Set and edit user permissions

Updated

This article will help you:

  • Quickly add users to an organization and edit user permissions
  • Understand the different permissions associated with Amplitude's user roles
  • You may also find this course on administering Amplitude helpful.

User permissions define the level of Amplitude access a user in your organization will have. Usually, permissions are based on a user's role, though project-level permissions and permission groups are available for Enterprise customers who need the ability to better target levels of security.

The person who sets user permissions is the Admin. The Admin is the first user of any Amplitude organization, and each organization must have at least one Admin (any Admin can designate other users as Admins as well). When new users are first invited to an organization, they are assigned the viewer role by default.

In Amplitude, user permissions exist at the organization level. Once assigned a permission level, a user in an organization will then have the same level of access to all projects within that organization. 

Learn more about how to create and manage organizations.

User roles and permissions in Amplitude

Role

Permissions

Viewer

Recommended role for third parties, if you do not want them creating content that the rest of the organization can find.
  • Create, edit, and delete undiscoverable dashboards, charts, and behavioral cohorts. Viewers must be the owner of the content to edit and delete it.
  • Co-own undiscoverable content made by another user.
  • View project settings
  • View Govern (See events, properties, categories, descriptions. See planned and unexpected events.)
  • View data sources and data destinations
  • Connect user account to Slack
  • Edit their own profile (name, title, team, password)
  • Edit their own email subscriptions
  • Set custom monitors and subscribe to them
  • Share content they create with others

Note that Viewers:

  • Cannot create anything that is discoverable, including saved segments
  • Cannot create shareable links
  • Cannot export data to third-party integration partners

Member

Recommend for the majority of Amplitude users in your organization.

 All Viewer permissions, plus:

Note that Members:

  • Cannot search for content that is undiscoverable.

Manager

Recommended for users who need access to all content created within Amplitude (does not include undiscoverable dashboards and charts) and ability to make changes to project settings.

 All Member permissions, plus:
  • Add and remove users
  • Edit user role (permissions)
  • Create, edit, and delete annotations
  • Visibility of API keys and secret keys in project settings
  • Remove and edit saved segments
  • Create new projects
  • Edit project settings
  • Make edits in Govern: change, block, delete, drop, plan, approve/reject, transform, derive 
  • Add and edit data sources and data destinations
  • Transfer ownership of content they don’t own

Admin

The highest-level permissions set in an organization. We recommend limiting the number of users in an organization who are Admins. The Admin role can only be granted or revoked by existing Admins.

 All Manager permissions, plus:
  • Remove shared chart and dashboard links
  • Mark content as "Official Content"
  • Change Sampling settings
  • Create permission groups
  • Delete organization or change organization name and URL (the Admin must submit this request to the Amplitude Support team)
  • Change org Admins

All users
  • Cannot change full name of other users
  • Cannot change or reset password for other users
  • Cannot change their own role in the organization
  • Cannot remove themselves from the organization. To do so, request an Admin or Manager remove you from the organization.

Add users to your organization

To add users to your organization and assign them user roles, follow these steps:

  1. Navigate to gear_icon_for_settings.pngMembers. The Team Members page will open.
  2. Click Invite New Users.
  3. Type the email address of the user you want to add. Then press Enter. The user will appear in the list of members to be invited.
  4. From the Role dropdown, select the appropriate role for that person. You may also optionally specify a team space for that user.
  5. Repeat steps 3 and 4 until all the users you want to add are listed. Then click Next.
  6. From the Default Project dropdown, select the project the user is likely to work on the most. Then click Next.
  7. Review your work and click Send Invites when you're ready.

Change user permissions based on user roles

To change user permissions in Amplitude, follow these steps:

  1. Navigate to gear_icon_for_settings.pngMembers. The Team Members page will open.
  2. Check the box next to the name of the user whose permissions you'd like to edit. You can select multiple users at once.
  3. Click on Manage Project Access.
  4. In the modal that appears, find the project you want to adjust permissions for and check the checkbox next to it. You can select multiple projects at once. 
  5. From the Role dropdown, choose the new permission level you'd like to assign to the users you selected in step 2, for each project you selected in step 4.

    NOTE: You will not be able to change the role for the only Admin in an organization.

  6. To remove a user's permissions, click Remove. Doing so will remove the user from the organization and eliminate all access provisions. 

Project-level permissions

With project-level permissions, a user can have a different role for each project within an organization. This enables multiple teams in your company to operate autonomously and manage their own datasets. For example, a user may have Manager-level permission in one project, but Viewer-level permission in another. Users without access to a project cannot view any content that belongs in that project.

mceclip2.png

NOTE: Project-level permissions are available to customers on an Enterprise plan only.

When viewing all members of your organization, members will either be listed as User or Admin. If you are an Admin or Manager of a project in the organization, you can view and modify an individual member's role per project by clicking the checkbox next to the member's name and selecting "Manage Project Access". Managers will only be able to modify a user's role for the project where they are a manager.

Please reach out to your Customer Success Manager to enable project-level permissions as this is not enabled by default.

Permission groups

Also available exclusively to customers on an Enterprise plan, permission groups allow you to manage Amplitude user permissions at scale. You can add multiple users to a group and quickly assign them sets of permissions, allowing you to easily provision and manage your Amplitude organization.

For example, create groups of users like "Marketing Team" or "Payments Team" and assign project permissions to them in bulk. This allows you to control different groupings of users rather than managing each individual user's permissions.

Learn more about permission groups in Amplitude. Please reach out to your Customer Success Manager to enable project-level permissions. 

Was this article helpful?
26 out of 39 found this helpful
Have more questions? Check out the Amplitude Community.
Return to top

Related articles