Skip to main content

How to use Spikerz permissions management?

Gain full visibility into who has access to your brand’s social assets—and revoke risky access fast.

Written by Ron Storfer

What Is Permissions Management?

Spikerz’s Permissions Management feature helps you review, monitor, and manage all users who have access to your organization’s social media accounts. It provides a centralized view across platforms, highlights risky users, and gives you actionable insights to prevent unauthorized access.

With this feature, you can:

  • See who has access to which assets across Facebook, Meta, and LinkedIn

  • View risk levels based on access type, 2FA, asset count, and known data breaches

  • Filter by user, platform, or asset

  • Instantly identify whether users are protected by Spikerz

  • Revoke access directly from Facebook accounts

How to Use Permissions Management

Step 1
In your Spikerz dashboard, go to "All assets", and tap on the "Asset permissions" button.

  • You can also go to each asset and see its own data - per asset.

Step 2
You’ll land on a full overview of all users with access to your organization’s connected social media platforms.

⚠️ Platform Support (as of now):

  • Meta – Detection only

  • Facebook – Detection + Revoking access

  • LinkedIn – Detection only

  • Instagram – Detection only

What You’ll See About Each User

Each row displays the following details:

  • Name & Email – The user’s identity and contact address.

  • Risk Level – Calculated based on access level, 2FA status, number of assets, and past data breaches.

  • Assets – Number of social accounts this user has access to.

  • Platforms - The platforms types the use have access to.

  • Protection Status – Shows whether the user is covered by Employee Protection in Spikerz

  • Groups - Allow you to add the user to a group and filter on these groups.

  • Last activity - shows the first time we scanned the activity of this user.

You’ll also see:

  • Whether the user has 2FA enabled (Meta + Facebook only)

  • A platform-by-platform breakdown of each person’s access rights

View by User or View by Asset

You can switch between:

  • User View – See each user and what accounts they access

  • Asset View – See each social media account and all users who can access it

Filters You Can Use

Spikerz provides predefined filters to help you quickly search, review, and manage users and assets within your environment.

These filters allow administrators to easily narrow down large lists and focus on the most relevant users, permissions, or potential security risks.

You can refine your view using the following filters:

  1. Risk Level
    Filter users based on their assigned risk score: Low, Medium, or High.

  2. Assets
    View users based on the assets they have access to, such as Instagram accounts, Facebook Pages, or LinkedIn accounts.

  3. Protection Status
    Identify the current protection state of users or assets:

    1. Protected – Security monitoring is active

    2. Not Protected – No protection is currently enabled

    3. In Progress – Protection is currently being applied

  4. Search
    Quickly locate specific users or assets by name, email, or keyword.

  5. Asset Name
    Filter results by a specific asset.

  6. Access Roles
    Narrow results based on the user’s permission level or role.

  7. Employee Security Status
    Identify employees who may require security review or action.

  8. User Type
    Filter users by category, such as Private User, Partner User, or System User.

  9. Platform
    View users based on the platform they have access to, such as Instagram, Facebook, or LinkedIn.

  10. Groups
    Filter users by the group or organizational category they belong to.

Revoking Access (Facebook Only)

Spikerz currently allows direct access removal only for Facebook Pages.

Click Permissions Details for the specific user and remove selected Facebook access

Once removed, they will immediately lose access to the connected Facebook properties.

Tips & Best Practices

  • Look for users with no 2FA—especially on Meta and Facebook—and prioritize securing them

  • Use Employee Protection to monitor and secure high-risk users with many asset permissions

  • Regularly check In Progress protection status—these users are not yet fully secured

  • Use the Asset View when conducting access audits or preparing reports for compliance

  • If an employee leaves your organization, immediately remove their Facebook access using the Delete Employee option

  • Consider weekly permission reviews to reduce long-term exposure from outdated user roles

User Types

Spikerz categorizes users based on how they access and interact with your social media assets. Understanding these user types helps administrators quickly identify the origin of access and manage permissions more effectively.

Partner User

A Partner User represents an external organization or partner that has been granted access to your assets through a business integration.

These users typically belong to agencies, marketing partners, or third-party service providers that manage or support your social media accounts. Their access is usually granted through official platform partnerships or business integrations.

Administrators should periodically review partner access to ensure only active and trusted partners retain permissions.

System User

A System User is a non-human account created for automated systems, integrations, or applications.

These users are commonly used by tools, APIs, or automated services that need access to assets without requiring a personal login. System users allow platforms and services to perform tasks such as publishing content, collecting analytics, or managing integrations.

Because system users operate automatically, it is important to review their permissions regularly and ensure they are connected only to trusted systems.

Private User

A Private User is a standard individual account belonging to a person who has been granted direct access to your assets.

This type of user typically represents employees, administrators, or collaborators who log in using their personal account credentials.

Private users should always be reviewed carefully to ensure that access reflects the user’s current role within the organization.

Special Statuses

To provide better visibility and clearer access management, Spikerz introduces special user statuses that help identify users who may require review.

Unauthorized Users

Users who are not recognized in the current approved user list will automatically receive an Unauthorized User badge.

This status highlights accounts that may have access but are not part of the known or approved user list.

If you recognize the user, you can easily approve them by selecting “Authorize User.”

Former Employee

The Former Employee status is applied when Spikerz receives confirmation through SCIM that an employee has left the organization.

Once this status is triggered, Spikerz will automatically remove the user’s access from supported platforms when possible (such as Facebook assets), helping ensure former employees no longer retain access to company accounts.

Compromised User

If Spikerz detects suspicious activity, such as unusual login behavior or security alerts related to the account, the user will be flagged as a Compromised User.

This status helps administrators quickly identify accounts that may be at risk and require immediate review.

Asset Permission Settings

On each asset page, you can access the Asset Permissions section. From there, open the Settings tab to configure security and access monitoring for that specific asset.

Within this settings page, you can activate several important security tools:

  • Unauthorized User Alerts
    Receive alerts when a user who is not recognized in the approved permissions list gains access to the asset. You can also enable automatic removal to immediately revoke access from unauthorized users.

  • Compromised User Detection
    Spikerz can automatically detect and alert administrators when an employee account may be compromised. Based on your settings, the system can also remove the user’s access automatically if certain risk signals are detected, such as:

    • A suspicious login or new device access

    • Changes to two-factor authentication (2FA)

    • Changes to the phone number associated with the account

Apply to All Assets

To simplify security management, you can enable “Apply to all assets.”
When selected, the configured alert and protection rules will automatically apply to all connected assets, ensuring consistent security settings across your entire environment without the need to configure each asset individually.

Did this answer your question?