Users, groups, and permissions

Collaborate on experiments and manage access to data.

Collaborate with multiple users on your experiments and manage access to your Optimize configuration and reporting data. Use this article to create and manage the roles and permissions of your Optimize users.

In this article:
Multiple administrators recommended
 
If the sole administrator of your Optimize account changes roles, you can get locked out of your account. Plan ahead for how account ownership will be handled if a member of your team changes roles, and ensure that you have at least two active administrator accounts

User manager

The Optimize user manager allows you to add, modify, and delete users and change their role.

To manage roles and permissions in Optimize:

  1. Navigate to your Accounts page.
  2. Click the Edit permissions button  [] in the header of the account to open Account permissions.
  3. Select the user you want to edit, or click the Add button [] to add users or user groups.

Add a user

To add a user to your Optimize account:

  1. In Account permissions, click the Add button [] to add users.
  2. Enter the email address.
  3. Select the permissions you want to grant.
  4. Click Invite when complete.

Note: When you add a new User to an Optimize account, they get “Read” access to the containers within the account by default. When you add an Administrator to Optimize, they get “Publish” access to the containers within the account by default. You can edit these permissions at any time.

Edit a user's permissions

You can edit a user’s account and container permissions.

To edit a user's permissions:

  1. Select the user you want to edit.
  2. Select the permissions you want to grant.
  3. Click Save when complete.

You can delete a user by clicking Remove at the top of the panel.

User roles

Optimize permissions are assigned and managed at the account and container level. The following roles are available at each level.

Account–level permissions

The following roles are available at the account level:

  • User – Can view other users.
  • Admin – Can view and manage users. Can create and view containers.

This table breaks down which features are available to which role at the account level:

  Users Containers
Account View Manage Create View Edit Publish Delete Settings
User Yes - - - - - - -
Admin Yes Yes Yes Yes - - - -

Container–level permissions

The following roles are available at the container level:

  • No access – Can’t view containers or experiments.
  • Read – Can view containers and experiments.
  • Edit – Can view and edit containers and experiments. Cannot start experiments or change property linking.
  • Publish – Can view, edit, and delete containers, experiments and property linking. Can start experiments.

Roles and features

This table breaks down which features are available to which role at the container level:

  Containers
Container Create View Edit Publish Delete Linking
No access - - - - - -
Read - Yes - - - -
Edit - Yes Yes - - -
Publish - Yes Yes Yes Yes Yes

Advanced roles and features

Additional features are available at the container permission level which are described in the following table:

  Containers Previews Experiments
Container View Linking Share View Start/Stop Edit Archive
No access - - - Yes - - -
Read Yes - - - - - -
Edit Yes - Yes Yes - Yes Yes
Publish Yes Yes Yes Yes Yes Yes Yes

GMP user management for organization-linked accounts

Google Marketing Platform (GMP) includes a centralized user management system for Google Analytics, Tag Manager, and Optimize accounts.

Organization user managers

GMP organization user managers cannot grant any permissions – unless they also happen to be Optimize account admins. However, an organization user manager can revoke permissions for any user from an Optimize account.

User Groups

You can assign user group permissions for an organization and for individual product accounts within the organization. Members of a group inherit that group's permissions.

Sensitive Optimize permissions

Certain Optimize permissions are considered sensitive and can't be granted via GMP user groups. Only Optimize account admins can grant sensitive permissions, which include:

Account–level permissions

  • Admin

Container–level permissions

  • Edit

  • Publish

Note: This is different than Google Tag Manager's (GTM) set of sensitive permissions.

Learn more about managing user groups in the Google Marketing Platform help center.

Permission denied errors

The most common causes for the "Permission Denied" error in Optimize is insufficient permissions to the Optimize container or to the linked Analytics property.

Permission errors in Optimize reporting

Universal Analytics

You need the Viewer role (or higher) for the Google Analytics view to view the Optimize Reporting tab.

Google Analytics 4

You need the Viewer role (or higher) for the Google Analytics property in order to view the Optimize Reporting tab.

Permission errors performing other actions

Users can check their permissions to both the account and containers within it via the steps in the Edit a user section above. See the User roles section for a description of each role and its associated permissions.

If the user appears to have all the correct permissions above and still gets Permission Denied errors, note exactly where these errors occur and contact us with as many details as possible.

Quick Tips: Managing Users and Permissions

Was this helpful?
How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
Search Help Center
false
false
true
101337
false
false