What user roles and permissions are available in Scrunch?

Scrunch uses role-based access control (RBAC) with four roles: Admin, Editor, Viewer, and Guest. Organization-wide roles can be customized at the brand level, so a user can have different permissions for different brands within the same account. Guests are available for agency accounts and see only the specific brands they’re invited to.

Roles at a glance

• Admin
• Full access across the organization
• Can create and edit prompts, tags, and the AI Context tab
• Can invite and remove users or adjust user permissions

• Can create new brands (agency accounts only)

• Editor

• Can create and edit prompts, tags, and the AI Context tab

• Cannot add or remove users or create new brands

• Viewer

• Read-only access across all brands in the organization

• Cannot make changes

• Guest (agency accounts only)

• Read-only access to the specific brand they were invited into
• Cannot view other brands in the organization

Brand-level overrides and multi-brand setups

• Organization-wide roles can be overridden per brand for granular control.
• Example: Assign a user Viewer access org-wide, then elevate them to Editor for a single brand that needs their contributions—without granting broader privileges.
• Guests are ideal for client stakeholders in agency accounts who need read-only access to a single brand.

Where to manage roles

• Multi-brand orgs and agencies: Go to Settings → Members.
• Brands and agency guests: Use the Team Members tab in the left sidebar.

Best practices for RBAC

• Apply least privilege: give users the minimum access needed to do their work. For example, provide Viewer access to stakeholders who only need to review data.
• Review access quarterly to remove inactive accounts and adjust roles as responsibilities change.
• Start with conservative organization-wide roles, then grant per-brand upgrades where necessary to avoid over-permissioning.

Advanced access controls for Enterprise

Enterprise customers can pair RBAC with single sign-on (SSO) for centralized identity and governance. SSO supports SAML 2.0 and OIDC, with options for just-in-time provisioning, domain enforcement, admin role management, and brand-level access controls. See the full list of SSO providers Scrunch supports.

For broader security context—including SOC 2 Type II status, policies, and subprocessors—visit the publicly available Scrunch Trust Center. Audit logs are available to help track user actions and support compliance and incident investigations.