DV360 Remove User Access

How to revoke user access and offboard team members from DV360. Covers account deletion, API key revocation, partial access removal, and security.

Remove User Access

Use this process to offboard users from Display & Video 360 (DV360). Properly removing access protects your partner account from unauthorized activity, maintains compliance, and ensures business continuity.

Removing a user is permanent and cannot be undone. Always transfer asset ownership before removal.

When to Remove Users

Remove DV360 access when:

Employee leaves the organization
Agency contract ends or agency no longer manages specific advertisers
User changes roles and no longer requires DV360 access
Security or compliance teams request removal due to policy violation or audit
Temporary contractor's project concludes (seasonal campaign, product launch, etc.)
User has been inactive for 90+ days per access policy
Finance or legal requests removal for billing or compliance reasons
Consolidating access to different partner account or role change
User needs downgrade to read-only rather than full removal

Deactivation Triggers

Common triggers for immediate removal:

Employee termination: Revoke access same day as termination date
Agency contract termination: Remove within 24 hours of contract end
Role change: If transitioning to non-advertising role, assess removal vs. read-only
Security incident: Immediately remove if credentials compromised or policy violated
Quarterly access review: Remove users inactive for 90+ days per governance policy
Policy violations: Remove per security team or compliance request
Duplicate accounts: Remove redundant user accounts or old email addresses

Pre-Removal Assessment

Before removing a user, complete the following assessment:

Identify access level

Determine if user has:

Partner-level access: Removal clears access to all advertisers under partner
Advertiser-level access: Must remove from each advertiser individually
Billing visibility: Removal affects who can see invoices and payment details
API credentials: Removal may break automated integrations
Floodlight ownership: Removal transfers or orphans conversion tags

Identify owned assets

Campaign assets:

Insertion orders they created or manage
Line items and campaigns
Creative assets they uploaded
Saved audience lists
Custom bidding strategies

Configuration assets:

Floodlight activities and tags they configured
Audience segments they created
Inventory sources they set up
Data transfer configurations

API and integration assets:

API keys or service accounts
SDF (Structured Data Files) upload credentials
Automated reporting scripts
Third-party integrations

Transfer ownership

For each asset identified:

Identify new owner (must be another Administrator)
Transfer Floodlight activity ownership in Floodlight configuration
Document transfer in handoff notes
Notify new owner of transferred responsibilities
Verify new owner can access and manage assets

Critical: Floodlight activities and audience lists require explicit ownership transfer. If user is only Administrator with Floodlight ownership, transfer before removal.

Confirm approval

Obtain written approval from:

User's manager or partner account owner
Finance or HR if due to termination
Security or compliance if part of audit or incident response
Legal if contractual or vendor-related removal

Save approval in ticketing system or access log for audit trail.

Removal Steps

Step 1: Access user management

Sign in to Display & Video 360
Navigate to the correct Partner from the partner selector
Go to Settings (gear icon) → User Management
Verify you have Administrator access before proceeding

Step 2: Review current access

Locate user in the active users list
Review their:
- Current role (Administrator, Standard, Read-only, Billing, Finance)
- Access level (Partner-wide or specific advertisers)
- Advertiser assignments (if advertiser-level)
- Billing visibility status
Screenshot user details for compliance and audit record
Document in access log or ticket

Step 3: Transfer Floodlight ownership (if applicable)

If user is Administrator with Floodlight activities:

Navigate to Advertiser → Floodlight → Configuration
Identify Floodlight activities owned by the user
Change owner to another active Administrator
Verify transfer successful
Document ownership change

Step 4: Revoke API credentials (if applicable)

If user has API keys or service account access:

Navigate to Settings → API Access or Service Accounts
Identify credentials tied to the user
Deactivate or delete API keys
Transfer service account ownership to another Administrator
Notify teams using those credentials that rotation is needed

Step 5: Remove user

For partner-level access:

Find user in User Management
Click Remove or Delete
Confirm removal when prompted
User immediately loses access to all advertisers

For advertiser-level access:

Option A: Click Remove to delete user completely
Option B: Click Edit and deselect specific advertisers to reduce access without full removal
Confirm changes
Verify advertiser list updated

For reducing role instead of full removal:

Click Edit for the user
Change role to Read-only if they need reporting access only
Adjust advertiser scope if needed
Save changes

Step 6: Verify removal

Refresh User Management page
Confirm user no longer appears in active users list (or has updated role/advertisers)
Screenshot updated list for audit trail
Check both partner-level and advertiser-level user lists to confirm removal
Verify billing access removed if applicable

Post-Removal Tasks

Update documentation

Update the following:

