SGEN Team Permissions — FAQ

⏱ Quick answers below · full page ≈ 12 min · skim bold lead-ins to move faster.
In short. SGEN has five roles — Owner, Admin, Editor, Author, Viewer — applied at either account level (all sites) or site level (one site only). Owners and Admins manage team membership; Editors publish; Authors draft and submit for review; Viewers read. Invitations go out from SG-Dashboard → Members; per-site scoping from each site's Settings → Members. SSO and enforced 2FA are available on qualifying plan tiers. Ownership transfers are self-serve from Settings → Team → Ownership. That covers the vast majority of team questions — the 20 entries below go deeper on each.

On this page: Roles and capabilities · Invitations · Access control and scoping · Security — SSO and 2FA · Ownership


Each answer puts the operative fact in the first sentence. Read the first sentence for a quick confirmation; read the rest when you need the qualifying detail.


Roles and capabilities (5)

Q1. What roles exist in SGEN and what can each one do?

SGEN has five roles: Owner, Admin, Editor, Author, and Viewer. Owner has unrestricted access — billing, team management, site settings, content, and the Activity Log. Admin can manage team members, edit all content, change site settings, and view the Activity Log, but cannot access billing or change the plan. Editor can create, edit, and publish any content record and manage media, but cannot touch team membership, site settings, or billing. Author can create new content and edit their own records but cannot publish without Editor or Owner approval and cannot access or modify other people's records. Viewer can read content in the admin and navigate between areas but cannot create, edit, or publish anything.

CapabilityOwnerAdminEditorAuthorViewer
Manage billing and planYes
Invite and remove membersYesYes
Change member rolesYesYes
Configure site settingsYesYes
View Activity LogYesYes
Create and publish any contentYesYesYes
Manage media libraryYesYesYes
Create and edit own contentYesYesYesYes
Publish own contentYesYesYes
Read content in adminYesYesYesYesYes

Authors submit; Editors publish. The full capability matrix — every permission broken down by role — lives in the SGEN Glossary under §4 Roles.

Q2. Can I create a custom role with a specific permission set?

Custom roles are not available at this time. SGEN's five built-in roles cover the most common permission shapes for teams on the platform. If none of the five roles fits exactly, the Members setup guide includes a role-selection mapping for common configurations — agency contractor, external reviewer, subject-matter expert, read-only client access. A billing-only role and content-type-restricted role are commonly requested; check the product roadmap for status.

Workaround: use the closest lower-privilege role and pair it with a clear internal brief about what the person is and is not expected to do. For most team sizes this is sufficient.

Q3. Can a Contributor publish their drafts directly?

The Author role does not include publish rights. Authors create content, edit their own records, and save to Draft — the record stays in Draft until an Editor, Admin, or Owner publishes it. This keeps a review step between draft and live for teams that need editorial oversight.

If you want a person to publish their own work, assign the Editor role. Editors can also publish any other team member's content — there is no role that restricts publish rights to a person's own records only.

The Author + Editor review model is the standard setup for editorial teams: Authors draft, Editors review and publish. Authors cannot accidentally publish by clicking the wrong button.

Q4. Can I limit someone to only editing the blog?

SGEN's role system applies at the content-access level, not the content-type level. There is no built-in role that restricts a person to blog posts while blocking access to pages, media, or other modules.

Closest approach: create a dedicated site where the blog is the only active content type, then scope the person to that site as an Editor. See Q12 on per-site scoping for how that works.

Q5. How do role changes take effect — is it instant?

Role changes apply immediately. The moment an Owner or Admin saves a role change in the Members panel, the new permission set is active. The affected person's session reflects the new role on the next page load — there is no delay, no cache window, and no need to ask them to sign out and back in.


Invitations (4)

Q6. How do I invite someone to my SGEN account?

From SG-Dashboard, open MembersInvite. Enter the person's email address, select the role, and click Send Invite. SGEN sends an invitation email with a time-limited link. When the person clicks it, they create an account or sign in to an existing one, then land directly in the account with the assigned role.

