How to assign user roles and permissions in Highspot for secure content management

If you’re in charge of managing content in your company’s sales stack, you know it’s not just about uploading files and hoping for the best. Letting the wrong people edit, delete, or share sensitive stuff in Highspot can mean chaos—or worse, a sales team running wild with outdated decks. This guide is for admins, sales ops, or anyone who needs to lock things down without making Highspot a nightmare to use. Let’s walk through how user roles and permissions actually work, what’s worth your time, and the stuff you can skip.

Why Roles and Permissions Matter in Highspot

Before we dive in, here’s the blunt truth: most security slip-ups aren’t because someone’s a hacker—it’s because someone clicked “share” when they shouldn’t have. Highspot gives you tools to control who can view, edit, or share content, but they’re only as good as your setup.

Done right: You keep your content tidy, your team productive, and your company out of trouble.
Done wrong: You’re cleaning up messes, fielding angry emails, or explaining to your boss why the wrong pitch deck went out.

Step 1: Get Clear on What You’re Protecting

Don’t just start assigning roles because “security is important.” Figure out:

  • What’s actually sensitive? (Pricing sheets, internal training, competitive docs, etc.)
  • Who really needs access? (Is it just sales reps, or do marketing and product folks need in too?)
  • What’s the worst that could happen if something leaks or gets changed?

Pro tip: Don’t overcomplicate. If everyone gets the same access “just in case,” you might as well not bother.

Step 2: Understand Highspot’s Permission Model

Highspot keeps things pretty straightforward, but there are a few quirks:

  • User Roles: These are broad—Admin, Spot Owner, Editor, Viewer, etc. Each comes with a default set of permissions.
  • Spot Permissions: Spots are Highspot’s way of grouping related content. Permissions can be set at the Spot level, so you can control who does what in each Spot.
  • Custom Groups: You can create groups (e.g., “East Coast Sales,” “Managers”) and assign permissions that way.

What works:
Roles make it easy to set up basic boundaries. Spots help you keep content organized and limit access without micromanaging every file.

What’s annoying:
If your org structure is a mess (lots of overlapping groups, unclear ownership), things get confusing fast. Take five minutes to map out who needs what before clicking anything.

Step 3: Assigning User Roles (The Right Way)

Here’s how to actually assign roles:

  1. Log in as Admin. Only Admins can change roles. If you’re not an Admin, stop here and ask for access.
  2. Go to Settings > Users.
  3. Pick a user (or multiple users).
  4. Choose the right role:
  5. Admin: Can do almost anything, including changing settings and managing users. Only give this to people you trust not to break stuff.
  6. Manager: Can manage spots and content, but not overall platform settings.
  7. Editor: Can add/edit content in assigned spots.
  8. Viewer: Can view but not change or share content.
  9. Save your changes.

Pro tip: Don’t hand out Admin rights like candy. If someone only needs to upload content, Editor is plenty.

Step 4: Setting Up Groups for Easier Management

If you’re assigning permissions user-by-user, you’re wasting time. Groups are your friend.

  • Create groups based on real teams or functions (e.g., “Field Sales,” “Executives,” “Onboarding Trainers”).
  • Go to Settings > Groups.
  • Add users to the right groups.
  • Assign roles and permissions at the group level wherever possible.

Why bother?
When someone joins or leaves a team, you just update the group—no hunting through every Spot.

Pitfall to avoid:
Don’t create a group for every little project or one-off request. It’ll become unmanageable.

Step 5: Adjusting Spot Permissions

This is where things get granular. Spots are Highspot’s secret weapon for organizing content and controlling access.

  1. Open the Spot you want to secure.
  2. Click the “Settings” or “Permissions” tab.
  3. Add or remove users and groups.
  4. Set permission levels:
    • Owner: Full control (edit, manage, share).
    • Editor: Can update content, but not manage Spot settings.
    • Viewer: Can only view/download.
  5. Review inherited permissions. Sometimes permissions “trickle down” from parent Spots—double-check what users are actually getting.

Honest take:
Don’t go wild and make a new Spot for every document. Use Spots for real categories (Product Collateral, Sales Playbooks) and keep the structure simple.

Step 6: Sharing Content Without Losing Control

Highspot lets you share content inside and outside your org. Here’s how to avoid disasters:

  • Internal Sharing: Users can share with others based on their Spot permissions.
  • Only people with Viewer or higher access can see shared content.
  • External Sharing: You can create shareable links for prospects or partners.
  • Set expiration dates and disable downloads if you’re worried about leaks.
  • Only share externally if you’re sure the content is scrubbed—no internal notes, pricing, or sensitive info.

What to ignore:
Don’t bother locking down every piece of boilerplate content. Focus on the stuff that would hurt if it got out.

Step 7: Audit Regularly—But Don’t Overdo It

Permissions aren’t “set it and forget it.” People change roles, teams shift, and what was once fine might become a problem.

  • Schedule a quarterly review of roles and Spot permissions.
  • Check for zombie accounts (users who’ve left the company).
  • Look for groups or Spots with “Everyone” permissions—these are usually the weak spots.

Pro tip:
Export a permissions report and scan it for anything that looks too generous. If something feels off, tighten it up.

Step 8: Balancing Security and Usability

You want to keep content safe, but if your setup is too strict, people will just work around it (think: emailing attachments or using personal drives).

  • Default to “least privilege.” Give people only what they need, but don’t make it a hassle to get legit access.
  • Be responsive. If someone needs access for a good reason, don’t drag your feet.
  • Document your process. A quick guide (even a shared doc) helps when handing off admin duties or onboarding new managers.

What Works, What Doesn’t, and What to Skip

  • Works: Using groups, keeping Spot structure simple, and reviewing permissions a few times a year.
  • Doesn’t: Assigning everything manually, over-segmenting Spots, or loading everyone up with Admin rights.
  • Skip: Locking down low-risk content or getting hung up on features you don’t actually need.

Wrapping Up: Keep It Simple and Iterate

Don’t let perfect get in the way of good enough. Get the basics in place, keep your Spot structure tidy, and review permissions now and then. Most of the headaches come from overthinking or ignoring the setup altogether. Stay flexible, keep it simple, and you’ll avoid 90% of the messes others run into.

If you’re still not sure what to lock down, remember—if you’d be embarrassed if it leaked, protect it. Everything else? Don’t lose sleep over it.