How do I set a user’s permissions?
Postmark users have four different possible roles: Account Owner, Account Admin, Server Admin, and Server Viewer. These four roles allow you to give your users different levels of access for reading, creating, and modifying Servers, API Tokens, billing information, and even other Users in your Postmark account.
Require 2FA
In the Account section of Postmark, it's possible to require all user accounts to use 2FA.
Roles
Account Owner
Account Owners have view and edit rights to all account information and settings. Account Owners can add users, change Server settings, and even delete the entire account. The person who signed up for the Postmark account automatically becomes the Account Owner when the account is created. Account Owners can also change another user’s role to Account Owner by transferring ownership to them, and they can also delete individual users' profiles. Users themselves will not be able to do the latter without assistance from the Account Owner.
Account Admin
Account Admins have all the permissions of an Account Owner (account-wide access, can change billing information, etc.). The restrictions on Account Admins are:
- They can’t cancel the account.
- They can’t transfer the account ownership (Change the account owner).
- They can’t delete their own user account.
The Account Admin role should be used for users that need to be able to access and modify billing information, create users, create Sender Signatures or Domains, and create Servers.
Server Admin
Server Admins have access and edit rights to all the information on Servers they are specifically assigned to. Server Admins can edit Templates, view API Tokens, change a Server’s webhook URLs, access and add to the Suppression list etc. They cannot see a list of all Servers, or view any account-related details, such as billing information. A Server Admin has view-only access to the Users page and can see the Account Owner, Account Admins, and any other Users that are associated with any Server they are associated with.
A good use for this role is a developer that is building out a Postmark integration for you or one of your customers and should have access to a particular Server’s API Tokens and settings but should not be able to access the entire account. For agencies this means you can separate your clients by Server, giving them access to just their Server and not the rest of your Postmark account.
Server Viewer
Server Viewers are only able to view reports, email activity, and receive email digests for the Server(s) they are assigned to. They can access the Suppression list, but are unable to add any recipients to it. Similar to a Server Admin, Server Viewers have view-only access to the Users page and can see the Account Owner, Account Admins, and any other Users that are associated with any Server they are associated with. An example use case for a Server Viewer is a customer support agent that needs to be able to confirm if an email was received or if there was an issue with delivery.
Billing details
You also have the ability to modify billing settings such as recipients for receipts and usage/billing error notifications and what is included in the bill to field on your receipts. We have a help article on what billing settings there are here for more information on making changes.
Adding a new user
To add a new user to your Postmark account, open the Users page and choose Invite Users.
Enter in the email address(es) for the new user(s). Note that if you choose to add multiple users at once, they will have the same roles that you choose during the user invite process. To make the new user(s) an Account Admin, check the Account Admin field:
If you do not want them to have account-wide access but do want them to be able to manage and modify Server(s), leave Account Admin unchecked and instead click on the dropdown arrow next to the Server name you want them to have access to.
You will then see the option to give the new user(s) either Full access (Server Admin - can edit Server information and settings), View only (Server Viewer - can view the Server’s Activity and Statistics), or No access (default). Permissions are set on a server by server level.
When you have decided the role the new user(s) should have, click Send Invites. The new user(s) will then receive an invitation to complete the process and set their name and username/password they will use for logging in.
If your sending is paused due to billing or compliance issues, the Send Invites option will not send the invitation email to a new user. Please contact us at support@postmarkapp.com for assistance.
Modifying the role of an existing user
In your Users page, you can see a list of all users in your account, along with their roles for each Server. Any user that has Admin access to the account will have an Admin badge next to their name. The account owner will have an Owner badge next to theirs.
To edit an existing user, click on their row in the Users table to view their profile and permissions. From the user’s profile, you can modify their permissions.
From the user’s profile, you can modify their permissions.
If the user needs to be able to view the entire account and manage the billing you can switch them to an Account Admin by checking the Account Admin box. You will need to confirm this decision by choosing Set as account admin:
If you want to give them access to a specific Server or only some of your Servers, use the dropdown next to the Server’s name their permissions should be modified for.
To make them a Server Admin for a selected Server, choose Full Access from the dropdown. If you are removing their ability to manage or view a Server, choose No Access from the dropdown. Select View only if you are giving them Server Viewer permissions for a new Server or downgrading them from a Server Admin.
If you want to give the user the same set of permissions for all of your Servers, choose Apply access to all….
You can then select their role for all of your Servers at once.
If you need to remove the user from the account, select Delete user from their profile page. You will be asked to confirm the deletion by entering in your password.