Well… do you know?
More specifically, do you know:
- Who is able to view and extract your organization’s data?
- Who has the ability to permanently alter your data by adding, editing, or deleting views and filters?
- Who is capable of adding or removing users and modifying their permissions?
- Who can add, edit, or remove tracking through your tag management tool?
And most importantly, do you know if they should have access?
If you are responsible for the integrity, quality, and security of your organization’s data, you need to know the answers to these questions at all times. (And if you are not the one responsible, you should find the person who is and make sure that they know these answers).
User management is one of the most misunderstood and frequently overlooked areas within Google Analytics and Google Tag Manager. Both GA and GTM offer the ability to set varying degrees of permissions for each user, and at each level within the account hierarchy.
However, Google is not going to manage your users for you.
It is your responsibility to understand what each degree of user permissions allows for and to assign those permissions as appropriate.
If reading this post hasn’t already prompted you to log into your GA (or GTM) account and check the User Management screen, go do it now!
Chances are you will see:
- At least one email ID that you don’t recognize
- An email address or 2 for someone who has left your organization
- An anonymous Gmail addresses (or more)
- People who have more permissions than what they need or should
If you don’t see “User Management” in your Admin panel, it’s because you don’t have “Manage Users” permissions.
The first step in taking a more proactive and deliberate approach to user management is to understand the available levels of permissions.
Google Analytics User Permissions
In GA, there are four types of permissions, summarized in the chart below. In addition, these can be assigned at the account-level, property-level, or view-level. To help you decide who deserves what, we have highlighted the permissions that should only be given to an administrator.
Each user can be assigned any or all of the above permissions. But observe that Collaborate includes Read & Analyze, and that Edit includes Collaborate.
The average GA user requires at most Collaborate permissions on a select set of views. Further, only an administrator should possess Edit access. “Edit” allows a user to make permanent changes to the data, and thus should be given out only sparingly.
Note that Manage Users permission is entirely independent of the other three. It is possible to have Manage Users in addition to one of the other permission levels or by itself. However, be aware that anyone with Manage Users access can change or heighten their own permissions.
Google Tag Manager User Permissions
In GTM, user permissions are a bit more self-explanatory. There are permissions set at the account level and container level:
At the account level, there are only two options: View, Edit, & Manage or View only. Any user with View, Edit, & Manage essentially has full administrative control over the entire GTM account and all containers within.
For each container, there are distinct degrees of permission from No Access up to full View, Edit, Delete, and Publish. As with Edit access in GA, the “Edit” and “Publish” permissions in GTM should be assigned deliberately and sparingly; only individuals responsible for managing your tagging implementation should have these administrative permissions.
Being cautious and deliberate with user permissions doesn’t mean you don’t trust your colleagues, developers, or agency partners. Rather, by assigning permissions on a “need to have” basis, you ensure that each person will be responsible and accountable with the ‘powers’ they are given.
Ultimately, a purposeful approach to user management will help reduce risk and maintain the quality and integrity of your data, enabling the analysis, insights, and actions that will drive value for your organization.