Access log or ticketing system:
- User email and name
- Date removed
- Reason for removal (e.g., "Employee termination," "Contract ended," "Quarterly review")
- Approver name and approval date
- Access level removed (Partner or Advertiser, specific advertisers)
- Role removed (Administrator, Standard, Read-only, etc.)
- Assets transferred and new owners
- Screenshots attached
SSO/IAM directory: Remove user from DV360 access groups
Internal roster: Update team roster, org charts, or RACI matrices
Floodlight documentation: Update ownership records
API documentation: Update credentials and service account ownership

Notify stakeholders

Inform user of removal if appropriate (non-termination scenarios)
Alert team members who collaborated with removed user on campaigns
Notify new asset owners of their new responsibilities
Update documentation or runbooks referencing the removed user
Inform finance team if user had billing access

Audit remaining users

Post-removal audit checklist:

Verify user fully removed from both partner and advertiser levels
Check for duplicate accounts or old email addresses for same user
Review other users' access for similar cleanup needs
Flag Administrators who no longer need that role for downgrade
Identify inactive users for next review cycle
Verify Floodlight ownership distributed among multiple Administrators

Rotate credentials

If removed user had sensitive access:

Rotate API keys and service account credentials
Update SDF upload credentials if user had access
Change shared passwords if any were in use (not recommended practice)
Review audit logs for user activity before removal
Notify security team if removal was due to incident

Schedule next review

Add removal to quarterly access review log
Set reminder to review all users in 90 days
Document any access patterns to improve future onboarding/offboarding

Troubleshooting

Cannot remove user because they own Floodlight activities:

Transfer Floodlight activity ownership first in Floodlight configuration
If blocked, contact Google DV360 support
Ensure new owner is an Administrator

User removed but can still access:

Verify removed from correct partner account
Check if user has access through different partner or advertiser
User may be cached - have them log out and clear browser cache
Contact Google support if access persists after 24 hours

Need to restore removed user:

Removal is permanent; cannot restore or undo
Re-invite user through Add User workflow if needed
User will receive new invitation and must re-accept
Rebuild advertiser assignments and role

User had billing access and invoices no longer accessible:

Ensure another Administrator or Billing user has billing visibility enabled
Verify billing toggle enabled for remaining users
Add new billing user if needed
Contact Google support if invoices inaccessible

User had API credentials and integrations broke:

Integrations using user's API keys will fail after removal
Rotate API credentials to new user before removal to prevent downtime
Update scripts, ETL jobs, and reporting tools with new credentials
Test integrations after credential rotation

User was only Administrator with Floodlight ownership:

Must transfer ownership before removal or Floodlight configs may become inaccessible
Promote another user to Administrator first if needed
Transfer ownership, then proceed with removal
Keep at least 2 Administrators to prevent lockouts

Removing advertiser-level access but user still appears:

If user has partner-level access, they retain access to all advertisers
Must remove at partner level to fully revoke
Advertiser-level edits only work for advertiser-scoped users

Best Practices

Remove access same day as termination or contract end date
Always transfer ownership of Floodlight activities and audiences before removing
Screenshot before and after removal for compliance and audit trails
Run quarterly access reviews to identify and remove inactive users
Document every removal with date, reason, approver, and transferred assets
Verify removal at both partner and advertiser levels to ensure full removal
Rotate API keys and service accounts when removing Administrators
Keep at least 2 Administrators to prevent partner lockout scenarios
Use read-only role instead of removal if user needs reporting access
Maintain access matrix showing all current users, roles, and advertisers
Save approval documentation for compliance and audit purposes
Notify affected teams when removing users with shared responsibilities
Test Floodlight tags after ownership transfer to ensure continuity
Review billing access to ensure invoices remain accessible after removal

Common Use Cases

Employee termination:

Receive termination notice from HR
Transfer Floodlight activities and campaigns to manager
Rotate API credentials if user was Administrator
Remove user same day as termination
Screenshot and document removal
Update internal rosters and access logs

Agency contract ends:

Confirm contract end date with procurement or legal
Transfer campaigns back to internal team or new agency
Transfer Floodlight ownership if agency managed conversion tracking
Remove agency users within 24 hours of contract end
Update vendor contact list and access documentation

Role change to non-digital:

Confirm role change with manager
Assess if Read-only access needed for reporting or oversight
If no access needed, transfer assets and remove completely
If read-only needed, edit user to downgrade to Read-only role
Document change and reason

Quarterly access review cleanup:

Export user list from User Management
Cross-reference against HR roster and project assignments
Identify users who left organization or haven't logged in for 90+ days
Transfer assets and remove inactive users
Document batch cleanup in access log

Security incident or policy violation:

Receive removal request from security or compliance team
Immediately remove user to prevent further access
Document incident and removal
Transfer ownership after removal (unless security team advises otherwise)
Rotate API keys and credentials
Report completion to security team

Contractor project completion:

Confirm project completion date with project manager
Transfer deliverables and campaign ownership to internal team
Remove contractor access within 48 hours of project end
Document removal and project completion
Archive contractor documentation

Nach oben