# Workspaces and Permissions Engage Studio uses **Workspaces** and **Policy-Based Permissions (PBP)** to manage access and governance. This ensures that your teams can collaborate securely, with clear separation between brands, regions, or business units. ## 1. Understanding Workspaces A **Workspace** is a secure container for your marketing assets. Everything you build in Engage Studio belongs to a specific workspace. ### Why use Workspaces? * **Isolation**: Separate assets by brand or region (e.g., "Japan Marketing" vs. "US Marketing"). * **Governance**: Control which Email Domains and Audience Segments are available to each team. * **Security**: Prevent accidental access to sensitive data or unauthorized sending. ### Workspace Structure Each Workspace contains: * **Campaigns**: The journeys and activations. * **Templates**: Email designs and content. * **Senders**: Verified sender profiles authorized for use in this workspace. * **Workspace Settings**: Configuration of available *Email Domains* and *Parent Segments*. ### How to Create a Workspace 1. Navigate to **Engage Studio > Workspaces**. 2. Click **Create Workspace**. 3. Enter a unique **Name** and optional **Description**. 4. Click **Save**. ![Workspace Overview](/assets/permission-workspace-overview.48bbd569da65a4f02e0b02acb8452b6abb2c694935a3f9fb691c1aa87033cbaf.5be018a0.png) ### Configuring Workspace Resources Once created, an Admin must assign resources to the Workspace: 1. **Email Domains**: Select which verified sending domains (configured by IT) can be used. 2. **Parent Segments**: Select which CDP segments are visible for targeting within this workspace. ## 2. Managing Permissions (Policy-Based Permissions) **Policy-Based Permissions (PBP)** allow you to define granular access controls. Instead of simple "Admin" or "User" roles, you create **Policies** that define exactly what a user can do. ### Permission Levels For each resource type, you can assign: * **View**: Read-only access. * **Edit**: Ability to create and modify. * **Launch**: Ability to activate/send campaigns (critical for approval workflows). | Resource | View | Edit | Launch | | --- | --- | --- | --- | | **Workspace** | See details | Create / Update | - | | **Campaign** | View only | Create / Update | **Launch** | | **Template** | View only | Create / Update | - | | **Sender** | Use in campaigns | Create / Update | - | ### How to Configure Policies Permissions are managed in the **Control Panel**, not inside Engage Studio itself. 1. Go to **Control Panel > Policies**. 2. Create a new Policy or edit an existing one. 3. Scroll to the **Engage Studio** section. #### Configuration Areas * **Configurations**: Who can manage Workspaces, Domains, and Parent Segments? (Usually Admins). * ![Configuration Permissions](/assets/permission-policy-configurations.bc707ec6fc772f31994c04d4df49778b247f789898c0c08eb5746ef3b1b0066f.5be018a0.png) * **Features**: Who can build campaigns and templates? (Marketers, Designers). * ![Feature Permissions](/assets/permission-policy-features.e6169e4638ae3834f745acb21544338d796d27e7adb5e1216d93e3061709a64f.5be018a0.png) * **Domains**: Who can add/verify new email domains? (IT/Admins). * ![Domain Permissions](/assets/permission-policy-domains.ff57cb189cf3d06de18ea0fa2dcb5affaa48b59edf0b3a04d7bad7ad27d719e7.5be018a0.png) ### Common User Roles (Examples) | Role | Recommended Permissions | | --- | --- | | **Marketing Manager** | **Edit** Campaigns/Templates, **Launch** Campaigns. Access to specific Workspaces. | | **Content Designer** | **Edit** Templates. **View** Campaigns. No Launch access. | | **Analyst** | **View** Campaigns and Reports. No Edit access. | | **IT Admin** | **Full Access** to Configurations and Domains. | ## FAQ **Q. Can I share an Email Domain across multiple Workspaces?** Yes. A verified domain (e.g., `marketing.example.com`) can be assigned to multiple workspaces. **Q. Can I move a campaign to another Workspace?** No. Resources are bound to the workspace where they were created. **Q. Who "owns" the campaign launch?** Campaigns run under the permissions of the user who activates them, but the resources used (Senders, Segments) are scoped by the Workspace.