User roles and permissions in Scrunch

Scrunch uses role-based access control (RBAC) so teams can collaborate securely while keeping access scoped to what each person needs. Organization-wide roles can be overridden at the brand level, so a user can have different permissions for different brands in the same account.

Roles overview

• Admin
• Full access across the organization
• Can create and edit prompts, tags, and the AI Context tab
• Can invite and remove users or adjust user permissions

• Can create new brands (agency accounts only)

• Editor

• Can create and edit prompts, tags, and the AI Context tab
• Cannot add or remove users

• Cannot create new brands

• Viewer

• Read-only access across all brands in the organization

• Cannot make changes

• Guest (agency accounts only)

• Read-only access to the specific brand they were invited into
• Cannot view other brands in the organization

Permissions can be customized per brand for granular control.

Example: assigning and adjusting permissions

Admins can manage roles in the Members section of the Settings menu (for multi-brand orgs and agencies) or the Team Members tab in the left sidebar (for single-brand orgs and agency guests). Start with a conservative organization-wide role, then grant brand-level upgrades only where needed.

Best practices for RBAC

• Follow least privilege: give each user the minimum role needed to do their work. For example, assign Viewers to stakeholders who only need to review insights rather than create prompts.
• Review access quarterly: remove inactive users and adjust roles as responsibilities change.
• Use brand-level overrides to elevate access only for specific brands without granting full organizational privileges.

For agencies: managing client access and reporting

Agencies can manage multiple client brands from a single Scrunch workspace, with Guests invited into only the specific brand they should see. This keeps client access clean while letting your internal team work across brands. Reporting can be shared via custom options like Looker Studio.

Agencies using Scrunch include: - Big Leap, which reported time saved by managing clients in one unified workspace - Stratabeat, which adopted centralized client management and reported over 260% AI visibility improvements for clients

Explore the Agency Partner Program to see multi-client management features.

Related security and access features

• Single sign-on (SSO): Enterprise plan support for Okta, Microsoft Entra ID (formerly Azure AD), Google Workspace, plus any SAML 2.0 or OIDC-compliant provider. Options include just-in-time provisioning, domain enforcement, admin role management, and brand-level access controls. See supported providers and setup steps in the SSO FAQ and the Help Center:
• SSO providers supported

• SSO implementation guide

• Compliance: Scrunch is SOC 2 Type II compliant, with details and reports available in the publicly accessible Trust Center. Learn more in the SOC 2 FAQ:

• SOC 2 Type II compliance

• Data privacy: Scrunch does not collect personal information from members of the general public as part of its services. See the related FAQ:

• Data collection and privacy

Related FAQs

• Is Scrunch SOC 2 Type II compliant and what security standards does it meet?
• What single sign-on (SSO) providers does Scrunch support?
• Does Scrunch collect personal information from people using AI platforms like ChatGPT?