Facebook rolled out new admin access levels for Pages this past week, taking a huge step forward in security and protection for brands that have multiple workgroups, agencies, and personnel managing their Page and advertising campaigns.

1.
LiveWorld POV
New Facebook Admin Access Levels
June 3, 2012
http://www.liveworld.com/
https://developers.facebook.com/ preferredmarketingdevelopers
Confidential Page 1 of 7

2. Executive Summary
Facebook Improves Pages Security by Adding Admin Access Levels
Facebook rolled out new admin access levels for Pages this past week, taking a huge step forward in
security and protection for brands that have multiple workgroups, agencies, and personnel managing
their Page and advertising campaigns.
The five new admin access levels are based on common roles associated with managing a brand
presence on Facebook: Manager, Content Creator, Moderator, Advertiser, Insights Analyst.
Prior to this feature release, Admin designation gave the holder a broad array of capabilities, regardless
of the role a member plays on the team. The new access levels gives more control to brands over who
can add and delete people to the team, add apps, create content, respond to fans, moderate/remove
content, and view sensitive insights or advertising data. In short, the feature helps ensure that people
have only the access required to fulfill their role on the team.
This new release is a great improvement over the prior model. Brands can additionally benefit from
further improvements, including changes that allow for more personalization of the brand’s
representatives on the page, more refined access levels, a super-admin role, removal of some
downstream permissions and adding permission groups.
Admin Roles and Capabilities
It is not uncommon for a brand to currently have anywhere from 10 to more than 100 people listed as
an admin on a Page. While this seems like a large number, a brand Page is often managed by multiple
workgroups and agencies and requires access from:
• Marketing team
• PR/Corp Comms
• Digital agency creating apps
• Digital agency creating content
• Moderation team
• Advertising team
• Insights and Analytics team
Confidential Page 2 of 7

3. The number of people required to manage the functions of a Page can grow quite rapidly and create a
very un-secure web page in a very public environment.
The largest block of people gaining admin access today are often Moderators and Content Creators.
These roles tend to be narrowly defined positions that usually should not have access to the functions
of the Page that can alter its core features and presentation.
Multiple program managers, creatives, and other Facebook marketing team members at a client and
their agencies need limited admin access to provide content, access analytics, and/or have a general
view of what is happening with the Page. These folks can also inadvertently make an error and disrupt
a Page if they have full access to all the page controls. The problem and risk is intensified by
Facebook’s regular change in features and upgrades, especially when these are done without notice. A
person with full admin access might disrupt the Page simply by innocently checking or not checking a
box, without even realizing the impact.
The new Admin Access levels significantly improve the ability of a Manager to restrict team members
to perform only their necessary functions. We’ve been pushing Facebook for this type of improvement
for a long time and are glad to see it. Nevertheless, LiveWorld believes that Facebook should
implement further refinement and additional access levels.
Admin Access levels
The table below outlines the different admin access levels and what they are able to do:
Confidential Page 3 of 7

4. Benefits of Access Levels
We identify four primary benefits to a multi-level approach to Page administration:
• Risk Reduction: LiveWorld has seen Pages compromised and subject to porn, spam, and
other malicious content that was posted inadvertently via Page admins who had unknowingly
contracted a Facebook virus. Reducing the number of Managers on a Page from over 100 to 5,
for example, drastically improves security. Limiting admin access limits exposure.
• More Flexible Staffing: Some brands currently limit the number of team members for security
purposes, but diminish their operational abilities in the process. Now brands can add many
team members with limited access and still keep the page secure.
• Error Protection: Some personnel, such as moderators, have a narrow role of reading,
replying, and removing messages. Other people are just accessing the Page for Insights. With
the prior full admin access model, these people could access and make changes to the core
functionality of the Page. With the new access levels, people with these specific roles can no
longer make accidental or unauthorized changes to the Page or apps.
• Right Access for the Role: It is common for brands to have different people in different
roles, such as content posting, moderating, Insight analysis, managing apps, etc. These roles
require different skill sets. The new access levels focus personnel on their specific role with an
appropriate match of skill and expertise.
LiveWorld Content Review System (CRS) and Third-Party Tools
Most LiveWorld clients have the additional security and management benefits that come with the
LiveWorld Content Review System (CRS) Moderation Tools Suite. The LiveWorld CRS provides extra
layers of security for the moderation and brand response roles, as well as speed, quality, flexibility,
insight, and other benefits. Some third party tools for social media publishing (e.g., Hootsuite) and Page
content management (e.g., Buddy Media) also include security layers that allow their tools to be used
without providing access to the overall admin functions of the Facebook Page.
Even with these LiveWorld and third-party tools in place, however, the new Facebook tiered access
controls are very important. First, these controls provide the above-described security for other roles
on the brand’s team. Second, the LiveWorld CRS and third-party benefits are realized only when the
tools are actually being used. When the Facebook API breaks, or when other system problems occur,
specific usage situations often must be handled (usually temporarily) by using the Facebook native
tools. To date, having access to those native Facebook tools, even for limited functions, meant having
access to the entire set of admin controls. The new Facebook access controls permit limiting access
only to functions needed to accomplish specific tasks when the CRS or third party tools are not being
used.
Confidential Page 4 of 7

