KNKY's role system lets you control exactly what each employee on your team can do — down to whether they can view or edit individual features on each creator, plus agency-level admin actions. This article walks through every permission, explains the View/Edit access levels, and shows example role configurations real agencies use.
If you're new to setting up your team, start with Setting Up Your Agency on KNKY for the Roles & Permission overview in Step 3. This article is the deep dive.
The mental model
KNKY roles have three access levels per Creator admin permission:
State | What it means |
OFF | The employee has no access to this feature at all |
ON → View | The employee can see the feature (read messages, browse the vault, watch lives, etc.) but can't change anything |
ON → Edit | The employee has full access — they can both view and modify (send messages, upload to the vault, start lives, etc.) |
Edit includes View. Selecting Edit doesn't disable View access — it grants it plus modification rights.
For System permissions (agency-level actions like creating creators or managing employees), there's no View/Edit split — each permission is simply ON or OFF.
How the role system works
A few foundational facts that shape the rest of this article:
No built-in roles. Your Roles & Permission page is empty on day one. You create every role from scratch
One role per employee. An employee can be assigned to exactly one role at a time. If you need someone to do two jobs, build a combined role that covers both
Permissions apply across all assigned creators. Which creators an employee can act on is controlled by the Assigned employees field on each creator card. The role only decides what the employee can do; assignment decides for whom
Roles are fully editable, and changes apply instantly. You can rename a role, toggle any permission on or off, or change View/Edit levels at any time. Every employee assigned to that role gets the update immediately — no re-login needed
Roles can be deleted at any time, even if employees are currently assigned. Deleted-role employees lose their permissions but their dashboard doesn't visibly change — see the section on deletion below for the implications
The two permission groups
The role creation form has two distinct sections. They control fundamentally different scopes of access.
Creator admin permissions
These control what an employee can do on behalf of a creator — the day-to-day work of running a creator's KNKY presence. Each is a toggle with a View / Edit sub-choice, applied to every creator the employee is assigned to.
Permission | What View grants | What Edit adds |
Message | Read incoming and outgoing fan messages; see transaction history per fan | Send replies, send paid locked messages, send tips and content |
Post | View the creator's published feed posts | Publish, edit, and delete feed posts |
Vault | Browse the creator's media vault | Upload new media, organize, and delete vault items |
Story | View stories | Publish, edit, and delete stories |
Channel | View paid channel content and subscribers | Create channels, publish channel content, manage channel pricing |
Shop | View the creator's shop items | Add, edit, and remove shop items |
Service | View the creator's paid services | Create and manage paid services |
Live | View live stream history and metadata | Start, schedule, and manage live streams |
Event | View scheduled events | Create and manage events |
AI | Coming Soon — no functional effect today | Coming Soon |
System permissions
These control what an employee can do at the agency-account level — manager-style actions that affect the whole agency, not just one creator. There's no View/Edit split; each is a single ON/OFF toggle.
Permission | What it unlocks |
Add and edit new creator (invitation, create new creator) | Send invitations to creators, view and edit existing creator profiles. Broader than it looks — grant carefully |
Remove collaboration with creators | End an active collaboration via the ⋯ menu's Cancel collaboration. Once a collaboration is ended, all the locked invitation terms are gone and a new invite is required to bring the creator back |
Add, edit and delete employees | Create new employees, change their role or other details, and remove them from the agency. Effectively "can manage the team" |
Add, edit and delete roles | Create new roles, edit existing ones, and delete roles. Self-locking risk — see the warning below |
⚠️ Self-locking warning. If an employee has "Add, edit and delete roles" enabled, they can theoretically delete the role that grants them this permission. This locks them out of all role management. Always have at least one trusted person on a separate role with role-management rights, or keep this permission in the hands of the agency owner only.
Example role configurations
These are common starting points. Adapt them to your actual workflow.
Chatter — messaging-focused
For employees who handle conversations with fans and post content the agency owner or manager has approved.
Section | Permission | State |
Creator admin | Message | Edit |
Creator admin | Post | View |
Creator admin | Vault | View |
Creator admin | Story | OFF |
Creator admin | Channel | View |
Creator admin | Shop | OFF |
Creator admin | Service | OFF |
Creator admin | Live | OFF |
Creator admin | Event | OFF |
System | (all OFF) | OFF |
This chatter can send and reply to messages, see what's been posted to feeds and channels (so they can reference it in chats), and browse the vault to send paid content — but they can't create new posts, modify the vault, or take any agency-level actions.
