Amazon Advertising Remove User Access

Remove User Access

Use this process to offboard users from Sponsored Ads or DSP. Properly removing access protects your account from unauthorized activity and maintains compliance.

Removing a user is permanent. Always transfer asset ownership before removal.

When to Remove Users

Remove Amazon Advertising access when:

• Employee leaves the organization
• Agency contract ends or agency no longer manages specific advertisers
• User changes roles and no longer requires Amazon Advertising access
• Security or compliance teams request removal
• Temporary contractor's project concludes
• User has been inactive for 90+ days
• Finance or legal requests removal
• Consolidating access to different manager account or seat

Deactivation Triggers

Common triggers for immediate removal:

• Employee termination: Revoke access same day
• Agency contract termination: Remove within 24 hours
• Role change: If transitioning to non-advertising role, remove access
• Security incident: Immediately remove if credentials compromised
• Quarterly access review: Remove users inactive for 90+ days
• Policy violations: Remove per security team request

Pre-Removal Assessment

Before removing a user:

Identify owned assets

Sponsored Ads:

• Campaigns they created or manage
• Saved reports or dashboards
• Scheduled campaigns

DSP:

• Line items and insertion orders they manage
• Audiences or pixels they configured
• Custom creatives they uploaded
• Saved reports

Transfer ownership

For each asset:

1. Identify new owner (another Administrator/Editor/Operator)
2. Transfer ownership or document handoff
3. Update team on ownership changes

Critical: Don't skip transfer. Assets may become inaccessible or orphaned.

Confirm approval

Obtain written approval from:

• User's manager or account owner
• Finance or HR if due to termination
• Security if part of audit

Save approval for access log.

Removal Steps (Sponsored Ads)

Step 1: Access user management

1. Sign in to Amazon Advertising
2. Select correct advertiser profile or manager account
3. Go to Settings → User management

Step 2: Review current access

1. Locate user in the list
2. Review their role and marketplace access
3. Screenshot for compliance record

Step 3: Remove user

1. Find user and click Remove or Delete
2. If they should lose access to some marketplaces but not all, click Edit and deselect marketplaces
3. Confirm removal when prompted
4. User immediately loses access

Step 4: Verify removal

1. Refresh page and confirm user no longer appears (or has updated marketplace access)
2. Screenshot updated list

Removal Steps (DSP)

Step 1: Access DSP user management

1. Open Amazon DSP console
2. Select correct seat
3. Navigate to Admin → User Management

Step 2: Review current access

1. Locate user in list
2. Review role and advertiser permissions
3. Screenshot for record

Step 3: Remove user

1. Select user and click Remove or Delete
2. If reducing access, edit to remove specific advertiser permissions
3. Confirm removal

Step 4: Verify removal

1. Refresh and confirm user no longer appears or has reduced access

Post-Removal Tasks

Update documentation

• Access log:
  • User email and name
  • Date removed
  • Reason (e.g., "Employee termination," "Contract ended")
  • Approver
  • Product(s) removed from (Sponsored, DSP, or both)
  • Assets transferred and new owners
• SSO/IAM: Remove from any Amazon Advertising groups
• Internal roster: Update team roster

Notify stakeholders

• Inform user if appropriate
• Alert team members who collaborated with removed user
• Update documentation referencing user

Audit remaining users

• If user had both Sponsored and DSP, verify removed from both
• Check for other users needing removal
• Flag Administrators who no longer need that role

Schedule next review

• Add removal to quarterly access review log
• Set reminder to review all users in 90 days

Troubleshooting

Cannot remove user because they own active campaigns:

• Transfer ownership first, then retry removal
• Contact Amazon Advertising support if blocked

User removed but can still access:

• Verify removed from correct advertiser profile/seat
• Check if they have access to different advertiser profiles
• Contact Amazon support if persists

Need to restore removed user:

• Removal is permanent; cannot restore
• Re-add through Add user workflow if needed

User had billing access:

• If they were Administrator/Billing, ensure another user can access invoices
• Remove from invoice recipient lists

User had both Sponsored and DSP:

• Remove separately from each product
• Verify removed from both before closing ticket

Best Practices

• Remove access same day as termination/contract end
• Always transfer ownership before removing
• Screenshot before and after for compliance
• Run quarterly access reviews
• Document every removal with date, reason, approver
• Verify removal from both products if user had Sponsored and DSP
• Rotate API keys if user had access to them

Common Use Cases

Employee termination:

1. Confirm termination date
2. Transfer campaigns/line items to manager
3. Remove from both Sponsored and DSP on last day
4. Document removal
5. Update rosters

Agency contract ends:

1. Confirm end date
2. Transfer campaigns back to internal team
3. Remove agency users within 24 hours
4. Update vendor contact list

Role change to non-digital:

1. Confirm role change
2. Assess if Viewer/Analyst access needed instead
3. Remove if no access needed, or change to read-only
4. Document change

Quarterly access review cleanup:

1. Export user list from both Sponsored and DSP
2. Cross-reference against HR roster
3. Remove users who left or haven't logged in for 90+ days
4. Document batch cleanup

Security incident:

1. Immediately remove user
2. Document incident
3. Transfer ownership after removal
4. Report to security team