User Permissions

Updated

User permissions can be set for your team members using Roles. Project-level permissions and permission groups are also available for Enterprise customers who need more specific levels of security.

 

 

Organizations

An Organization represents a business; within an Organization, you can have multiple Projects (e.g. iOS app, Android app, etc.).

The first user of an Organization is the Admin. Each Organization must have at least one Admin. The Admin can assign various rights to additional invites, including other Admins. When a new user is invited they are a Viewer by default.

Learn how to create and manage organizations and projects here.

 

Permissions Model and Roles

User permissions exist at the Organization level. This means that users in your organization have the same access to all projects within the organization. 

NOTE: Project-level permissions are also available for Enterprise plans. Please reach out to your Customer Success Manager to have this enabled.

To change user permissions in Amplitude, click on the "Settings" option along the left hand navigation and navigate to Members. You will be able to invite and modify user permissions here. Note that only Admins and Managers can make changes on this page. 

Screen_Shot_2018-06-01_at_5.24.53_PM.png

 

Role

Permissions

Viewer

We recommend making third parties Viewers if you do not want them creating content that the rest of the organization can access.
  • Create, edit, and delete undiscoverable dashboards, charts, and behavioral cohorts. Viewers must be the owner of the content to edit and delete it.
  • Co-own undiscoverable content made by another user.
  • View project settings
  • View Govern (See events, properties, categories, descriptions. See planned and unexpected events.)
  • View Data Sources and Data Destinations
  • Connect account to Slack
  • Edit their own profile (name, title, team, password)
  • Edit their own email subscriptions
  • Set custom monitors and subscribe to them
  • Cannot create anything that is discoverable
  • Cannot create shareable links
  • Cannot export data to 3rd party integration partners

Member

Recommend role for the majority of Amplitude users in your Organization.

 All Viewer permissions and...
  • Can create discoverable dashboards, charts, and behavioral cohorts
  • Create custom events in Govern
  • Create Team Spaces
  • Edit Releases
  • Cannot search for content that is undiscoverable.

Manager

Recommended for users who need access to all content created within Amplitude (does not include undiscoverable dashboards and charts) and ability to make changes to project settings.

 All Member permissions and...
  • Add and remove users
  • Edit user role (permissions)
  • Create, edit, and delete Annotations
  • Visibility of API Keys & Secret Keys in project settings
  • Remove and edit saved segments
  • Create new projects
  • Edit project settings
  • Make edits in Govern - change, block, delete, drop, plan, approve/reject, transform
  • Add and edit data sources and data destinations
  • Transfer ownership of content they don’t own

Admin

The account holder(s). We recommend only having a few users who are Org Admins. The Admin role can only be granted/revoked by existing Admins.

 All Manager permissions and...
  • Remove shared chart and dashboard links
  • Change Sampling settings
  • Create permission groups
  • Delete organization or change organization name and URL - Admin must submit this request to the Amplitude Support team
  • Change org Admins

All Users
  • Cannot change full name of other users
  • Cannot change or reset password for other users
  • Cannot change their own role in the organization
  • Cannot remove themselves from the organization - to do so, request an Admin or Manager to remove you from the organization

 

Project-Level Permissions Model (Enterprise)

Please reach out to your Customer Success Manager to have project-level permissions enabled.

Customers on the Enterprise plan have the ability to assign a unique role (Manager, Member, Viewer) per Project a user has access to. This enables multiple teams in your company to operate autonomously and manage their own datasets. For example, a user may have Manager-level permission in one project, but Viewer-level permission in another. Users that do not have access to a project cannot view any content that belongs in that project.

An illustrative example of Org-scoped role assignment in Acme Org:

mceclip2.png

 

Note: When viewing all members of your organization, members will either be listed as User or Admin. If you are an Admin or Manager of a project in the organization, you can view and modify an individual member's role per project by clicking the checkbox next to the member's name and selecting "Manage Project Access". Managers will only be able to modify a user's role for the project that they are a manager of.

 

 

Permission Groups (Enterprise)

Groups allows you to manage Amplitude user permissions at scale. With Groups, you can add multiple users to a Group and quickly assign them sets of permissions, allowing you to easily provision and manage your Amplitude organization.

For example, create Groups of users like "Marketing Team" or "Payments Team" and assign project permissions to them in bulk. This allows you to control different groupings of users rather than managing each individual user's permissions.

For more information on Permission Groups, please see this page.

Was this article helpful?
20 out of 29 found this helpful
Have more questions? Submit a request
Return to top

Related articles