Live world pov - Facebook Improves Pages Security by Adding Admin Access Levels


Published on

Facebook rolled out new admin access levels for Pages this past week, taking a huge step forward in security and protection for brands that have multiple workgroups, agencies, and personnel managing their Page and advertising campaigns.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Live world pov - Facebook Improves Pages Security by Adding Admin Access Levels

  1. 1.   LiveWorld POVNew Facebook Admin Access Levels June 3, 2012 preferredmarketingdevelopers Confidential Page 1 of 7
  2. 2. Executive SummaryFacebook Improves Pages Security by Adding Admin Access LevelsFacebook rolled out new admin access levels for Pages this past week, taking a huge step forward insecurity and protection for brands that have multiple workgroups, agencies, and personnel managingtheir Page and advertising campaigns.The five new admin access levels are based on common roles associated with managing a brandpresence on Facebook: Manager, Content Creator, Moderator, Advertiser, Insights Analyst.Prior to this feature release, Admin designation gave the holder a broad array of capabilities, regardlessof the role a member plays on the team. The new access levels gives more control to brands over whocan add and delete people to the team, add apps, create content, respond to fans, moderate/removecontent, and view sensitive insights or advertising data. In short, the feature helps ensure that peoplehave only the access required to fulfill their role on the team.This new release is a great improvement over the prior model. Brands can additionally benefit fromfurther improvements, including changes that allow for more personalization of the brand’srepresentatives on the page, more refined access levels, a super-admin role, removal of somedownstream permissions and adding permission groups.Admin Roles and CapabilitiesIt is not uncommon for a brand to currently have anywhere from 10 to more than 100 people listed asan admin on a Page. While this seems like a large number, a brand Page is often managed by multipleworkgroups and agencies and requires access from: • Marketing team • PR/Corp Comms • Digital agency creating apps • Digital agency creating content • Moderation team • Advertising team • Insights and Analytics team Confidential Page 2 of 7
  3. 3. The number of people required to manage the functions of a Page can grow quite rapidly and create avery un-secure web page in a very public environment.The largest block of people gaining admin access today are often Moderators and Content Creators.These roles tend to be narrowly defined positions that usually should not have access to the functionsof the Page that can alter its core features and presentation.Multiple program managers, creatives, and other Facebook marketing team members at a client andtheir agencies need limited admin access to provide content, access analytics, and/or have a generalview of what is happening with the Page. These folks can also inadvertently make an error and disrupta Page if they have full access to all the page controls. The problem and risk is intensified byFacebook’s regular change in features and upgrades, especially when these are done without notice. Aperson with full admin access might disrupt the Page simply by innocently checking or not checking abox, without even realizing the impact.The new Admin Access levels significantly improve the ability of a Manager to restrict team membersto perform only their necessary functions. We’ve been pushing Facebook for this type of improvementfor a long time and are glad to see it. Nevertheless, LiveWorld believes that Facebook shouldimplement further refinement and additional access levels.Admin Access levelsThe table below outlines the different admin access levels and what they are able to do: Confidential Page 3 of 7
  4. 4. Benefits of Access LevelsWe identify four primary benefits to a multi-level approach to Page administration: • Risk Reduction: LiveWorld has seen Pages compromised and subject to porn, spam, and other malicious content that was posted inadvertently via Page admins who had unknowingly contracted a Facebook virus. Reducing the number of Managers on a Page from over 100 to 5, for example, drastically improves security. Limiting admin access limits exposure. • More Flexible Staffing: Some brands currently limit the number of team members for security purposes, but diminish their operational abilities in the process. Now brands can add many team members with limited access and still keep the page secure. • Error Protection: Some personnel, such as moderators, have a narrow role of reading, replying, and removing messages. Other people are just accessing the Page for Insights. With the prior full admin access model, these people could access and make changes to the core functionality of the Page. With the new access levels, people with these specific roles can no longer make accidental or unauthorized changes to the Page or apps. • Right Access for the Role: It is common for brands to have different people in different roles, such as content posting, moderating, Insight analysis, managing apps, etc. These roles require different skill sets. The new access levels focus personnel on their specific role with an appropriate match of skill and expertise.LiveWorld Content Review System (CRS) and Third-Party ToolsMost LiveWorld clients have the additional security and management benefits that come with theLiveWorld Content Review System (CRS) Moderation Tools Suite. The LiveWorld CRS provides extralayers of security for the moderation and brand response roles, as well as speed, quality, flexibility,insight, and other benefits. Some third party tools for social media publishing (e.g., Hootsuite) and Pagecontent management (e.g., Buddy Media) also include security layers that allow their tools to be usedwithout providing access to the overall admin functions of the Facebook Page.Even with these LiveWorld and third-party tools in place, however, the new Facebook tiered accesscontrols are very important. First, these controls provide the above-described security for other roleson the brand’s team. Second, the LiveWorld CRS and third-party benefits are realized only when thetools are actually being used. When the Facebook API breaks, or when other system problems occur,specific usage situations often must be handled (usually temporarily) by using the Facebook nativetools. To date, having access to those native Facebook tools, even for limited functions, meant havingaccess to the entire set of admin controls. The new Facebook access controls permit limiting accessonly to functions needed to accomplish specific tasks when the CRS or third party tools are not beingused. Confidential Page 4 of 7
