Wix uses role-based access control (RBAC) to manage what contributors can do. Understanding each role's permissions helps you assign appropriate access levels.
Available Roles
Site-Level Roles
These roles apply to individual Wix sites:
- Owner - Full control
- Admin - Site management
- Site Member Manager - Manage site members only
- Blog Writer - Create/edit blog posts
- Blog Editor - Full blog management
- Contributor - Custom permission sets
- Viewer - Read-only access
Organization-Level Roles
For Wix Organizations (multiple sites):
- Organization Owner - Full organization control
- Organization Admin - Manage organization settings
- Billing Manager - Billing and subscriptions only
Detailed Role Breakdown
Owner (Site Owner)
Full control over the site. Only one Owner per site.
Can do:
- Everything (all permissions)
- Transfer ownership
- Delete site
- Manage billing
- Add/remove all contributors
- Edit all content
- Install/remove apps
- Manage domains
- Export site data
Cannot do:
- Be removed by others (must transfer ownership first)
When to assign:
- Primary site owner
- Client receiving site handoff
- Business owner
Security:
- Require 2FA
- Use strong password
- Limit to one person when possible
Admin
Manages the site but cannot transfer ownership or delete site.
Can do:
- Edit all pages
- Manage apps
- Invite/remove contributors (except Owner)
- View analytics
- Manage site settings
- Configure SEO
- Manage domains
- Publish site changes
- View billing (cannot change plans)
Cannot do:
- Transfer ownership
- Delete site
- Change billing/plans
- Remove Owner
- Access organization settings
When to assign:
- Site managers
- Lead developers
- Agency project managers
- Trusted team members
Best practice:
- Have at least one Admin (besides Owner)
- Limit to 2-3 people for security
Site Member Manager
Manages site members (customer accounts) only.
Can do:
- View site members
- Approve member registrations
- Block/unblock members
- Manage member roles (if using member levels)
- Send member emails
- Export member data
Cannot do:
- Edit site pages
- Manage apps
- Change site settings
- Access billing
- View full analytics
When to assign:
- Community managers
- Customer support staff
- Membership coordinators
Use case:
- Sites with Wix Members enabled
- Community or membership sites
- E-learning platforms
Blog Writer
Creates and edits blog content only.
Can do:
- Create new blog posts
- Edit own blog posts
- Upload images to blog
- Manage own post drafts
- Publish posts (if permission granted)
Cannot do:
- Edit other people's posts (by default)
- Delete published posts
- Manage blog settings
- Edit site pages
- Access analytics
- Manage apps
When to assign:
- Content writers
- Guest bloggers
- Marketing team members
Customization:
- Can grant/deny publish permission
- Can allow editing others' posts
Blog Editor
Full blog management including settings and other writers' posts.
Can do:
- Create/edit/delete all blog posts
- Manage blog categories/tags
- Configure blog settings
- Manage blog layout
- Publish/unpublish posts
- Manage other writers' posts
- Schedule posts
Cannot do:
- Edit non-blog site pages
- Manage apps (except blog-related)
- Access billing
- Manage domains
When to assign:
- Managing editor
- Content director
- Blog administrator
Best practice:
- One Blog Editor per blog
- Oversees all Blog Writers
Contributor (Custom)
Customizable role with granular permissions.
Available permissions:
Content:
- Edit specific pages (choose which)
- Edit all pages
- Manage media library
- Manage blog (if enabled)
Apps & Features:
- Manage specific apps
- Manage bookings
- Manage events
- Manage stores/products
Analytics:
- View site analytics
- View marketing analytics
Settings:
- Manage SEO
- Manage site settings
- Manage members
When to assign:
- Custom access needs
- Temporary projects
- Specialized roles (e.g., only manages products)
How to configure:
- Invite contributor
- Select "Contributor" role
- Choose specific permissions
- Send invite
Example configurations:
Product Manager:
- Manage Wix Stores
- Edit product pages
- View analytics
- Edit other pages
SEO Specialist:
- Manage SEO settings
- View analytics
- Edit meta descriptions
- Edit page content
Designer:
- Edit all pages
- Manage media
- Publish changes (requires approval)
- View billing
Viewer
Read-only analytics access.
Can do:
- View site analytics
- View site performance reports
- Export analytics data
- View marketing reports
Cannot do:
- Edit anything
- View site in Editor
- Manage apps
- Access billing
- Invite contributors
When to assign:
- Stakeholders
- Clients (for reporting)
- Marketing analysts
- Executives (reports only)
Best practice:
- Perfect for "report-only" access
- No risk of accidental changes
Organization Roles
Organization Owner
Full control over Wix Organization and all sites within it.
Can do:
- Manage all organization sites
- Add/remove sites from organization
- Manage organization billing
- Invite organization team members
- Assign roles across sites
- Transfer organization ownership
- Delete organization
When to assign:
- Business owner
- Agency owner
- Primary account holder
Important:
- Only ONE Organization Owner
- Different from Site Owner
Organization Admin
Manages organization but cannot transfer ownership.
Can do:
- Add/remove sites
- Manage team members
- Assign site access
- View organization analytics
Cannot do:
- Transfer organization ownership
- Delete organization
- Modify billing (view only)
When to assign:
- Operations managers
- Agency administrators
Billing Manager
Manages billing and subscriptions only.
