Roles and Permissions

Access model

SophMate should be rolled out by job responsibility, not by convenience. Administrators may need settings and diagnostics, support users may need Knowledge Base and reply drafts, marketers may need campaign and Image Studio workflows, and developers may need Theme Assistant, tools, and App Center access. Avoid granting broad access when a narrower role can do the work.

High-risk areas

Provider keys, budgets, approvals, custom tools, agents, workflow execution, Theme Assistant publishing, and WooCommerce write actions should be restricted. The approval controls docs explain the review model, while the roles tutorial provides a practical rollout checklist.

Maintenance

Review permissions after staff changes, agency handoffs, new custom tools, new agents, and production incidents. Any unexpected access to customer, payment, coupon, provider, or system settings should be escalated before the user continues.

Owner and cadence

• Primary owner: site administrator with provider, billing, and security responsibility.
• Review cadence: after provider, mailbox, role, budget, security, WooCommerce, or integration changes.
• Escalate when a setting grants high-risk access, changes provider spend, weakens privacy posture, or redirects alerts away from monitored owners.

Production checklist

• Separate conversation access from approval, execution, provider, budget, diagnostics, and custom-tool access.
• Review role mappings after staff changes, agency handoffs, incidents, and new modules.
• Document who owns provider credentials, budget limits, role access, notification routing, and ongoing review.
• Keep configuration changes behind administrator access and review them after plugin updates, staff changes, or incidents.

Acceptance checks

• Each role can perform its job without seeing unrelated high-risk controls.
• Unexpected access to customer, payment, provider, or system settings has an escalation path.
• A second administrator can explain why each high-risk setting is enabled and who may change it.
• No production credential, support mailbox, or notification path depends on an unmanaged personal account.

Common mistakes

• Using personal provider keys, personal mailboxes, or broad administrator access because it is faster during setup.
• Changing budgets, roles, notifications, or integrations without recording the owner and review reason.

Related operations

• Follow the roles tutorial.
• Review Agency Governance for client-site rollouts.
• Pair configuration work with Roles and Permissions.
• Review Approval Controls before enabling write-capable modules.
• Use Cost Allocation and Client Billing Review before client or team billing reviews.
• Use Security and Key Rotation before changing provider credentials.
• Use Cache Queue and Performance before scaling automation or alerts.
• Use Scheduled Task and Cron Reliability before relying on recurring work.
• Use Provider Models and Fallbacks before changing production model behavior.
• Use Data Residency and Provider Policy Review before sending sensitive context.
• Use Provider Rate Limits and Retry Planning before high-volume automation.
• Use Source Freshness Review Calendar before teams depend on policy sources.
• Use Email Deliverability and Domain Authentication before operational mail matters.