' roles
Solutions:
- Verify you have Admin or Owner role
- Check if user is an Owner (cannot be modified by Admins)
- Request Owner to make the change
- Escalate to account Owner
Changes Affecting Active Campaigns
Prevention:
- Review active campaigns before downgrading
- Reassign ownership of critical campaigns
- Pause campaigns if necessary during transition
- Communicate with campaign stakeholders
Best Practices
Before Making Changes
- Verify Identity: Confirm the request is legitimate
- Check Justification: Ensure business need exists
- Review Current Access: Understand what will change
- Consider Timing: Avoid changes during critical campaigns
- Plan Communication: Prepare to notify affected users
During the Change
- Document Everything: Record the change as it happens
- Screenshot Evidence: Capture before and after states
- Verify Immediately: Confirm the change took effect
- Test Access: Have user verify new permissions
After the Change
- Notify the User: Communicate what changed and why
- Provide Training: If access expanded, offer guidance
- Schedule Review: Set reminder to review temporary changes
- Update Documentation: Maintain current access records
- Monitor Activity: Watch for issues or concerns
Security Considerations
Principle of Least Privilege
- Grant minimum access needed for the role
- Review and adjust as responsibilities change
- Don't default to Admin when Member suffices
- Regular access reviews catch privilege creep
Separation of Duties
- Different people should approve and execute changes
- Document who requested vs. who implemented
- Avoid self-service for privilege escalation
Access Review Cadence
| Review Type | Frequency | Focus |
|---|---|---|
| New hire | 30 days | Appropriate initial access |
| Quarterly | 90 days | All users, role appropriateness |
| Annual | Yearly | Comprehensive audit |
| Incident-driven | As needed | Security events |
Related Documentation
- Add User Access - Inviting new team members
- Remove User Access - Offboarding procedures
- Spotify Ads User Management Overview - Complete access guide