Duda User Management: Roles and Permissions | OpsBlu Docs

Duda User Management: Roles and Permissions

Manage team members, client permissions, and site-level access in Duda. Covers the agency-client permission model, staff accounts, and white-label...

Duda is built as an agency-first website builder with a permission model designed for web professionals managing multiple client sites. Access control operates at two levels: account-level staff members who manage the agency dashboard, and site-level permissions that control what clients and collaborators can do within individual sites.

Permission model overview

Duda structures access through:

  • Account Owner -- The primary agency account holder with full control over billing, staff, and all sites
  • Staff Members -- Team members within the agency account, each with a defined permission level
  • Client Permissions -- Per-site access granted to the end client, with configurable restrictions on what they can edit
  • Site Contributors -- Additional collaborators invited to specific sites

This two-tier model (agency staff vs. client access) is central to Duda's design.

Staff member permission levels

Staff accounts are managed under Account Settings > Team. Each staff member is assigned one of these roles:

  • Owner -- Full access to everything: billing, all sites, team management, white-label settings, and account configuration. Only one owner per account.
  • Admin -- Can manage all sites, view billing, manage team members, and access account settings. Cannot change the account owner or modify billing details.
  • Designer -- Can create, edit, and publish sites. Can access the site editor, manage site settings, and configure integrations. Cannot manage the team or access billing.
  • Content Editor -- Can edit existing site content (text, images) but cannot modify site structure, layouts, or design elements. Cannot add or remove pages or widgets.

Staff member limits depend on your Duda plan (Team plans include multiple seats; lower plans may be limited to the owner only).

Client access and permissions

For each site, you can grant the client access to a restricted version of the editor. This is configured per-site under Site Settings > Client Permissions (or from the site's management panel).

Client permission toggles include:

  • Edit Content -- Modify text, images, and other content within existing widgets
  • Add/Remove Pages -- Create new pages or delete existing ones
  • Edit Design -- Change colors, fonts, and layout options
  • Manage Blog -- Create, edit, and publish blog posts
  • Manage Store -- Manage eCommerce products, orders, and store settings
  • Manage Forms -- View form submissions and modify form settings
  • Manage SEO -- Edit page titles, meta descriptions, and SEO settings
  • View Analytics -- Access the built-in site analytics dashboard
  • Publish Site -- Push changes live (if disabled, changes require agency approval)

Clients log in through a separate client portal URL (white-label configurable). They never see other sites or account-level settings.

Managing users

Adding a staff member:

  1. Go to Account Settings > Team
  2. Click Add Team Member
  3. Enter the person's email and select their role (Admin, Designer, or Content Editor)
  4. Send invitation -- they receive an email to set up their account

Granting client access:

  1. Open the site's management panel
  2. Go to Client Permissions (or Grant Access)
  3. Enter the client's email
  4. Configure which permission toggles to enable
  5. Send invitation -- the client receives a branded login link

Removing access:

  1. For staff: Account Settings > Team > remove the member
  2. For clients: Site management panel > Client Permissions > revoke access
  3. For contributors: Site management panel > Contributors > remove

API access

Duda provides a REST API for agency and platform integrations:

  • API credentials are generated under Account Settings > API Access (or via the Duda partner/agency portal)
  • Authentication uses HTTP Basic Auth with an API user and key
  • API access is account-level -- it can manage all sites under the account
  • There are no per-site API scopes; the API inherits full account permissions
  • API endpoints cover site management, content injection, templates, and eCommerce

For third-party integrations (app development), Duda uses OAuth 2.0 via the Duda App Framework.

When offboarding a team member who had API access, regenerate the API credentials.

Analytics and tracking permissions

Duda has built-in analytics and supports external tracking:

  • Built-in analytics -- Site traffic, page views, form submissions, and click data are available in the site dashboard. Clients with the View Analytics permission can see this data. Staff with Designer or Admin roles can always access it.
  • Google Analytics -- Connect a GA property under Site Settings > Analytics. Requires Designer or Admin staff role. Clients with the SEO/Analytics permission toggle can view but not modify the GA configuration.
  • Custom tracking scripts -- Add GTM, Facebook Pixel, or other scripts via Site Settings > Head HTML or through the widget editor's HTML embed. Requires Designer or Admin role.
  • eCommerce tracking -- Conversion tracking for the built-in store is configured under eCommerce > Settings. Requires store management permission.

Content Editors and clients without analytics permissions cannot install or modify tracking code.

White-label considerations

Duda's white-label feature (on Agency Premium and higher plans) affects user management:

  • The client login portal uses your custom domain and branding
  • Client-facing emails come from your brand
  • Clients never see "Duda" branding
  • Staff members always see the Duda interface (white-label applies to client-facing only)

Security notes

  • Duda supports Google SSO for staff account login
  • Two-factor authentication is available for staff accounts
  • Client accounts use email-based login with password (no SSO option for clients)
  • Session timeouts are controlled by Duda and not configurable per-account
  • There is no SCIM provisioning or LDAP integration
  • Activity logging is limited to content change history within the site editor

Sub-pages in this section

  • Roles and Permissions -- Staff role comparison, client permission toggle reference, and recommended configurations for agency teams
  • Adding and Removing Users -- Staff onboarding, client access setup, and secure offboarding procedures
शीर्ष पर वापस जाएँ