Available Permissions (ACL)
Understand how the Access Control List (ACL) works in Open Loyalty and explore the available permissions that define what admins can view and modify within the system.
Overview
The ACL (Access Control List) controls what an admin can view and modify in the Admin Panel.
Permissions are assigned per resource and come in two levels:
View: read-only access.
Modify: create, edit, delete, and run actions.
Anything not granted is hidden or disabled. Some API calls can return 403 when access is missing.
Grant the minimum permissions needed for the job (least privilege).
Where you manage permissions
You add these permissions in Settings → Roles when creating or editing a role. See Roles.
Common requirements and dependencies
Always grant View → Stores for new roles. Without it, the Admin Panel may not work.
Common dependencies:
Segments often needs Members to view members inside segments.
Transactions often needs Members for member-level transaction views and matching.
Issued rewards often needs Members to open linked member profiles.
Exports/imports require access to the underlying resources you export/import.
Permission catalog
Use the sections below as a reference when building roles.
Tenants (Stores)
Tenants (Stores)
Access tenant-level data.
View: required to display data across many screens.
Modify: edit tenant-related configuration.
Removing this permission can break page loading and data visibility.
When adding a new tenant, it's not automatically assigned a role. A super admin or an admin with role modification permissions must update this setting (see Settings / ACL).
Settings
ACL
Manage roles and permissions.
View roles
Create roles
Edit role permissions
You need ACL to change any role configuration.
Admins
Manage admin users.
View admin list
Edit admin details
Change passwords
Changing an admin’s role requires ACL permission.
Audit log
View logs
Filter by date range
Export logs
Channels
View channels
Modify channel configuration
Apply channel-related conditions
Language
Manage system languages
Add/remove languages
Change display language from the top navigation
Translations
Manage translation keys
Edit localized system text
Useful for multi-language deployments.
Settings
Access tenant-level settings screens, including:
Wallet types
Activation settings
Expiring units configuration
Wallet overview on the dashboard
Technical settings
Access advanced technical configuration options.
Members
Members
Members list
Single member profile
Activation/deactivation
Member configuration
Transaction matching
Segments
Segment list
Create/edit segments
Use segments in campaigns, achievements, and rewards
Viewing members inside segments requires Members permission.
Custom events
Manage custom events and schemas
Use custom events in campaigns and achievements
Badge
View badge data
Edit badge names
Modify completion counts
You need at least View to see badges in achievements and member profiles.
Analytics
Dashboard (General overview)
View dashboard overview charts
Filter dashboard data
Home
Access additional dashboard metrics, including:
Total members
Members without transactions
Members with transactions
Members by tiers
Single campaign view (Campaign overview)
Campaign-specific analytics
Filtering campaign metrics
Rewards
Issued rewards
Reward fulfillment list
Change reward status
Opening linked member profiles requires Members permission.
Rewards
View reward list
Add/edit rewards
Manage images
Duplicate rewards
Configure reward settings
Claiming rewards typically requires Members permission.
Rewards categories
Manage reward categories
Add new categories
Selecting categories during reward creation requires Rewards permission.
Other modules
Webhook subscriptions
View active webhooks
Add/delete webhook subscriptions
Collections
Manage collections
Add new collections
Importing values into collections requires Imports permission.
Tiers
View and edit tiers
Manage tier sets
Exporting members from tiers requires Exports permission.
Campaigns
View campaigns list
Add/edit/duplicate campaigns
Correct campaign display often requires Segments and Tiers permissions.
Default role
A role can be marked as Default. When enabled, it is assigned automatically to new admins created via SSO login.
Last updated
Was this helpful?