For site-only access, use per-site membership under that site's SettingsMembers — see Q9 for the full distinction between account-level and site-level membership.

Pending invites appear in the Members list until accepted or expired. You can cancel a pending invite before it is accepted.

Q7. The invite email never arrived — what do we try?

Work through these four checks in order:

  1. Check spam or junk — invitation emails from new platforms land there reliably.
  2. Confirm the address — open the pending invites list and verify the email shown matches exactly what the person expects.
  3. Resend — click Resend on the pending invite to generate a fresh link.
  4. Check server-side filtering — ask the person's email administrator whether the sending domain is being filtered. Adding SGEN's sending domain to the allowlist resolves this.

Pending invites expire after 7 days. Resending resets the expiry clock.

Q8. Can the same person be on multiple SGEN accounts using one email address?

Yes. A single email address can hold membership on multiple SGEN accounts simultaneously, each with its own independent role. When they sign in, SG-Dashboard shows an account switcher. Permissions are fully isolated per account — a person who is an Editor on one account and a Viewer on another cannot carry Editor capabilities into the Viewer account.

This is a common setup for freelancers and agency staff who work across multiple client accounts simultaneously.

Q9. What is the difference between an account user and a site user?

Account user — added at the dashboard level; can see and access all sites in the account (subject to their role); applies to any sites added in the future.

Site user — scoped to a single site; cannot see other sites, cannot reach account-level settings (billing, global Members panel), and cannot be reassigned across sites without a fresh invitation.

Use site-level membership for contractors, external contributors, or clients who should see only their own site. Use account-level membership for internal team members who need to move freely across multiple sites.


Access control and scoping (6)

Q10. How do I revoke a teammate's access?

From SG-Dashboard, open Members, locate the person, and click Remove. Their active session ends on the next page load or attempted action.

Before clicking Remove, confirm scope: removing an account-level member removes access to everything in the account. Removing from a specific site's member list removes only that site's access. If the person holds the Owner role, transfer ownership first — see Q20.

Removal is immediate. The person can be re-invited; their prior content stays in the account.

Q11. What happens to a person's drafts when I remove them?

Their draft content stays in the account and is not deleted. Every draft post, page, or media file they created remains in the system, visible to Editors, Admins, and Owners, attributed to the original author. You can reassign drafts, publish them, leave them in Draft, or delete them as a separate deliberate action.

To audit in-progress work, the Activity Log shows which records they touched in their last session. The Revisions panel on individual records shows the full save history with author attribution. Both are accessible immediately after removal.

Q12. Can I scope a person to one site in a multi-site account?

Yes. Open the site in SG-Dashboard, navigate to SettingsMembersAdd Member, enter their email address, and assign a role for that site. They sign in and see only that site — no other sites, no account settings, no billing access.

This is the standard configuration for clients reviewing or editing their own site, contractors on a specific engagement, and any team member whose access should be limited to one property.

Q13. Can I temporarily suspend a teammate without removing them?

SGEN does not have a dedicated suspend state. Two practical options:

  • Downgrade to Viewer — they can see content in the admin but cannot create, edit, or publish. Keeps their account membership intact.
  • Remove and re-invite — a cleaner break; prevents sign-in entirely. Their draft content stays in the account throughout; no data is lost on the round-trip.

Note the person's current role before downgrading so you can restore it accurately later.

Q14. Can two people edit the same page at the same time?

Multiple team members can work simultaneously across different records without restriction. For SG-Builder pages specifically, a revision lock applies per page: when one editor has a page open in the builder, a second editor who opens the same page sees a notice that the page is locked and who holds the lock. The second editor can wait for the lock to expire or request control — requesting control ends the first editor's unsaved builder session, so unsaved work is lost.

For different pages, different posts, or different content types, concurrent work proceeds without any lock.

Q15. How do I see what each teammate did last week?