  5. 5. How The Admin Access Levels Can ImproveWhile we are glad that Facebook has finally delivered on this long sought-after feature of grantingadmin access levels, the tool is still lacking in a few core features necessary to optimize the reduction ofsecurity risks, while supporting an engaging, lively Facebook experience.Here is how LiveWorld would like to see the admin toolkit and related policies improved: 1. Brand representative profiles: The current Facebook Terms of Service limit people to one profile Page, which is usually used as a personal Facebook Page. Best practice in social media is to personalize and socialize the brand, and to showcase that the brand’s social media presence by implementing identifiable personalities. When brand representatives post today as a Page, they are identified only by the brand logo, without any sense of individuality. Consumers want a personal experience on Facebook, and would rather talk with real people than an anonymous brand logo. LiveWorld believes that it is in the best interest of both the brand and Facebook to have brand representatives readily identifiable as distinct, real personalities, with a depth of information and experience about them accessible by fans. Generally it’s not suitable to use a team member’s personal Facebook Page, as that personal Page might not align with the brand’s story. Asking employees to associate their personal Pages may also represent an inappropriate request from the brand to its team members. We suggest three approaches to enable better personalization and socialization of the brand: 1) Change Facebook Terms of Service: The terms could allow brand representatives to have a second Facebook Page in addition to and separate from their personal Facebook Pages. This is simply a change of policy and does not require any technology implementation. It would allow representatives to clearly separate their work life from their personal life on Facebook, give fans confidence that they are talking to a real person from the company, and benefit the company by allowing their representatives to inject their own unique personalities into the conversation instead of adopting a bland, neutralized brand voice. 2) Brand agent profile info: Enable the Page to have any number of admins with posting- only privileges, permit such accounts to be individually named, and provide at least a basic limited set of personalized information associated with them and available for view by fans through the brand’s Facebook Page. 3) Create a brand-templated profile page: A brand-templated profile page improves on using a regular Facebook Page as the representative’s second page (per #1 above) by enabling the brand to create a consistent template for look and features, to better and more directly integrate the brand representative pages with the brand’s Pages, to have admin control of the creation and existence of the Page, and to integrate Insights and other operational activities. Confidential Page 5 of 7
  6. 6. The people of a brand are an even greater factor than products in attracting fans and building social media engagement. The current terms of service, Page structure, and admin tool model forces anonymity on those people. With our suggested changes, those people become a stronger force in personalizing and socializing the brand.2. Hone the access levels further: Many brand are getting quite sophisticated in their Page management. On a Moderation team alone, it’s possible to have at least 3 distinct functions requiring different levels of access: a. Moderate to delete offensive content and escalate issues without replying b. Moderate content and reply c. Moderate content and reply only on specific tabs Likewise, a content creation team can have different functions, and restricting access to some functions of the Page would be beneficial. One group might be responsible for creating daily status updates, but another might be responsible for responding to fan comments. A number of social media crises have started when an intern or member of the status update team has made an inappropriate reply to fan comments. These are different skills — starting a conversation and maintaining one — and it could be very beneficial to draw an access level line to separate them.3. Create super-admin level that cannot delete other super-admins. In this latest release, any Manager can delete any person from the admin list, including other Managers. The absence of a super-admin allows any rogue Page Manager or disgruntled employee to hijack the site by deleting all other admins.4. Remove some of the current downstream permissions: While smaller Pages might have a few people fulfilling multiple roles, larger Pages require degrees of specialization; LiveWorld believes that some of the current permissions are too broad and unnecessarily create security vulnerabilities in Page management. In this latest release, a Content Creator can add, delete, or modify an app, post status updates as the brand, respond to fan comments, create an advertising campaign, and have access to all the Page performance analytics. We believe that this is too much access for the role. An app developer, for example, does not usually need the ability to post status updates as the brand on a regular basis, nor to create an advertising campaign. However, such broad access might be appropriate in smaller companies where small teams are managing the Page. For larger companies, the name of the game is managing risk. From the technical perspective, brands don’t want people to be able to take their site down, either intentionally or accidentally, so the fewer people who have access to do that, the better. Confidential Page 6 of 7
  7. 7. From the content perspective, brands want the right people speaking at the right time, and also want to prevent people from either intentionally or accidentally posting something in the wrong place at the wrong time. 5. Create permission groups: One way to alleviate the situation described above is to structure access, and allow people to be in multiple permission groups. Thus, in the same Facebook marketing team, one Content Creator could have access to create status updates and get to the Insights, where another Content Creator might have permissions to make status updates and reply to comments, but not have access to Insights.Setting Admin PermissionsChanging current permissions for team admins is a quick and simple process. 1. Go to your Page and click Edit Page in the Admin panel. 2. Select Admin Roles from the left-hand navigation bar, and then click Manager for the person you want to assign to an admin role. 3. Select the appropriate admin access level and click Save at the bottom of the Page.That’s it! In just a few minutes, you can reassign access levels to all the current admins on your Pageand improve your security. When adding new admins, the Facebook default is to assign Manager-levelaccess, you will need to check that when adding members to your team. Confidential Page 7 of 7