The Trade Desk User Management

Complete guide to The Trade Desk permission model including seat-based access, advertiser-level scoping, API token management, and data permission.

The Trade Desk Permission Model

The Trade Desk uses a seat-based access model. A seat represents your organization's instance within the platform (your agency, brand, or trading desk). All users, advertisers, campaigns, and data assets live within a seat. Permissions are then scoped at two levels:

Seat level -- determines the user's role and what platform features they can access.
Advertiser level -- determines which advertisers within the seat the user can see and work with.

A user with Trader access scoped to three advertisers can build and optimize campaigns for those three advertisers but cannot see data or campaigns for other advertisers in the seat. A Seat Admin with "all advertisers" access has full visibility across the entire seat.

Available Roles

The Trade Desk provides the following seat-level roles:

Role	Campaign Operations	Data & Audiences	Billing & Finance	User Management	API Access
Seat Admin	Full access to all campaigns	Full DMP access, audience creation, third-party data	View and manage invoices, credit	Add/remove users, assign roles and scopes	Create and manage API tokens
Trader (Full Access)	Create, edit, optimize campaigns and line items	Use existing audiences, create custom audiences	No access	No access	Use existing tokens (cannot create)
Analyst (View Only)	View campaigns, line items, and IOs (read-only)	View audience reports	No access	No access	Read-only API access if granted
Finance	No campaign access	No data access	View invoices and financial reports	No access	No access

Additional details:

Seat Admin is the most powerful role. It combines platform administration with full trading capability. Keep the number of Seat Admins small -- typically 2-3 per seat for redundancy.
Trader is the standard working role for campaign managers and media buyers. Traders can do everything campaign-related but cannot manage other users, billing, or create API tokens.
Analyst provides read-only access. Analysts can view campaign performance, audience insights, and reporting dashboards but cannot modify campaigns, audiences, or settings.
Finance is a standalone role for accounting and billing teams. Finance users see only financial data -- invoices, payment history, credit balances. They cannot see campaign details, audiences, or performance data.

Advertiser Scoping

Every user assignment includes an advertiser scope that determines which advertisers they can access:

All Advertisers -- the user can see and work with every advertiser in the seat. Use this sparingly; it is appropriate for Seat Admins and senior traders who need cross-advertiser reporting.
Specific Advertisers -- the user can only see the advertisers explicitly listed in their scope. This is the default and recommended setting for most users.

When a new advertiser is created in the seat, users with "All Advertisers" scope automatically gain access. Users with specific advertiser scoping do not -- they must be manually granted access to the new advertiser.

Admin UI Paths

Managing seat users:

The Trade Desk UI
  > Admin (left sidebar, gear icon)
    > Users
      > + New User
      > [Existing user] > Edit role / Edit advertiser scope / Remove

Viewing a user's current access:

Admin > Users
  > [Search by name or email]
    > Click user row to see:
      - Role
      - Advertiser assignments
      - API token status
      - Last login date

Managing advertiser scoping:

Admin > Users
  > [Select user]
    > Advertiser Access section
      > Toggle "All Advertisers" or select specific advertisers

API Token Management

The Trade Desk API is heavily used for bulk campaign management, reporting automation, and third-party integrations. API tokens are a critical access control surface.

Token creation -- only Seat Admins can create API tokens. Tokens are created in Admin > API Tokens (or via the API itself with Admin credentials).
Token types -- The Trade Desk issues Partner API tokens for programmatic access. Each token is tied to a specific seat and inherits the seat's advertiser access.
Token scoping -- API tokens are not scoped to individual advertisers through the token itself. The token can access any advertiser in the seat. Restrict advertiser access through your integration code, not the token.
Token rotation -- tokens do not expire automatically. Rotate tokens quarterly and immediately when a team member with token access leaves.
User Access Tokens -- separate from Partner API tokens, these are per-user tokens used by some third-party tools. They inherit the user's role and advertiser scope. When a user is removed, their access token is invalidated.

To audit API access: Admin > API Tokens lists all active tokens, their creation date, and last usage timestamp.

Data and Audience Permissions

The Trade Desk has specific permissions around data assets that operate independently from campaign access:

First-party data -- uploading and managing CRM segments or first-party audience data requires Trader or Admin role. Analysts can view audience composition but cannot upload or modify data.
Third-party data marketplace -- browsing and activating third-party data segments (e.g., Oracle, Lotame, LiveRamp) requires Trader or Admin. Third-party data costs appear on the seat's invoice.
Data Partner integrations -- connecting DMP or CDP platforms (LiveRamp, Salesforce CDP) to the seat requires Admin role for initial configuration. Once connected, Traders can use the synced audiences.
Inventory lists -- custom inventory lists (allowlists, blocklists) can be created by Traders and Admins. Analysts can view but not modify them.
Custom bidding algorithms -- Koa (custom bidding) model creation and management requires Trader or Admin. These models are seat-level assets visible to all users with appropriate advertiser scope.

Analytics and Reporting Permissions

Standard reporting -- all roles except Finance can access campaign performance reports scoped to their advertiser access.
Cross-advertiser reporting -- only available to users with "All Advertisers" scope. Users with specific advertiser scoping see reports for their assigned advertisers only.
Path to conversion -- attribution and conversion path reports require at least Analyst role with access to the relevant advertiser.
Log-level data -- raw log data access requires separate enablement by The Trade Desk and is typically granted to Seat Admins. This is an additional permission beyond the standard role.
Report scheduling -- Traders and Admins can create scheduled reports delivered via email or SFTP. Analysts can view existing scheduled reports but cannot create new ones.
Real-time dashboards -- campaign delivery and pacing dashboards are available to all roles except Finance, scoped to the user's advertiser access.

Step-by-Step Guides

Add User Access -- invite users to the seat and configure role and advertiser scope
Update Access & Roles -- change roles, adjust advertiser scoping, or manage API tokens
Remove User Access -- offboard users, revoke tokens, and transfer owned assets

शीर्ष पर वापस जाएँ