Last updated: January 29, 2024
With the advent of the new Google Analytics platform, making sure that you have user governance best practices in place should still be a priority so that you can ensure that the data can be accessed by only those that need the access, when they need it. User and data access management in Google Analytics, whether for Universal or for Google Analytics 4 (GA4), continues to be a feature that allows administrators to easily and effectively provision access. In a world where there is an increased need for security and privacy, users will need to be able to quickly understand and leverage GA4’s flexible and streamlined access and data-restriction features.
We’ll take a look at what roles are available in GA4 and how you can best use them within your organization.
Let’s very briefly review the GA4 account structure.
Accounts
At its highest level, a GA4 account operates under a single entity or organization and acts as a container for multiple properties. The account is governed by region-specific terms of service . Under the account, you can adjust data sharing settings to, for example, enable technical support as well as view the Product & Services and Data Processing terms. You can also specify user roles and settings, view all filters configured for all properties, and review account change logs.
Properties
All properties fall under the account, and can be representative of specific sites, user bases, mobile apps, brands, product lines, etc. For example, a financial institution might have different lines of business, such as small business banking, consumer banking, and insurance. Each of these lines may be tracked under a different property, but all under the same account. Property configurations include setting locale and vertical, provisioning user access, defining data streams, defining various data collection settings, and linking to various Google products, such as Ads and BigQuery.
Several roles are available under both Accounts and Properties. If a user’s access at the account level is greater than their access at the property level, then the property access will inherit the account access (ie. the account access takes precedence over the property access). If a user’s property access is greater than the account access, then that property’s access will take precedence over the account access but only for that particular property. In other words, the more permissive role will take precedence for the particular resource. A role will always include the permissions of the role below it. For example, the Editor role will include all of the permissions of the Analyst role.
Administrator
Administrators have full control within the account or property to which they have access. Full control includes being able add or remove users and assign roles and data restrictions, including to themselves, to any account or property that they are an administrator for.
Editor
Editors have full control at the account or property level. They can adjust access permissions but cannot add or remove users.
Marketer
Marketers can create, modify, and delete configurations including audiences, conversions, attribution models, events, and conversion windows.
Analyst
Analysts can create, modify, and delete account or property assets, such as dashboards and explorations, and can collaborate on shared assets.
Viewer
Viewers can see report data and account or property settings. They can also see shared assets, but they cannot collaborate on them.
None
No access is given to the user for the particular account or property.
Data Restrictions are provisioned under each account and property, along with the roles explained above. Data Restrictions allow you to configure whether a user can see metrics related to cost or revenue, and they are created and applied through access management. The two options for data restrictions include:
No Cost Metrics
User is restricted from seeing cost metrics in reports, explorations, audiences, insights, and alerts.
No Revenue Metrics
User is restricted from seeing revenue metrics in reports, explorations, audiences, insights and alerts.
Data Restrictions can be added directly at the account or property level, but they cannot be removed if they are inherited. For example, if a user is assigned “No Revenue Metrics” at the account level, then that user cannot see revenue metrics for any property in the account. “No Cost Metrics” could, however, be set for one or more of the properties in the account.
These restrictions may not apply if a user has received permissions for Google Analytics based on permissions in other Google products that are linked to Google Analytics.
User Groups are groupings of users that can be concurrently given permissions, at scale, for a particular account or property within the organization, or to the organization itself, simplifying the user provisioning and management process. Members assigned to the group inherit the group’s permissions, on top of any individual permissions that they have previously received.
It is possible to have nested user groups, which may be particularly useful for modeling complex organizational hierarchies. For example, an organization might have an all-employee user group, within which there may also be a Marketing Staff user group, a Technical Staff user group, and a Security Staff user group.
The benefit of using user groups is to allow for alignment of users, organizational structures, and permissions.
Whether your organization is well on its way to transitioning from Universal Analytics to Google Analytics 4, or if it’s about to engage in that process, it’s never too late to start thinking about implementing best practices for user organization and access management. Here are some key things to consider, especially as data privacy and user security have taken a spotlight on the analytics stage:
User governance should be a sensitive topic in every organization. Having the proper types of roles, and being able to easily and quickly manage users and provision access, at scale, goes a long way to help ensure that your users are only accessing what they need, when they need it. The new Google Analytics 4 platform continues to offer great features and controls to help your organization ensure that they are able to audit and adjust their users’ permissions in line with their security policies.
Check back here for updates on new and exciting features that will continue to improve your user and data access management. In the meantime, to learn more about the move to GA4, take a look at our Beginner’s Guide to Google Analytics 4.
The shift to GA4 is much more involved than a simple UI change; it is a complete measurement paradigm shift. Learn how to plan your adoption roadmap, integrate across the Google tech stack, and more.
As consumers become increasingly digitally savvy, and more and more brand touchpoints take place online,…
Marketers are on a constant journey to optimize the efficiency of paid search advertising. In…
Unassigned traffic in Google Analytics 4 (GA4) can be frustrating for data analysts to deal…
This website uses cookies.