User Roles and Permissions in HighLevel – Complete Guide

Updated: March 19, 2026  |  Author: Bill Stilwell

The Four Core HighLevel Roles

Agency Admin has full access to the agency dashboard, all sub-accounts, all Settings, and all billing. This is the owner-level access.

Agency User has access to sub-accounts they are assigned to but limited access to agency-level settings.

Location Admin has full admin access within a specific sub-account – they can manage Settings, Automation, Contacts, and Billing for that sub-account.

Location User has restricted access within a sub-account – typically Contacts, Conversations, and Calendars, without access to Automation or Settings.

Custom Permissions

Beyond the four standard roles, HighLevel’s custom permissions allow agencies to define exactly which sections and actions each role can access.

Hide the Automation section entirely from team members whose job is only conversation handling. Restrict billing visibility to agency admins only. Give specific team members access to one pipeline but not others.

Custom permission configuration is in the agency-level Settings under Team Management or Permissions.

Best Practices for Role Assignment

Assign the minimum role that allows the team member to do their job – the principle of least privilege protects client data and reduces the risk of accidental changes.

Review role assignments quarterly or when team members change responsibilities.

Enable Two-Factor Authentication for all admin-level accounts – an admin account with a weak password and no 2FA is a significant security risk.

Roles and Sub-Account Visibility

At the agency level, team members can be restricted to see only specific sub-accounts.

An account manager assigned to clients A, B, and C sees only those three sub-accounts in their agency dashboard – not all agency clients.

This segmented visibility protects client confidentiality, focuses team members on their work, and prevents accidental modifications to clients they are not responsible for.