User permissions can be set for your team members using Roles. Project-level permissions and permission groups are also available for Enterprise customers who need more specific levels of security.
Table of Contents
- Organizations
- Permissions Model
- Project-Level Permissions Model (Enterprise)
- Permission Groups (Enterprise)
Organizations
An Organization represents a business; within an Organization, you can have multiple Projects (e.g. iOS app, Android app, etc.).
The first user of an Organization is the Admin. Each Organization must have at least one Admin. The Admin can assign various rights to additional invites, including other Admins. When a new user is invited they are a Viewer by default.
Permissions Model
Permissions exist at the Organization level. This means that users in your organization have the same access to all projects within the organization.
NOTE: Project-level permissions are also available for Enterprise plans. Please reach out to your Customer Success Manager to have this enabled.
To change user permissions in Amplitude, click on the "Settings" option along the left hand navigation and navigate to Members. You will be able to invite and modify user permissions here. Note that only Admins and Managers can make changes on this page.
We encourage you to limit the number of new Amplitude Admins within your organization. For most cases, the Member role is sufficient. If you want a new Amplitude user to be able to see all content created by all users within your Organization in Amplitude, the Manager role is more appropriate. We recommend that the Viewer level is assigned to third parties or for users whom you do not want creating content visible to the whole organization.
Note: For Enterprise users that have the Insights package, any role can set custom monitors and subscribe to them.
| Title | Definition |
|---|---|
| Admin |
The account holder. Has access to payment/billing information, plan changes/upgrades, ability to add/remove users, create annotations, create new projects, delete/block filters, remove shared chart/dashboard links, visibility of the API Keys & Secret Keys, remove or edit segments. We recommend only having a few users who are Org Admins. |
| Manager | Has access to all content created within Amplitude (not including undiscoverable dashboards and charts). We recommend this level for users that would like visibility into what other users are creating in Amplitude. Can also add/remove users, create annotations, delete/block filters, have visibility of the API Keys & Secret Keys, remove or edit segments, create new projects, and edit taxonomy such as adding event descriptions. |
| Member | Can create dashboards, charts, and behavioral cohorts but cannot see objects that are undiscoverable. We recommend this level for the majority of Amplitude users in your Organization. |
| Viewer | Cannot create anything that is discoverable, but they can be made co-owners of undiscoverable items made by another user. Also, they cannot create shareable links or export cohorts to 3rd party integration partners. We recommend making third parties Viewers if you do not want them creating content that the rest of the organization can access. |
Project-Level Permissions Model (Enterprise)
Please reach out to your Customer Success Manager to have project-level permissions enabled.
Customers on the Enterprise plan have the ability to assign a unique role (Manager, Member, Viewer) per Project a user has access to. This enables multiple teams in your company to operate autonomously and manage their own datasets. For example, a user may have Manager-level permission in one project, but Viewer-level permission in another.
An illustrative example of Org-scoped role assignment in Acme Org
| Title | Definition |
|---|---|
| Org Admin |
Manager-level access to all Projects, along with the ability to configure org-scoped features like SSO, and the general “Settings” page that displays event quota utilization. Can archive and delete cohorts and segments created by other users. Only Org Admins will be able to approve requests from uninvited users to join the Org. We recommend only having a few users who are Org Admins. |
| Manager | Has access to all content created within Amplitude (not including undiscoverable dashboards and charts). We recommend this level for users that would like visibility into what other users are creating in Amplitude. Can archive and delete cohorts and segments created by other users. Can create annotations, delete/block filters, have visibility of the API Keys & Secret Keys, create new projects, and edit taxonomy such as adding event descriptions. Only Managers can configure event and property visibility and event activity. Managers will only be able to invite users and grant access to the Projects they are managing. |
| Member | Can create dashboards, charts, and behavioral cohorts but cannot see objects that are undiscoverable. We recommend this level for the majority of Amplitude users in your Organization. |
| Viewer | Cannot create anything that is discoverable, but they can be made co-owners of undiscoverable items made by another user. Also, they cannot create shareable links or export cohorts to 3rd party integration partners. We recommend making third parties Viewers if you do not want them creating content that the rest of the organization can access. |
Note: When viewing all members of your organization, members will either be listed as User or Admin. If you are an Admin or Manager of a project in the organization, you can view and modify an individual member's role per project by clicking the checkbox next to the member's name and selecting "Manage Project Access". Managers will only be able to modify a user's role for the project that they are a manager of.
Permission Groups (Enterprise)
Groups allows you to manage Amplitude user permissions at scale. With Groups, you can add multiple users to a Group and quickly assign them sets of permissions, allowing you to easily provision and manage your Amplitude organization.
For example, create Groups of users like "Marketing Team" or "Payments Team" and assign project permissions to them in bulk. This allows you to control different groupings of users rather than managing each individual user's permissions.
For more information on Permission Groups, please see this page.