Users, groups, and permissions
Collaborate with multiple users on your experiments and manage access to your Optimize configuration and reporting data. Use this article to create and manage the roles and permissions of your Optimize users.
In this article:User manager
The Optimize user manager allows you to add, modify, and delete users and change their role.
To manage roles and permissions in Optimize:
- Navigate to your Accounts page.
- Click the Edit permissions button in the header of the account you want to manage [
].
- Click on the email of the user you wish to edit, or click the Add user button [
].
].
].Add a user
To add a user to your Optimize account:
- Click the Add user button to reveal the User details panel [
- Enter the email address.
- Click the drop-down menu next to each role to select the appropriate permission level.
- Click DONE when complete.
When you add a new User to an Optimize account, they get “Read” access to the containers within the account by default. When you add an Administrator to Optimize, they get “Publish” access to the containers within the account by default. You can change these permissions at any time in the User details panel.
Edit a user
You can edit a user’s account and container permissions in the user details panel. To edit a user:
- Click the appropriate email address in the user manager to expose the user details panel.
- Click the drop-down menu next to each role to select the appropriate permission level.
- Click DONE when complete.
You can delete a user by clicking DELETE USER at the bottom of the User details panel.
User roles
Optimize permissions are assigned and managed at the account and container level. The following roles are available at each level.
Account–level permissions
The following roles are available at the account level:
- User – Can view other users.
- Admin – Can view and manage users. Can create and view containers.
This table breaks down which features are available to which role at the account level:
| Users | Containers | |||||||
|---|---|---|---|---|---|---|---|---|
| Account | View | Manage | Create | View | Edit | Publish | Delete | Settings |
| User | Yes | - | - | - | - | - | - | - |
| Admin | Yes | Yes | Yes | Yes | - | - | - | - |
Container–level permissions
The following roles are available at the container level:
- No access – Can’t view containers or experiments.
- Read – Can view containers and experiments.
- Edit – Can view and edit containers and experiments. Cannot start experiments or change property linking.
- Publish – Can view, edit, and delete containers, experiments and property linking. Can start experiments.
Roles and features
This table breaks down which features are available to which role at the container level:
| Containers | ||||||
|---|---|---|---|---|---|---|
| Container | Create | View | Edit | Publish | Delete | Linking |
| No access | - | - | - | - | - | - |
| Read | - | Yes | - | - | - | - |
| Edit | - | Yes | Yes | - | - | - |
| Publish | - | Yes | Yes | Yes | Yes | Yes |
Advanced roles and features
Additional features are available at the container permission level which are described in the following table:
| Containers | Previews | Experiments | |||||
| Container | View | Linking | Share | View | Start/Stop | Edit | Archive |
| No access | - | - | - | Yes | - | - | - |
| Read | Yes | - | - | - | - | - | - |
| Edit | Yes | - | Yes | Yes | - | Yes | Yes |
| Publish | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
GMP user management for organization-linked accounts
Google Marketing Platform (GMP) includes a centralized user management system for Google Analytics, Tag Manager, and Optimize accounts.
Organization user managers
GMP organization user managers cannot grant any permissions – unless they also happen to be Optimize account admins. However, an organization user manager can revoke permissions for any user from Optimize account.
User Groups
You can assign user group permissions for an organization and for individual product accounts within the organization. Members of a group inherit that group's permissions.
Sensitive Optimize permissions
Certain Optimize permissions are considered sensitive and can't be granted via GMP user groups. Only Optimize account admins can grant sensitive permissions, which include:
Account–level permissions
-
Admin
Container–level permissions
-
Edit
-
Publish
Note: This is different than Google Tag Manager's (GTM) set of sensitive permissions.
Learn more about managing user groups in the Google Marketing Platform help center.
Linking to Analytics properties
Linking an Optimize container to an Analytics property requires the following permissions:
- Optimize container: Publish
- Google Analytics: Edit Property or higher
Permission denied errors
The most common causes for the "Permission Denied" error in Optimize is insufficient permissions to the Optimize container or to the linked Analytics property.
Permission errors in Optimize reporting
You need Read & Analyze (or higher) permission for the Google Analytics view that a container is linked to in order to view the Optimize Reporting tab.
Permission errors performing other actions
Users can check their permissions to both the account and containers within it via the steps in the Edit a user section above. See the User roles section for a description of each role and its associated permissions.
If the user appears to have all the correct permissions above and still gets Permission Denied errors, note exactly where these errors occur and contact us with as many details as possible.
Related video
Quick Tips: Managing Users and Permissions
Related resources
- Google Marketing Platform (GMP)
- User groups – GMP help
- User permissions – Analytics help
- User and permissions – Tag Manager help
- Set up Optimize
- Optimize videos