RBAC — Viewer Role Limits

What viewers can do, what they can't, and how the UI signals that to them across every screen.

What is it?

Viewer is the most restricted role in NexusSEO. A viewer can browse, read, and download — but can't trigger any action that writes to Firestore, mutates client config, or spends API credits. Across the app, write actions (Generate, Approve, Connect Account, etc.) are visually disabled with a tooltip explaining the limitation.

When should I use it?

• A client wants visibility into content progress without edit rights — assign Viewer.
• A new team member is shadowing — Viewer is the safe starting role.
• A stakeholder needs to see analytics and approve via channels outside the app.

How to use it

1. As an owner: assign the Viewer role in Agency Manager → Edit Client → Team tab.
2. As a viewer: log in and browse. You'll see screens with most write controls disabled.
3. Hover any disabled button — the tooltip explains "View-only access. Contact your agency owner for editor permissions."

What viewers CAN do

• Read the Dashboard, Opportunity Finder, Content Studio, Personas, Asset Library, Calendar, Help Center.
• Open AI Insights modals to view analyses.
• Open Refine drawers to read past chat history (input is disabled).
• Download or copy article markdown if it's already generated.
• View persona profiles and adapted questions.

What viewers CANNOT do

• Generate content (Gemini or Manus).
• Refine drafts (input is disabled in the drawer).
• Approve, schedule, or publish content.
• Edit personas, client profile, or data source configs.
• Connect or disconnect data sources.
• Create or delete clients (Agency Manager isn't shown to non-owners).
• Mark events as published or change calendar event dates.

Tips and best practices

• For external client stakeholders, Viewer is usually the right choice. They can verify quality without risk.
• If a viewer needs to edit one specific thing, promote them to Editor — there's no per-action permission.
• Demote temporarily promoted users back to Viewer when their need ends.

Gotchas and limits

• The role applies per-client — a user can be Viewer on Client A and Editor on Client B.
• Role changes propagate in real time via Firestore listeners — viewers being promoted see new options without refreshing.
• Some viewer-disabled buttons stay visible (greyed out) so the viewer knows what they're missing. Others hide entirely.
• A viewer who is the Drive owner won't see Drive-related controls disabled — Drive is a personal connection, not a client write action.

Related

• Team members & RBAC in Agency Manager
• Sidebar navigation