Meta Business Suite (formerly Facebook Business Manager) provides a structured system for assigning roles and permissions to team members, ensuring security while enabling efficient collaboration. The platform emphasizes the principle of least privilege—granting only the access necessary for each user’s responsibilities ^[1]. With the transition from Business Manager to Meta Business Suite, businesses must now manage permissions through portfolios, which centralize control over assets like Facebook Pages, ad accounts, and Instagram profiles ^[2]. Roles are categorized into business-level (e.g., Business Admin, Employee) and asset-level (e.g., Page Admin, Ad Account Analyst), each with distinct capabilities ^[4]. Assigning these roles correctly prevents unauthorized access, streamlines workflows, and maintains accountability ^[3].

Key findings from the sources:

• Business-level roles (Admin, Finance Editor, Employee) control overarching permissions, while asset-level roles (Page Editor, Ad Account Advertiser) manage specific tasks ^[3][4].
• Full control grants comprehensive management rights, while partial access restricts users to specific functions (e.g., viewing reports or creating ads) ^[5][7].
• Best practices include regular audits, limiting Admin roles, and using two-factor authentication to enhance security ^[1][4].
• Commerce Manager introduces task-specific permissions (e.g., order fulfillment, financial management) for Shops and catalogs ^[9].

Assigning Roles and Permissions in Meta Business Suite

Business-Level Roles and Responsibilities

Business-level roles define the overall access a user has within Meta Business Suite, impacting their ability to manage portfolios, assign permissions, and oversee financial settings. These roles are foundational, as they determine whether a user can add others, modify asset access, or handle billing. The two primary business-level roles—Business Admin and Business Employee—serve distinct purposes, with additional financial roles (Finance Editor, Finance Analyst) available for specialized tasks ^[3][8].

Business Admins hold full control over the business portfolio, including:

• Adding or removing people and assigning their roles ^[5].
• Managing all business assets (Pages, ad accounts, Instagram profiles) and their permissions ^[4].
• Deleting the business portfolio or assets, which requires confirmation to prevent accidental removal ^[1].
• Accessing financial tools, such as payment methods and transaction histories ^[3].

*Citation: "Business Admins can assign access to other people, remove people from having access to a business asset, and delete a business portfolio" ^[5].*

Business Employees, by contrast, have limited access determined by the Admin:

• Cannot add or remove other users or modify their roles ^[4].
• May be granted partial access to specific assets (e.g., viewing ad performance but not editing campaigns) ^[7].
• Typically assigned to team members who need to perform day-to-day tasks without administrative oversight ^[3].

Financial roles add another layer of specialization:

• Finance Editor: Can manage payment methods, view transactions, and update billing information but cannot assign roles or delete assets ^[3].
• Finance Analyst: Restricted to viewing financial data (e.g., ad spend reports) without editing capabilities ^[3].

Best practices for business-level roles:

• Assign Admin access sparingly, reserving it for senior team members or agency leads who require full control ^[4].
• Use Employee roles for most team members, tailoring their asset-level permissions as needed ^[10].
• Conduct quarterly audits to remove inactive users or adjust permissions based on role changes ^[3].
• Enable two-factor authentication for all Admins to mitigate security risks ^[1].

Asset-Level Roles and Permissions

Asset-level roles grant granular control over specific Facebook Pages, ad accounts, Instagram profiles, or Commerce Manager tools. These roles are assigned within the business portfolio and determine what actions a user can perform on individual assets ^[6]. Unlike business-level roles, asset-level permissions are task-specific, ensuring users only access what’s necessary for their work ^[7]. For example, a social media manager might need Page Editor permissions to publish content, while an analyst requires Ad Account Analyst access to generate reports ^[4].

Facebook Pages and Instagram Accounts

Roles for Pages and Instagram accounts include:

• Admin: Full control over the Page/Instagram account, including assigning roles, editing settings, and publishing content ^[10].
• Editor: Can edit the Page, post content, respond to messages, and create ads but cannot manage roles or settings ^[7].
• Moderator: Limited to responding to comments, deleting posts, and sending messages; cannot create posts or ads ^[4].
• Advertiser: Can create ads and view insights but cannot manage the Page itself ^[7].
• Analyst: Restricted to viewing insights and performance data without editing capabilities ^[10].

*Citation: "Advertisers can create and edit ads but cannot manage the Page roles or settings" ^[7].*

Ad Accounts

Ad account roles are critical for managing campaigns and budgets:

• Admin: Full access to the ad account, including creating/editing ads, managing billing, and assigning roles ^[7].
• Advertiser: Can create, edit, and pause ads but cannot manage permissions or payment methods ^[10].
• Analyst: View-only access to ad performance and reports ^[7].

*Citation: "Analysts can only view ads and reports but cannot make changes" ^[7].*

Commerce Manager

Commerce Manager introduces task-specific permissions for Shops and catalogs:

• Full control: Manage all aspects of the commerce account, including product listings, orders, and financial settings ^[9].
• Partial access: Limited to specific tasks like fulfilling orders or updating product details ^[5].

*Citation: "Users with partial access can perform tasks like order fulfillment but cannot delete the commerce account" ^[9].*

Key considerations for asset-level roles:

• Assign Editor or Moderator roles to content creators who need to engage with audiences but shouldn’t manage ads ^[4].
• Use Advertiser roles for team members running campaigns, ensuring they cannot alter billing or account settings ^[7].
• Grant Analyst access to stakeholders who only need performance data (e.g., clients or executives) ^[10].
• For Commerce Manager, separate order fulfillment permissions from financial access to reduce fraud risks ^[9].