Governance

How to Audit Who Has Access to Your TikTok

See exactly who can touch your TikTok — across the account itself, Business Center, ad accounts, and Shop — and remove anything that should no longer be there.

Access on TikTok builds up quietly. A freelancer added to Business Center two years ago, an agency Partner whose contract ended, a teammate who still shows in your ad account — none of these expire on their own. An audit is simply the act of walking every surface where access lives and confirming each person and partner still belongs there.

Why one list is never enough

TikTok spreads access across separate systems that do not talk to each other. The account has its own login and 2FA. Business Center holds the people and partners who work on your assets. Each ad account has its own user list. TikTok Shop runs on a separate Seller Center login with its own staff and partner model.

Because of that, someone you removed from Business Center can still sit inside an ad account, and a removed agency Partner can leave behind individual people they had assigned. A real audit checks every surface in one pass so nothing slips through the gaps between them.

Make the audit a habit, not a fire drill

Audits work when they are scheduled, scoped to every surface, and triggered by the right events.

  1. Principle 1

    Scheduled cadence

    A recurring calendar reminder beats a once-a-year scramble after something goes wrong. Put the next review date on the calendar before you close this one.

  2. Principle 2

    Cover every surface

    Account login and 2FA, Business Center people and partners, each ad account, and Shop staff — a person can hide in any one of them.

  3. Principle 3

    Event-triggered

    Always audit immediately when a teammate leaves, an agency engagement ends, or you notice activity you cannot explain.

  4. Principle 4

    Write down the result

    Record who has what and a next review date, so the following audit is a quick comparison rather than a fresh investigation.

Review cadence: Every quarter, plus on every departure and every agency offboarding.

What people miss when they audit

  • Checking Business Center but forgetting the ad accounts

    Ad accounts carry their own Admin / Standard / Analyst user lists. Someone removed from Business Center can still hold a seat directly inside an ad account.

    Why it happens: Business Center looks like the single source of truth, but ad-account user lists are managed separately.

  • Treating Shop as part of the same audit

    TikTok Shop sits behind a separate Seller Center login with its own staff and partner roles. It will not appear in your Business Center people list at all.

    Why it happens: Shop is a distinct product with its own access system, not a Business Center asset.

  • Removing a partner agency but leaving its people behind

    Ending a Partner relationship does not always sweep out the individual people the agency had assigned to your assets. Review individual access after every offboarding.

    Why it happens: Partner-level and person-level access are tracked separately.

    Already happened: Offboard a team member properly

Delvia

Access issues are easier to prevent when roles, owners, and responsibilities are recorded clearly

Most access problems trace back to the same gap — no clear record of who has access, what role they hold, and what should happen when that changes. Delvia helps you keep that record so problems are visible before they become incidents.

Delvia is free on iPhone and Android. Keep a clear record of who has access to your accounts — and what to do when that changes — wherever you are.