Senior Chatter / Content Manager — day-to-day content + chat
For a trusted employee who runs both fan conversations and content publishing on assigned creators.
Section | Permission | State |
Creator admin | Message | Edit |
Creator admin | Post | Edit |
Creator admin | Vault | Edit |
Creator admin | Story | Edit |
Creator admin | Channel | Edit |
Creator admin | Shop | View |
Creator admin | Service | View |
Creator admin | Live | OFF |
Creator admin | Event | OFF |
System | (all OFF) | OFF |
This role can run a creator's content calendar and inbox end to end, with read-only access to shop and services so they can reference offerings in conversations without changing pricing. No agency-level admin powers.
Manager / Admin — agency operations
For employees who manage the agency itself — inviting new creators, hiring chatters, adjusting roles.
Section | Permission | State |
Creator admin | Message | Edit |
Creator admin | Post | Edit |
Creator admin | Vault | Edit |
Creator admin | Story | Edit |
Creator admin | Channel | Edit |
Creator admin | Shop | Edit |
Creator admin | Service | Edit |
Creator admin | Live | Edit |
Creator admin | Event | Edit |
System | Add and edit new creator | ON |
System | Remove collaboration with creators | ON |
System | Add, edit and delete employees | ON |
System | Add, edit and delete roles | ON |
A full-admin role. Remember: even with all System permissions, this employee still doesn't see Finance. Use sparingly — ideally one or two people total.
Creating a role
Open Roles & Permission in the sidebar
Click Add new role
Enter a Role title (e.g.
Chatter,Senior Chatter,Manager) — the name is just a label; what matters is the permissions belowToggle each Creator admin permission ON for permissions you want to grant. For each one that's ON, click View or Edit to set the access level
Toggle each System permission ON or OFF — these have no View/Edit split
(Optional) Use the Assign Employees block at the bottom to attach existing employees to this role now. If you have no employees yet, the block will show "No employees added!" — you can come back later
Click Create new role to save
Editing a role
Open the role from the Roles & Permission list. You can change anything on the page:
The Role title
Any Creator admin permission toggle and its View/Edit level
Any System permission toggle
Changes save and apply immediately to every employee currently assigned to that role — no re-login required.
⚠️ Heads up. Because permission changes apply instantly, an employee who's mid-task may lose access in the middle of an action. If you're tightening permissions on a busy role, consider warning the affected employees first, or do it during a quiet time.
Deleting a role
You can delete any role at any time, including roles that currently have employees assigned. What happens:
The role disappears from your Roles & Permission list
Every employee previously assigned to that role keeps their account but loses all permissions
Their dashboard does not visibly change. The sidebar items they had before the deletion stay visible, and they won't see any error message or notification. They'll discover the unassigned state only when they try to take an action that silently fails
The employees aren't removed from the agency; you can reassign them at any time
⚠️ Important: deletion is silent on the employee side. Because the employee's UI doesn't tell them anything changed, they may keep clicking around for a while before realizing something is wrong. Always communicate role deletions directly to affected employees — don't rely on the product to tell them.
💡 Recommended cleanup flow:
Create the new role with the permissions you want
Reassign each affected employee to the new role (from their employee profile, or from inside the new role's Assign Employees block)
Once nobody is assigned to the old role, delete it
This avoids the silent-block period where employees are technically unassigned but don't know it.
Assigning roles to employees
There are three places where role-to-employee assignment happens:
In the Create New Employee modal when you first invite someone — the Role field is required. You can pick an existing role or create a new one inline with the + Add new role button
In the Assign Employees block on a role page — attach existing employees to that role directly. This is useful when reassigning after a role change
On an employee's profile — change the role of an existing employee
Whichever path you use, the relationship is one-to-one: an employee always has exactly one role at a time (or none, if their role was deleted and they haven't been reassigned).
How permissions show up on the employee's side
When an employee logs in, their dashboard looks different from the agency dashboard. The sidebar shows only what their role allows, scoped to the creators they're assigned to.
Typical employee-side sidebar items include:
Messages — their inbox across all creators they're assigned to (visible if Message permission is ON)
Create Content — unified create flow for Post, Story, etc.
Contents — published content view
Vault — the creator's vault (if Vault permission is ON)
Support