Google Analytics has recently updated their User Management system from a simple role-based system (Admin and User? How primitive!) to a highly granular system; this includes three levels in the account hierarchy with four different types of permissions. What to do with all of these new access permutations?!
Firstly, let’s understand what each level in the hierarchy is:
1. Account - Your access point for Analytics, and the topmost level of organization. You cannot migrate historical data from one account to another. Thus, if you set up an account for a web property and then later want to move tracking to a separate account, you cannot currently migrate the data from the old account to the new account.
2. Property - Website, mobile application, blog, etc. An account can contain one or more properties.
3. Profile (View) - This was formally known as a profile in GA. The view is your access point for reports; a defined view of visitor data from a property. You give users access to a view so they can see the reports based on that view's data. A property can contain one or more views. You may have up to 50 profiles in any given Analytics account. Each Analytics Account will have at least one profile by default. When considering profiles and how they work, first remember that an Analytics account can track a single web property, or track many web independent properties. It is also important to remember that no matter how many properties you track in the account, each website must have at least one profile assigned to it. No data can travel from a website to Analytics without a profile that references the web property ID for the website. You can create more than one profile for a given website, and use filters to provide distinct report views for the website
Next, we have four levels of permission to give your users:
GA offers four different permissions that you can apply in many combinations:
1. Manage Users - Can manage account users (add/delete users, assign permissions). Does not include Edit or Collaborate.
2. Edit - Can perform administrative and report-related functions (e.g., add/edit/delete accounts, properties, views, filters, goals, etc., but not manage users), and see report data. Includes Collaborate.
3. Collaborate - Can create personal assets, and share them. Can collaborate on shared assets, for example, edit a dashboard or annotation. Includes Read & Analyze.
4. Read & Analyze - Can see reports and configuration data; can manipulate data within reports (e.g., filter a table, add a secondary dimension, and create a segment); can create personal assets, and share them, and see shared assets.
If this was a TL;DR for you, he’s a graphic to show you what a sample of permissions for a sample user:
One more new and useful feature to track Users is the change log. The Change History log is GA’s user accountability tool. This is a higher-level function within Admin and a user must have Edit permission at the Account level to view this. There are three elements that are tracked per action:
1. Date – the date and time of the activity.
2. Email – the user who performed the activity.
3. Activity – The item affected (account, user, goal, filter, view) and the action performed on that item (added, deleted, created).
Checking the log regularly will make catching and fixing mistakes much easier as it is easy to fix recent errors rather than months later. The log will keep records for 180 days, so you know if there have been any major changes to the account. Here’s a sample of the new log:
The increased control and granularity of access control has only benefits for organizations as it’s highly customizable, easy to use, and offer increased accountability for users.
As always, I’d love to hear from you! Feel free to leave your comments/questions below. I can be reached at firstname.lastname@example.org.