Can do:
- View all invoices
- Update payment methods
- Purchase plans/upgrades
- Manage subscriptions
- View billing history
Cannot do:
- Edit sites
- Manage contributors
- Access organization settings (beyond billing)
When to assign:
- Finance team
- Accounting department
- Operations manager
Use case:
- Separate billing from operational access
- Compliance with finance policies
Permission Matrix
| Permission | Owner | Admin | Blog Editor | Blog Writer | Site Member Manager | Contributor | Viewer |
|---|---|---|---|---|---|---|---|
| Content Editing | |||||||
| Edit all pages | Custom | ||||||
| Edit blog posts | (own) | Custom | |||||
| Publish changes | (blog) | Custom | Custom | ||||
| Manage media | (blog) | (blog) | Custom | ||||
| Site Management | |||||||
| Manage apps | Custom | ||||||
| Site settings | Custom | ||||||
| SEO settings | (blog) | Custom | |||||
| Manage domains | |||||||
| User Management | |||||||
| Add/remove contributors | |||||||
| Manage site members | Custom | ||||||
| Transfer ownership | |||||||
| Analytics & Reporting | |||||||
| View analytics | Custom | ||||||
| Export data | (members) | Custom | |||||
| Billing & Admin | |||||||
| View billing | |||||||
| Change plan | |||||||
| Delete site |
Special Permissions
Publishing Restrictions
Some roles can edit but not publish:
How to enable:
- Invite contributor
- Select appropriate role
- Uncheck "Publish changes" permission
- Changes require Owner/Admin approval before going live
Use cases:
- Client approval workflows
- Quality control
- Trainee access
Time-Limited Access
Wix doesn't support automatic expiration, but you can:
Workaround:
- Set calendar reminder
- Review access on specific date
- Manually remove when period ends
Best practice:
- Document access expiration in spreadsheet
- Monthly access review
Page-Specific Access
Contributors can be limited to specific pages:
How to configure:
- Invite Contributor
- Select "Contributor" role
- Choose "Edit specific pages"
- Select which pages they can edit
Use case:
- Client edits own landing page
- Department manages own section
- Freelancer works on specific project
Role Selection Guide
Choose Role Based on Need
| User Type | Recommended Role | Why |
|---|---|---|
| Business owner | Owner | Full control needed |
| Site manager | Admin | Daily management, no transfer rights needed |
| Developer | Admin or Contributor (custom) | App management + code access |
| Content writer | Blog Writer | Content only, no settings |
| Content manager | Blog Editor | Oversees writers |
| Marketing analyst | Viewer | Reports only |
| Customer support | Site Member Manager | Member management only |
| Client (handoff) | Owner | Full ownership transfer |
| Freelancer (temp) | Contributor (custom) | Limited, specific access |
| Finance team | Billing Manager (if org) | Billing only |
Changing Roles
How to Change a Contributor's Role
- Dashboard → Settings → Roles & Permissions
- Find contributor
- Click Options (...) → Edit Permissions
- Select new role
- Save
Note: Changes take effect immediately.
Upgrading/Downgrading Access
Upgrading (e.g., Blog Writer → Blog Editor):
- No issues, more permissions granted immediately
Downgrading (e.g., Admin → Contributor):
- Lost access may disrupt their workflow
- Communicate change beforehand
- Ensure no active projects are affected
Best Practices
1. Principle of Least Privilege
Give minimum access required:
- Blog writer doesn't need Admin
- Analyst doesn't need edit access
- Developer doesn't need billing access
2. Regular Role Audits
Quarterly review:
- Is this person still active?
- Do they still need this access level?
- Should role be upgraded/downgraded?
3. Role Documentation
Maintain a roles document:
## Role Definitions
### Admin Role
**Who:** Site managers, lead developers
**Access:** Full site editing, app management, contributor management
**Cannot:** Change billing, delete site
### Blog Writer Role
**Who:** Content team, guest writers
**Access:** Create/edit own blog posts
**Cannot:** Publish without approval, edit other pages
4. Separation of Duties
Don't combine incompatible roles:
- Billing Manager ≠ Content Editor (different people)
- Owner ≠ temporary contractors
5. Two-Person Rule for Critical Actions
Require two people for:
- Site ownership transfer
- Domain changes
- Billing plan changes
- Deleting apps with customer data
Troubleshooting Roles
User Can't Access Expected Feature
Solution:
- Verify their current role
- Check specific permissions (if Contributor)
- Upgrade role if appropriate
- Or grant specific permission
Too Many Admins
Problem: Security risk if many people have Admin access.
Solution:
- Review actual needs
- Downgrade to Contributor with custom permissions
- Keep 2-3 Admins maximum
User Has Wrong Role
Solution:
- Edit permissions immediately
- Communicate change
- Audit similar users for same issue
Security Implications by Role
| Role | Security Risk | Mitigation |
|---|---|---|
| Owner | Critical - Full control | 2FA required, strong password, limit to 1 person |
| Admin | High - Can add/remove users | 2FA recommended, regular audits |
| Contributor (custom) | Medium - Depends on permissions | Limit permissions, review regularly |
| Blog Writer | Low - Content only | Standard security |
| Viewer | Very Low - Read-only | Ensure analytics don't contain sensitive data |