Your platform offers two complementary approaches to access control. Together, they give you the flexibility to manage who can do what, while keeping your data secure and your team efficient.
1. Platform roles
Set at the agent level · Determines what users can access and manage
User
Default role for all team members. Core platform access without administrative privileges.
Access activity logs, knowledge base, and reports
Chat interface and workflow setup
Day-to-day platform usage
Data manager
Everything a User can do, plus data integration responsibilities.
All User-level access
Manage data integrations and properties
Manual data uploads (missions, constituent updates)
Admin
Full platform control. Reserved for a small group of trusted staff.
All Data Manager and User access
Constituent integrations
Account management and setup
Permissions dashboard access
Assign and modify roles for team members
Agent-level scope: Roles are assigned per agent, allowing you to create boundaries between different agents (for example, advancement vs. student success). For IT staff who need global access, simply assign Admin access across all agents.
Quick comparison
Capability | User | Data manager | Admin |
View agent activity, reports & analytics | ✓ | ✓ | ✓ |
View & use the knowledge base | ✓ | ✓ | ✓ |
View constituent records & timelines | ✓ | ✓ | ✓ |
Configure agent responsibilities & run simulations | ✓ | ✓ | ✓ |
Configure webchat channel & phone transfer targets | ✓ | ✓ | ✓ |
Set up & edit CRM / SIS integrations | ✓ | ✓ | ✓ |
Manage data sources & constituent properties |
| ✓ | ✓ |
Receive integration delivery & error alerts |
| ✓ | ✓ |
Configure email, SMS & phone channels |
|
| ✓ |
Manage agent settings, blueprints & scripting |
|
| ✓ |
Invite users & assign roles |
|
| ✓ |
Manage account & team settings |
|
| ✓ |
View usage & billing |
|
| ✓ |
How to assign and change roles
From the user menu, navigate to Account → Team. Each user has a role dropdown next to their name; click to change between Admin, Data Manager, and User. Changes take effect immediately.
Only Admins can change roles
Data Manager and User accounts can view the team list and current role assignments, but cannot edit them. If your team has zero Admins, role management must be restored by CollegeVine support.
Self-escalation is blocked
Admins cannot re-assign themselves to their own current role (a safeguard against silent role-change attempts). Role changes are always made by an Admin to another user.
Recommended practice
Keep at least 2 Admins
If your only Admin leaves or loses access, you will be locked out of role management until CollegeVine restores it on the back end. A second Admin provides continuity and a safety net.
Use Data Manager for your data owner
Whoever owns your CRM or SIS integration day-to-day (e.g., the Slate admin who manages the SFTP sync) should hold the Data Manager role specifically. Integration delivery confirmations and error alerts route to users with this role.
Default new users to User
Most team members only need User-level access to do their jobs. Promote to Data Manager or Admin only when the additional privileges are needed.
2. Field-Level Authorization
Granular control · Customize access to specific constituent data fields
While Platform Roles determine broad access levels, Field-Level Authorization gives you fine-grained control over which constituent data fields specific users or agents can see and edit.
User-level example: You trust Anna with full data access, but want to restrict another team member to only viewing and editing student names, email addresses, majors, and areas of study. Field-level permissions make this possible.
Agent-level example: You can configure an agent to never access or discuss financial aid information. When those topics come up, the agent escalates the conversation to your specialized financial aid team.
Why this matters
Protect sensitive information (financial data, health records, etc.)
Grant appropriate access based on job function and trust level
Ensure agents only handle data they're designed to manage
Maintain compliance with data privacy requirements
How they work together
Platform Roles define the broad categories of what users can do (manage integrations, view reports, configure accounts). Field-Level Authorization refines that access by controlling which specific data fields those users can see and edit.
This layered approach means you can give someone Data Manager permissions to upload mission files, while still restricting them from viewing financial information. Or you can give your entire advancement team User access, while limiting certain staff to only contact information and engagement data.