How Do I See Who Has Access to My Facebook Ads?

Pix-Vu||4 min read
How Do I See Who Has Access to My Facebook Ads?

Quick Answer

To see who has access to your Facebook Ads Manager, go to business.facebook.com/settings > Users > People. You'll see every person with Business Manager access. To check who can access a specific ad account, click Accounts > Ad Accounts > select your account > Assigned People. Also check Partners and System Users for agencies and integrations.

The Three Places to Check Access

Facebook splits access across three layers. You must check all three to get the full picture.

1. People (Human Users)

  1. Go to business.facebook.com/settings
  2. Click Users > People
  3. You'll see a list of every person with access, their role (Admin or Employee), and their status (Active or Pending)
  4. Click any name to see which assets they're assigned to

2. Partners (Other Businesses)

  1. In Business Settings, click Users > Partners
  2. This shows agencies, consultants, or other businesses you've given access to
  3. Click any partner to see which assets they control

3. System Users (API Integrations)

  1. Click Users > System Users
  2. This shows automated tools, Zapier connections, and third-party apps with API access
  3. System users often have the most permissions and are the most commonly forgotten

Access Audit Checklist

LayerWhat to CheckRed Flag
PeopleCurrent employees, contractors, freelancersAnyone who left the company
PartnersAgencies, consultants, other Business ManagersPartners you fired or stopped using
System UsersAPI apps, Zapier, integration toolsApps you no longer use
PagesWho can publish posts and reply to messagesEx-employees still tagged as editors
PixelsWho can view conversion data and audiencesPartners with access to customer data
Ad AccountsManage vs Advertiser vs Analyst assignmentsAnyone with Manage who shouldn't have it
BillingFinance Editor and Finance Analyst rolesAnyone who can change payment methods
Run this audit quarterly at minimum. Monthly if you work with multiple freelancers or agencies.

How to Export the Full Access List

Facebook doesn't give you a native export, so use this workaround:

  1. In Business Settings > Users > People, take a screenshot of every page
  2. Click each user and screenshot their assigned assets
  3. Paste into a spreadsheet with columns: Name, Email, Role, Assets, Last Active, Action
  4. Save as your access register

For larger teams, use Meta's Graph API to pull the list programmatically — but this requires developer access and a long-lived token.

The Access Audit Template

AUDIT DATE: [YYYY-MM-DD]
BUSINESS MANAGER: [Name]

HUMAN USERS:
- Name | Email | Role | Last Active | Keep/Remove?

PARTNERS:
- Business Name | Type | Assets Shared | Active Contract? | Keep/Remove?

SYSTEM USERS:
- App Name | Permissions | Last API Call | In Use? | Keep/Remove?

ACTIONS TAKEN:
- [list removals and changes]

NEXT AUDIT DUE: [date]

Fill this out every quarter. It takes 15 minutes and prevents the most common security issue in Facebook advertising: inactive accounts with active permissions.

Signs Someone Has Unauthorised Access

Even if the user list looks clean, watch for these red flags in your Ad Account:

  • Campaigns created outside working hours without your knowledge
  • New audiences or pixels you don't recognise
  • Payment method changes you didn't make
  • Unfamiliar login locations in Security Center
  • Sudden budget increases on existing campaigns

If any of these happen, go immediately to Security Center > Activity Log to see who made the change.

Common Audit Mistakes

Mistake 1: Only checking People. System Users and Partners are the most dangerous because they're easy to forget. Check all three layers.

Mistake 2: Checking Ads Manager, not Business Manager. Ads Manager users are just a subset. Business Manager is where the master list lives.

Mistake 3: Trusting "Last Active" dates. System Users don't always show activity timestamps. An integration can be dormant for months and still have full permissions.

Mistake 4: Not checking Pixels separately. Someone removed from your ad account may still have Pixel access — which means they can still see your conversion data and customer audiences.

Why This Matters More Than You Think

Your Facebook Ad Account contains:


  • Customer email lists uploaded as custom audiences

  • Pixel data with purchase history

  • Payment methods linked to your business bank

  • Creative assets and brand IP

Stale access is a data leak waiting to happen. Auditing takes 15 minutes. Cleaning up a breach takes weeks.

Let Pix-Vu Be Your Only User

The easiest access audit is one you don't have to do. Pix-Vu runs your Facebook ads for you, which means your Business Manager only needs one user: you. No agencies, no freelancers, no forgotten partners.

Pix-Vu connects via secure API, handles creative, targeting, optimisation, and reporting — all 24/7 — for $99/month.

Start with Pix-Vu — 30-day money-back guarantee, zero permission headaches.

Ready to automate your Facebook ads?

Let AI handle your ad creative, targeting, and optimization. Launch profitable campaigns on autopilot.

Get Started Free
Back to all posts