Graphed LogoGraphed
Login

How to See Who Has Access to Meta Business Suite

Cody Schneider

Knowing exactly who has access to your Meta Business Suite isn't just a matter of good housekeeping, it's a fundamental security practice. Whether it's a former employee, a past agency partner, or a freelancer from a one-off project, lingering permissions can create serious vulnerabilities. This guide provides a straightforward walkthrough for seeing who has access, understanding what their permissions mean, and performing a simple audit to keep your business assets secure.

Why Regularly Checking Business Suite Access is Non-Negotiable

Before jumping into the "how," it's important to understand the "why." A periodic user audit isn't a task to be pushed to the bottom of your to-do list. It's a critical process that impacts several key areas of your business operations.

  • Security and Risk Management: This is the most obvious reason. The fewer people who have access, the smaller your attack surface. A disgruntled former employee or an agency with weak security practices could wreak havoc on your ad campaigns, post inappropriate content on your Pages, or misuse your data.

  • Account Integrity and Control: Have you ever seen a random ad campaign running that nobody on your current team created? Or noticed page settings changed without warning? These issues often stem from having too many people with high-level access. Limiting access ensures that only the right people are making changes, preventing costly mistakes and maintaining brand consistency.

  • Compliance and Data Privacy: Regulations like GDPR require businesses to know and control who has access to personal data. Your audiences, customer lists, and even lead form data are stored within your Meta assets. Maintaining a clean user list is a necessary step in responsible data stewardship.

  • Operational Efficiency: When new team members get added but old ones are never removed, the user list becomes bloated and confusing. A clean list clarifies roles and responsibilities. It ensures that when someone needs to perform a task, they have the correct permissions, and you're not trying to figure out which of the ten 'Admins' is responsible for a certain asset.

How to See Who Has Access: The Full User List

Finding a complete list of everyone with access to your Business Account is a simple process. Meta centralizes this information, making your initial audit relatively painless.

Follow these steps:

  1. Log into your Meta Business Suite. Make sure you are using an account with Admin access.

  2. In the bottom-left corner, click the Settings gear icon. This will take you to the main settings panel for your entire business account.

  3. In the new left-hand menu that appears, click on People. This is located under the "Users" section.

  4. You will now see a table listing every individual with direct permissions to your Business Suite. The table typically shows their name, email address (if visible to you), and their assigned business account role (either "Employee" or "Admin").

This "People" screen is your starting point. It gives you a high-level overview of every single person invited into your business ecosystem.

Decoding the Levels of Access: Admin vs. Employee

Just seeing the names isn't enough, you need to understand what their roles mean. In Meta Business Suite, there's a world of difference between an Admin and an Employee. Granting the wrong level of access is one of the most common security mistakes businesses make.

Admin Access

Think of an Admin as someone who holds the keys to the entire kingdom. They have full and complete control over the business account. This includes the power to:

  • Add or remove anyone from the account, including other Admins.

  • Change all business settings, including payment information.

  • Assign and modify permissions for all assets (Pages, Ad Accounts, Pixels, etc.).

  • Delete the business account entirely.

Who should have Admin access? Only a very small number of highly trusted individuals. Typically, this includes the business owner(s) and perhaps the primary head of marketing. It is almost never necessary to give Admin access to a junior employee, freelancer, or an external agency. Giving someone Admin access is like making them a co-owner of the property, do it with extreme caution.

Employee Access

Employee access is the much safer and more practical option for the vast majority of your team members and partners. An "Employee" cannot change core business settings or manage other users. You, as an Admin, grant them specific permissions to the assets they need to do their job - and nothing more.

This is known as the principle of least privilege. It means giving a user the minimum levels of access needed to perform their job functions. For instance, you could grant an Employee access to:

  • Create and manage ads in a specific Ad Account.

  • Post content and respond to comments on a specific Facebook Page.

  • View performance reports for an Instagram account.

If they don't need to touch your billing information or manage other users, they should be assigned an Employee role. This protects your business by containing their access to their specific tasks.

Drilling Down: Who Can Access Specific Pages, Ad Accounts, and Pixels?

Your audit shouldn't stop at the "People" list. Now you need to check which specific assets each person can access.

Reviewing Access by Person

The easiest way to do this is right from the People section:

  1. Go to Settings > People.

  2. Click on the name of any person on the list.

  3. A pane will slide out from the right showing all the assets that have been assigned to them. You will see a list of Facebook Pages, Instagram accounts, Ad Accounts, Catalogs, Pixels, and more.

  4. Beside each asset, you'll see the specific permissions they have for it (e.g., "Manage campaigns" for an ad account or "Create content" for a page).

This is the perfect way to spot over-permissioning. You might check a user and realize, "Wait, why does our intern have access to our main client's ad account?"

Reviewing Access by Asset

Sometimes you need to approach the audit from the other direction, focusing on securing one critical asset, like your primary Ad Account.

  1. Navigate to Settings.

  2. In the left-hand menu, under the "Accounts" section, click on the asset type you want to check (e.g., Ad accounts or Pages).

  3. Select the specific asset you want to audit from the list.

  4. In the main window for that asset, you'll see tabs for "People," "Partners," and "System Users." Click on People to see a clear list of every individual with access to that specific asset.

This method is excellent for pre-campaign checks or when you need to be absolutely certain that only the relevant team has access to sensitive tools, like your Meta Pixel.

Your Action Plan: A Simple 4-Step User Audit

Now that you know where to find the information, you can perform a quick but effective user audit. We recommend doing this on a quarterly basis or whenever a team member or agency partnership ends.

  1. Schedule the Time: Don't leave it to chance. Block out 30 minutes on your calendar every quarter specifically for your Meta user audit.

  2. Cross-Reference Your List: Pull up the "People" list in your Business Suite. Open a separate list of your current employees, active freelancers, and agency partners. Go down the list in Business Suite and ask for each person, "Are they currently working with us in a capacity that requires Meta access?"

  3. Assess and Downgrade Permissions: For a list of people who should have access, is their permission level appropriate? How many are Admins? Does every one of them truly need that level of control? Identify anyone with Admin permissions who can be downgraded to an Employee. This is a massive security win.

  4. Remove Unnecessary Users: For anyone who is no longer with the company or affiliated with your business, click their name and select Remove. Meta will ask you to confirm, and with a click, their access will be permanently revoked. This is the most crucial step - clean up your list!

Final Thoughts

Running a quick audit of your Meta Business Suite is one of the highest-leverage security activities you can perform for your marketing operations. By understanding who has access, what kind of permissions they hold, and how to remove them, you prevent unnecessary risk and ensure your accounts are managed by the right people at the right time.

Once you've made sure the correct team members have access, the next challenge is helping them turn that data into actionable insights without spending hours manually pulling reports. Instead of having your team download CSVs from Ads Manager daily, a process that is repetitive and slow, we built Graphed to make the reporting process instant and conversational. By connecting your sources like Facebook Ads in a few clicks, you and your team can use plain English to ask questions and build live, real-time dashboards, freeing up time to focus on strategy, not spreadsheet wrangling.