For years, Google Analytics only had two options for permissions. They are pretty much the ones that you see here in this screenshot. You were either a user with read-only privileges, or you were an Admin with absolute, unlimited privileges, and really nothing in between. Admin was actually very dangerous and Admin could both edit the account settings and adjust the users. So as soon as you gave someone Admin, they could delete every other person in the account and lock everyone else out. But, the only other option was a read-only viewer, which is extremely limited and you can’t even see what the configuration of an account is, or what views it has, what filters have been applied, how the data sources are configured, and so on.
Now, you couldn’t even see what views existed unless you were granted access, which can be really confusing because you don’t even know what you don’t know. So, what invariably happened is that when many people would give out Admin permissions to others, not because they wanted them to have the ability to add and delete users, maybe because they want them to be able to manage the configuration of the analytics reports themselves and be able to see how they were configured. So, Google listened to that feedback, and those two different editing capabilities they realized they don’t need to be tied together in this kind of all or nothing choice. And, they’ve split them into four different permissions levels.
Let’s take a look at how this looks in the new interface. Okay, if I come here and I click on Admin, and then, I can go here to the overall account and click on User Management. I’ve got the different email addresses here, which correspond to the Google accounts that have access to this particular Google account. And then, I see the Account Permissions that are there. This previously all or nothing approach has been broken down into these four levels.Now, it’s important to note, though, they’re not necessarily inclusive, as you can have someone manage users but not edit, for example.
Now, folks with Manage Users permission,they can add and remove users. Think of the IT sysadmin type role. This isn’t necessarily something even a power user needs to have.Only a few folks in the organization really need to have the ability to add and remove users. The next one down, Edit, this is kind of for that power user one who cannot just read, but actually edit settings of the reports, the properties, the views. This person can manage goals. They can apply permanent filters to the view, and more. So, there is some danger here, but this is someone who is really kind of focused on the account configuration itself.So, Collaborate is similar to View, in that both cannot make the major edits we just discussed.
But while the read and analyze role can only create and share their own personal assets,such as notes stored as annotations, the Collaborative permission allows a person to edit those shared assets, such as those shared Dashboards or annotations from others. And, it’s important to notice that this permission level is not assigned necessarily only at the Account. It can be at the Property or the View level as well. And, this inheritance is one of a couple of subtle additions that I think we need to dive into. For example, if I come here and I click down on the name itself, then you’ll see I can see each one of these is going to be for the overall Base Account, and then, for the individual property and the individual views.
Now, before I go down this kind of route of this idea of an account and property and views, if you haven’t see the previous video in this chapter, I suggest you go back and take a look at that. It’s gonna give you an idea of how that hierarchy works inside of Google Analytics. And, it’s pretty critical for understanding of how these permissions then cascade down as well. And so actually, we’re gonna take a slide from that previous video here, because I want to point out something that’s a little bit different in this model. Okay, so while the login sits at the base of this pyramid, in the new model, you can also think of it somewhat sprinkled throughout, because I can give permission to a user, not just at this account level, but literally anywhere in this hierarchy.
For example, perhaps I wanna give Edit permissions to one property and for view, but only view to another user who happens to be on that particular view. Any of these permissions can be applied at any step of this hierarchy. I don’t have to give someone everything in the account. And at the same time, I can say I only want to give certain kinds of permissions at certain steps. So maybe, one view is gonna get one kind of permission, and one view can get another. There are a few gotchas to keep in mind, however.Permissions are inherited or cascaded, so they cannot reduce, but they can increase.
For example, down here I’ve got a user here who’s got view access at the Account level,which means they can view anything in the account. But then as we go to each of the properties, or up to the views, we go up in hierarchy. So editing, which is a more of a responsibility here and then, all the way up to Managing Users for this particular view. So, I can increase as we go up. But if I gave, for example, editing capabilities to the entire account, I couldn’t necessarily come in and reduce that down on the View level. So in case that’s confusing, let’s take a look at how this actually works, the real example, by adding a new user to each level.
So, let’s go ahead and add a new user. I’m gonna come down here and Add Permissions For. We’re gonna add my colleague Dave Booth, who some of you may know from the other Lynda.com courses, so dbooth. Okay, now we’re here at the Account level. So, I’m gonna go ahead and give Collaborate for the entire account. But, I also know Dave well enough to know he can get a little carried away. And so, I’m gonna have to restrict him from adding other users. We’re not gonna add that. And so, we are going to have him have the ability to add users to some particular views, though.
So, we’re gonna leave that for now. We’re gonna drill down to those individually. So, let’s go ahead and do that. We can come back to our main screen here. Now, this was at the entire Account level. I can go down to the next Property level as well. And so for this particular one, I wanna come in here to the User Management. And for Dave’s one, I’m going to say that he can have Edit permissions for this entire property, and save that. And then, we’re gonna go back and go down to the particular view. Now the Sandbox View, here Dave can do whatever he wants there.We’re gonna go ahead and give him full Manage Users on that.
And, maybe we’ll do the same for the main website data one as well. But the last one here, the unfilter the raw prestine, we’re gonna leave that one well enough alone.Okay, now what I can do is I can come back here to the Account level. I can click on Dave’s name and it will show me for all of each of these different, the account, the properties,and the individual views, what particular permissions are for that person. So, notice a little more complexity now with these increased options.
I think you’ll find that it’s much better suited to the realities of most businesses and organizations. And, it gives you much finer control over permissions, which helps make your account safer.