5. How The Admin Access Levels Can Improve
While we are glad that Facebook has finally delivered on this long sought-after feature of granting
admin access levels, the tool is still lacking in a few core features necessary to optimize the reduction of
security risks, while supporting an engaging, lively Facebook experience.
Here is how LiveWorld would like to see the admin toolkit and related policies improved:
1. Brand representative profiles: The current Facebook Terms of Service limit people to one
profile Page, which is usually used as a personal Facebook Page. Best practice in social media is
to personalize and socialize the brand, and to showcase that the brand’s social media presence
by implementing identifiable personalities. When brand representatives post today
as a Page, they are identified only by the brand logo, without any sense of individuality.
Consumers want a personal experience on Facebook, and would rather talk with real people
than an anonymous brand logo.
LiveWorld believes that it is in the best interest of both the brand and Facebook to have brand
representatives readily identifiable as distinct, real personalities, with a depth of information and
experience about them accessible by fans. Generally it’s not suitable to use a team member’s
personal Facebook Page, as that personal Page might not align with the brand’s story. Asking
employees to associate their personal Pages may also represent an inappropriate request from
the brand to its team members.
We suggest three approaches to enable better personalization and socialization of the brand:
1) Change Facebook Terms of Service: The terms could allow brand representatives to
have a second Facebook Page in addition to and separate from their personal Facebook
Pages. This is simply a change of policy and does not require any technology
implementation. It would allow representatives to clearly separate their work life from
their personal life on Facebook, give fans confidence that they are talking to a real person
from the company, and benefit the company by allowing their representatives to inject
their own unique personalities into the conversation instead of adopting a bland,
neutralized brand voice.
2) Brand agent profile info: Enable the Page to have any number of admins with posting-
only privileges, permit such accounts to be individually named, and provide at least a
basic limited set of personalized information associated with them and available for view
by fans through the brand’s Facebook Page.
3) Create a brand-templated profile page: A brand-templated profile page improves on
using a regular Facebook Page as the representative’s second page (per #1 above) by
enabling the brand to create a consistent template for look and features, to better and
more directly integrate the brand representative pages with the brand’s Pages, to have
admin control of the creation and existence of the Page, and to integrate Insights and
other operational activities.
Confidential Page 5 of 7

6. The people of a brand are an even greater factor than products in attracting fans and building
social media engagement. The current terms of service, Page structure, and admin tool model
forces anonymity on those people. With our suggested changes, those people become a
stronger force in personalizing and socializing the brand.
2. Hone the access levels further: Many brand are getting quite sophisticated in their Page
management. On a Moderation team alone, it’s possible to have at least 3 distinct functions
requiring different levels of access:
a. Moderate to delete offensive content and escalate issues without replying
b. Moderate content and reply
c. Moderate content and reply only on specific tabs
Likewise, a content creation team can have different functions, and restricting access to some
functions of the Page would be beneficial.
One group might be responsible for creating daily status updates, but another might be
responsible for responding to fan comments. A number of social media crises have started
when an intern or member of the status update team has made an inappropriate reply to fan
comments.
These are different skills — starting a conversation and maintaining one — and it could be very
beneficial to draw an access level line to separate them.
3. Create super-admin level that cannot delete other super-admins. In this latest release, any
Manager can delete any person from the admin list, including other Managers. The absence of a
super-admin allows any rogue Page Manager or disgruntled employee to hijack the site by
deleting all other admins.
4. Remove some of the current downstream permissions: While smaller Pages might have a
few people fulfilling multiple roles, larger Pages require degrees of specialization; LiveWorld
believes that some of the current permissions are too broad and unnecessarily create security
vulnerabilities in Page management.
In this latest release, a Content Creator can add, delete, or modify an app, post status updates as
the brand, respond to fan comments, create an advertising campaign, and have access to all the
Page performance analytics. We believe that this is too much access for the role.
An app developer, for example, does not usually need the ability to post status updates as the
brand on a regular basis, nor to create an advertising campaign. However, such broad access
might be appropriate in smaller companies where small teams are managing the Page.
For larger companies, the name of the game is managing risk. From the technical perspective,
brands don’t want people to be able to take their site down, either intentionally or accidentally,
so the fewer people who have access to do that, the better.
Confidential Page 6 of 7

7. From the content perspective, brands want the right people speaking at the right time, and also
want to prevent people from either intentionally or accidentally posting something in the wrong
place at the wrong time.
5. Create permission groups: One way to alleviate the situation described above is to structure
access, and allow people to be in multiple permission groups. Thus, in the same Facebook
marketing team, one Content Creator could have access to create status updates and get to the
Insights, where another Content Creator might have permissions to make status updates and
reply to comments, but not have access to Insights.
Setting Admin Permissions
Changing current permissions for team admins is a quick and simple process.
1. Go to your Page and click Edit Page in the Admin panel.
2. Select Admin Roles from the left-hand navigation bar, and then click Manager for the person
you want to assign to an admin role.
3. Select the appropriate admin access level and click Save at the bottom of the Page.
That’s it! In just a few minutes, you can reassign access levels to all the current admins on your Page
and improve your security. When adding new admins, the Facebook default is to assign Manager-level
access, you will need to check that when adding members to your team.
Confidential Page 7 of 7