Table of Contents
Organizations
An Organization represents a business; within an Organization, you can have multiple Projects (e.g. iOS app, Android app, etc.).
The first user of an Organization is the Admin. Each Organization must have at least one Admin. The Admin can assign various rights to additional invites, including other Admins. When a new user is invited they are a Viewer by default.
Permissions Model
Permissions exist at the Organization level. This means that users in your organization have access to all projects. Project-level permissions are also available for Enterprise plans. Please reach out to your Customer Success Manager to have this enabled.
To change user permissions in Amplitude, click on the "Settings" option along the left hand navigation.
Within the ORG SETTINGS section, select the "Team Members" option in the left sidebar. You will be able to invite and modify user permissions here. Note that only Admins and Managers can make changes on this page.
We encourage you to limit the number of new Amplitude Admins within your organization. For most cases, the Member role is sufficient. If you want a new Amplitude user to be able to see all content created by all users within your Organization in Amplitude, the Manager role is more appropriate. We recommend that the Viewer level is assigned to third parties or for users whom you do not want creating content visible to the whole organization.
Note: For Enterprise users that have the Insights package, any role can set custom monitors and subscribe to them.
| Title | Definition |
|---|---|
| Admin |
The account holder. Has access to payment/billing information, plan changes/upgrades, ability to add/remove users, create annotations, create new projects, delete/block filters, remove shared chart/dashboard links, visibility of the API Keys & Secret Keys, remove or edit segments. We recommend only having a few users who are Org Admins. |
| Manager | Has access to all content created within Amplitude, including undiscoverable dashboards and charts. We recommend this level for users that would like visibility into what other users are creating in Amplitude. Can also add/remove users, create annotations, delete/block filters, have visibility of the API Keys & Secret Keys, remove or edit segments, and create new projects. |
| Member | Can create dashboards, charts, and behavioral cohorts but cannot see objects that are undiscoverable. We recommend this level for the majority of Amplitude users in your Organization. |
| Viewer | Cannot create anything that is discoverable, but they can be made co-owners of undiscoverable items made by another user. Also, they cannot create shareable links or export cohorts to 3rd party integration partners. We recommend making third parties Viewers if you do not want them creating content that the rest of the organization can access. |
Note: Your charts are not completely private. Even when "Undiscoverable," a chart can still be viewed by all Managers and Admins.
Permissions Model (Enterprise)
Please reach out to your Customer Success Manager to have project-level permissions enabled.
Customers on the Enterprise plan have the ability to assign a unique role (Manager, Member, Viewer) per Project a user has access to. This enables multiple teams in your company to operate autonomously and manage their own datasets. For example, a user may have Manager-level permission in one project, but Viewer-level permission in another.
An illustrative example of Org-scoped role assignment in Acme Org
| Title | Definition |
|---|---|
| Org Admin |
Manager-level access to all Projects, along with the ability to configure org-scoped features like SSO, and the general “Settings” page that displays event quota utilization. Can archive and delete cohorts and segments created by other users. Only Org Admins will be able to approve requests from uninvited users to join the Org. We recommend only having a few users who are Org Admins. |
| Manager | Has access to all content created within Amplitude, including undiscoverable dashboards and charts. We recommend this level for users that would like visibility into what other users are creating in Amplitude. Can archive and delete cohorts and segments created by other users. Can create annotations, delete/block filters, have visibility of the API Keys & Secret Keys, and create new projects. Only Managers can configure event and property visibility and event activity. Managers will only be able to invite users and grant access to the Projects they are managing. |
| Member | Can create dashboards, charts, and behavioral cohorts but cannot see objects that are undiscoverable. We recommend this level for the majority of Amplitude users in your Organization. |
| Viewer | Cannot create anything that is discoverable, but they can be made co-owners of undiscoverable items made by another user. Also, they cannot create shareable links or export cohorts to 3rd party integration partners. We recommend making third parties Viewers if you do not want them creating content that the rest of the organization can access. |
Permission Groups (Enterprise)
Groups allows you to manage Amplitude user permissions at scale. With Groups, you can add multiple users to a Group and quickly assign them sets of permissions, allowing you to easily provision and manage your Amplitude organization.
For example, create Groups of users like "Marketing Team" or "Payments Team" and assign project permissions to them in bulk. This allows you to control different groupings of users rather than managing each individual user's permissions.
For more information on Permission Groups, please see this page.