Access on Merch works one of two ways, depending on whether spend controls is enabled on your account.
- Standard access (default). Every teammate you invite gets the same access. Anyone on the account can place orders, approve proofs, run campaigns, see invoices, manage payment methods, invite teammates, and use the API.
- Spend controls enabled (opt-in). Three roles — Admin, Manager, and Sender — take effect, with hierarchical permissions: a Manager has everything a Sender has plus team-level controls, and an Admin has everything a Manager has plus account-level controls. Optional Teams let you group senders under a Manager with shared caps. See Roles, teams, and permissions for the full breakdown.
The rest of this page covers how access works in the standard mode, plus the principles that apply in both modes.
#What teammates can do in standard mode
Once invited and signed in, a teammate can:
- Browse My Products and the Product Catalog
- Place orders and approve design proofs
- Run campaigns and view recipient activity
- See invoices, receipts, and payment activity
- Manage saved addresses and default settings
- Invite other teammates and manage the user list
- Add and remove payment methods
- Generate API keys and connect integrations
#When you need stricter access
If you want a tighter model — view-only people, sending separated from billing, regional separation, per-team budgets — spend controls is the path. Once it's turned on, you get the Admin/Manager/Sender roles plus optional Teams to organize who can do what. Reach out to your account team to enable it.
#Removing access
In both modes, the most important lever you have is who is on the account. If someone should not be able to take an action, they should not be on the account. When a teammate leaves the company or changes roles internally, remove them from the Users page right away. Their sign-in stops working immediately, while their order history and comments stay attached to their name as a record.
See Team and users for the click path.
#Sensitive actions
Actions that touch money or account access — payment methods, auto-pay, API keys, removing teammates — are logged. When something changes, the rest of your team can see who did it and when, so accountability is built in regardless of which access mode you're on.
#Best practice
Keep the user list tight. The shortest path to a clean account is to invite people only when they need access and remove them as soon as they do not. If you're on spend controls, pair that with caps that match how your team actually buys, so the rules carry the load instead of relying on memory.