Google Analytics used to define users as administrators and users; now, however, they recognise all users as users, but with three possible types of access: edit, manage users and view.
In a move which should make life vastly simpler for everyone, Google has removed the restrictions which meant that certain types of user access could only be applied at certain levels. For example, administrator permissions had to be applied at the “web property” level, while those who needed to manage the access privileges of other users, even at the most basic level, had to be able to create profiles and manage goals and filters. In the refreshed Google Analytics environment, user access can be much more easily tailored to the needs of each individual user and their role in the business.
A quick overview of access levels
The Google Analytics hierarchy is:
- Account level
- Web Property level
- Profile level
Changes made at the Account level affect all the Web Properties and Profiles under that Account. Changes made to a Web Property affect that Web Property and the Profiles underneath it, but not any other Web Property under the same Account and changes made to any given Profile only affect that Profile. Click to expand the following screenshot:
An Account therefore is the highest possible element. A Web Property is essentially an ID attached to an account. The ID is used for collecting and storing data. It can be thought off in similar terms to a personal folder on a shared network drive. A Profile is essentially a reporting tool. It is used to analyse and present the data stored under the Web Property.
A quick overview of the new user access types
Edit: This type of access has the greatest degree of control over the data and a high degree of control over user accounts. In short, it can do pretty much everything except add, edit and delete users.
Manage Users: As the name suggests, this is the user access type, which can add and remove users and assign them permissions. They do not have the ability to control the data the way users with Edit privileges can.
View: This type of user can view reports and nothing else.
The key point to take away is that Google has made it possible for managers/administrators in individual business departments to take control of managing their users, while the management of the data itself will typically stay within the IT team.
Assigning appropriate access levels
A fundamental point to understand when assigning Google Analytics user accesses, is that lower-ranking elements in a hierarchy will inherit their user level from the elements above them and that these accesses can never be reduced but can be increased.
For example, if you assign Manage Users access at account level, then this will automatically be applied to all the Web Properties and Profiles under this account. Google Analytics will not allow you to downgrade any part of this user’s access to View only, but it will allow you to upgrade any part of it to Edit. With this in mind, the logical approach is to apply the highest degree of security at the account level, but be prepared to allow the user a higher degree of access at the lower levels.
Four golden rules for user management
1. Keep Edit access to a minimum
The fewer people can control the data, the cleaner it is likely to stay and unless the data is clean, there is very little point in using it.
2. Be generous with Manage Users
But assign accountability with responsibility. At the end of the day Google Analytic is a tool for marketers much more than for the IT team. Let them manage their own work and workers – as long as they do so within a framework set down by IT.
3. Pro-actively audit users
Every quarter send a reminder to the marketing department to confirm that all users in their team(s) still need access to Google Analytics and what type of access they require. Otherwise you will have to hope that somebody remembers to tell you when people leave, or else your user pool will grow to the size of an ocean. This will also help you avoid having to deal with users who’ve suddenly realised they need their permissions changed.
4. Explicitly ban staff sharing logins
While it’s highly likely that this is already covered by your user policy, it may be worth dropping a gentle reminder to staff that it also applies to Google Analytics. There are a number of issues with shared logins in general and in terms of Google Analytics, if everyone is creating customized dimensions and metrics under the same user details, it is only too likely to lead to confusion.
What are the advantages in the real world?
Leaving aside the possibility of being able to shift some administration onto the marketing department, possibly the single greatest advantage is the ability to assign different combinations of visibility and accessibility.
A marketing department may consist of several teams, each of which would like to be able to see what the others are doing and does not necessarily mind their colleagues seeing what they are doing, as long as they stick to looking rather than touching. With the new user accesses each team can get Edit access to its own data and View access to other teams’.
Depending on how this was set up, this might involve setting View access on one Web Property and Edit access on another, or it might mean setting View access on one web Property and View and Edit access on different profiles. This stems from the initial point of being able to increase accesses lower down the hierarchy but not increase them.
Using permissions really is quite important if there are several people/teams working on the same data. Google Analytics can help larger organisations to do this and provide valuable reporting on web sales, traffic and more.