Open Activity Log from the SG-Dashboard sidebar. Filter by team member name or email, then set the date range. The Activity Log records key admin events — content created, edited, or published; media uploaded or deleted; settings changed; members added or removed — each attributed to the team member, with a timestamp and a reference to the affected record.

For content history on a specific record, the Revisions panel shows every save with the author name, timestamp, and a side-by-side diff.

Note: The Activity Log is a team visibility tool, not a full security audit log. A compliance-grade security audit log is available on plan tiers that include compliance reporting.


Security — SSO and 2FA (4)

Q16. Is there single sign-on (SSO)?

SSO is available on plan tiers that include team and enterprise security features. When configured, members sign in through their existing organization credentials — no separate SGEN password required. Configuration lives under SettingsSecuritySSO. The setup flow guides you through the configuration exchange from inside the admin. Confirm which plan tier includes SSO and which identity providers are supported on the pricing page.

For teams that do not need SSO at a protocol level, enforced 2FA (Q18) combined with strong password requirements covers a significant portion of the same security goals at lower plan tiers.

Q17. Does SGEN support two-factor authentication?

Yes — 2FA is available to every SGEN member regardless of plan tier. Each person enables it individually from SettingsSecurityTwo-Factor Authentication. They scan the QR code with any TOTP-compatible authenticator app, enter the six-digit code to confirm the pairing, and save recovery codes in a secure location. After activation, the authenticator code is required at every sign-in.

Recovery codes are single-use emergency fallbacks for when access to the authenticator device is lost. Store them in a password manager.

Q18. Can I force 2FA for all teammates on my account?

Enforced 2FA — requiring every member to have 2FA set up before accessing the account — is available on plan tiers that include enforced security policies. When enforcement is active, members who have not yet completed 2FA setup are intercepted at sign-in and required to complete it before proceeding. Members who already have 2FA enabled are not affected.

The enforcement setting lives under SettingsSecurityTwo-Factor AuthenticationEnforce for all members. Turning enforcement off does not remove 2FA from members who already completed setup.

Q19. Can a teammate see my billing information?

Billing information is visible only to the account Owner and to members with the Admin role. Editors, Authors, and Viewers have no access to billing settings, plan details, or invoice history.

Note: Admins can view billing but cannot change the plan or payment method — that is Owner-only. If giving a finance contact the full Admin role is too broad, there is currently no billing-only role. Check the product roadmap for any updates on a dedicated finance-access role.


Ownership (2)

Q20. How do I transfer ownership of an account to someone else?

The person you are transferring to must already be a member — invite them first if needed. Then go to SettingsTeamOwnershipTransfer Account Ownership and enter their email address. SGEN sends them a transfer request notification. When they accept, they become Owner, billing transfers to their payment method on the next cycle, and your role changes to Admin by default.

Transfer requests expire after 48 hours; you can resend from the same settings screen. If the current Owner's account is inaccessible, contact SGEN support with proof of business ownership — there is a verified escalation path for that scenario.

What transfers with the account: sites, content, billing history, team members, site settings. What stays with the person: personal profile settings, 2FA configuration, personal notification preferences.


How this FAQ is maintained

This FAQ is reviewed when the platform ships a change that affects team management or permissions, when an answer becomes stale, or when a new question recurs across multiple operators. Questions that require more than a paragraph to answer clearly belong in the Members setup guide or the Security settings reference, not here.

My question is not here. What do I do?

Search the documentation — the Members setup guide and the Security settings reference cover team and permission topics in full. Submit feedback through the documentation feedback link at the bottom of any docs page; questions that span multiple operators are evaluated for inclusion in the next revision.


Related reading

  • SGEN FAQ — Main — the full FAQ across all categories.
  • SGEN Glossary — definitions for Owner, Admin, Editor, Author, Viewer, Activity Log, and every term used on this page.
  • Welcome to SGEN Docs — orientation entry point for operators new to the platform.

This page is part of the SGEN FAQ series. For the full question index across all categories, see FAQ — Main.