Modify the collaborator's Plausible permissions when site coverage or responsibilities change. Plausible's role model is simple but requires careful management when access requirements evolve across multiple sites.
Understanding Role Changes
Plausible access modifications typically involve:
Role Elevation (Viewer → Administrator)
When the collaborator needs to:
- Configure new goals or custom events
- Set up integrations with Google Search Console
- Manage custom properties and segments
- Configure email or Slack notifications
- Support implementation or debugging tasks
- Add or remove other team members
Role Reduction (Administrator → Viewer)
When engagement scope narrows to:
- Reporting and analysis only
- Data export and presentation creation
- Monitoring performance without modification capability
- Reduced security risk after implementation phases complete
Site Coverage Changes
- Adding access to newly launched sites or domains
- Removing access to sites no longer in engagement scope
- Adjusting multi-site portfolios as contracts expand or contract
When to Update
Engagement Scope Changes
- New domains are added to your Plausible account and the collaborator needs access.
- Engagement scope narrows and the collaborator should move from Administrator to Viewer rights.
- Client acquires additional properties requiring analytics coverage.
- Specific sites transition from active implementation to maintenance mode.
Security and Compliance Updates
- Your security team introduces MFA requirements or password rotation policies.
- Annual access reviews identify over-privileged accounts.
- Audit findings require documentation of role justifications.
- Data processing agreements change requiring access adjustments.
Organizational Changes
- Collaborator changes roles or responsibilities within their organization.
- Project handoffs require permission transfers between team members.
- Temporary elevated access expires after specific tasks complete.
- Service account consolidation or credential rotation initiatives.
Update Workflow
Changing an Existing User's Role
- Sign in to Plausible and navigate to the relevant site dashboard.
- Go to Settings → Team to view current team members.
- Locate the collaborator's account in the member list.
- Click the role dropdown next to their email address.
- Select the new role:
- Administrator for full site management capabilities
- Viewer for read-only access
- Save the change - updates take effect immediately.
- Document the modification in your IAM tracker with the date, site, old role, new role, and justification.
- Repeat for each site requiring the same role adjustment.
Adding Access to New Sites
When the collaborator needs access to additional sites:
- Navigate to the new site's dashboard.
- Go to Settings → Team.
- Click Invite team member (even if they already have access to other sites).
- Enter the collaborator's service account email.
- Select the appropriate role based on their responsibilities for this site.
- Send the invitation and document the addition.
Note: Plausible manages permissions per-site, so existing access to Site A doesn't automatically grant access to Site B. Each site requires a separate invitation.
Removing Access to Specific Sites
When the collaborator should no longer access certain sites:
- Open the site dashboard they should no longer access.
- Navigate to Settings → Team.
- Find the collaborator's account and click Remove (trash icon).
- Confirm the removal in the dialog.
- Document the removal with the reason and date.
Bulk Updates Across Multiple Sites
For organizations managing many Plausible sites:
- Create a spreadsheet listing all sites and the collaborator's current access.
- Mark which sites need role changes or access removal.
- Process each site individually (Plausible has no bulk management interface).
- Track progress in the spreadsheet to avoid missing sites.
- Consider scripting via Plausible API if managing dozens of sites.
Communicating Changes
Notify the Collaborator
Inform the collaborator's project lead about:
- Which sites had permissions modified
- The new role assigned (or confirmation of removal)
- Effective date of the change
- Reason for the modification (if appropriate to share)
- Any impact on their current workflows
Internal Documentation
Update your access records with:
- Request ticket or approval reference
- Date and time of the change
- Site(s) affected
- Previous and new roles
- Requester and approver names
Validation
Immediate Verification
- Confirm the Team list reflects the updated role for each affected site.
- Check that pending invitations (if adding new sites) show the correct role.
- Verify removed access no longer appears in any site's team list.
Collaborator Validation
- Ask the collaborator to log in and verify the correct sites appear in their dashboard.
- For role changes, have them confirm they can (or cannot) access settings and configuration based on the new permissions.
- For new site additions, verify the site appears and data is visible.
Testing Role Permissions
If changing from Administrator to Viewer:
- The collaborator should no longer see Settings options.
- Goal and event configuration pages should be inaccessible.
- Team management features should be hidden.
- Data viewing and export should still function.
If elevating from Viewer to Administrator:
- Settings and configuration options should now be visible.
- The collaborator should be able to create test goals.
- Team page should be accessible.
Documentation Review
- Record the change in your IAM tracker along with the request and approval details.
- Update any site-to-user access matrices or spreadsheets.
- Archive screenshots showing before and after states if required for compliance.
- Log any API key rotations that accompanied the role change.
Related Considerations
API Access Management
- Update API keys or automation tokens if privilege levels change.
- Viewer accounts typically don't need API access - revoke keys when downgrading.
- Generate new API keys for elevated accounts requiring programmatic access.
- Document API key lifecycle in your security log.
- Rotate API keys quarterly or when team membership changes.
Self-Hosted Plausible
If you manage a self-hosted instance:
- Ensure server-level credentials are adjusted separately from web UI access.
- Role changes in the UI don't affect SSH or database access.
- Review Docker container access if the collaborator previously had deployment responsibilities.
- Verify backups and logs reflect the access changes.
Integration and Notification Settings
- Review Slack or email alert subscriptions to ensure the collaborator continues (or stops) receiving notifications based on the new role.
- Google Search Console integrations may need reconfiguration if removing Administrator access.
- Email report subscriptions should be updated to reflect new site access.
- Webhook configurations owned by the collaborator's account may need transfer.
Downstream Systems
- If Plausible data feeds into other tools (BI platforms, data warehouses), update those access controls independently.
- Service account credentials for automated reporting may need rotation.
- Custom integrations using the collaborator's API keys require updates.
Common Scenarios
Quarterly Access Reviews
- Export team member lists from all sites.
- Compare against active engagement spreadsheet.
- Identify accounts with excessive permissions or outdated access.
- Batch update roles or remove access as needed.
- Document justifications for retained access.
Project Phase Transitions
- Discovery → Implementation: Elevate from Viewer to Administrator for goal configuration.
- Implementation → Maintenance: Reduce from Administrator to Viewer once setup completes.
- Engagement End: Remove all site access and rotate any API keys.
Emergency Access Revocation
If immediate access removal is required:
- Navigate to each site's Team page.
- Remove the collaborator from all sites immediately.
- Rotate API keys they may have accessed.
- Document the incident and reason for emergency removal.
- Notify stakeholders and follow up with formal removal confirmation.
Security Best Practices
- Apply the principle of least privilege - grant only the minimum role necessary.
- Review role assignments quarterly even if engagement scope hasn't changed.
- Require re-approval for Administrator access renewals.
- Document business justification when maintaining Administrator access long-term.
- Set calendar reminders to review access after project milestones.
- Use dedicated service accounts rather than personal emails to simplify role tracking.
Troubleshooting Role Updates
Role change doesn't appear immediately
- Refresh the Team page to confirm the change saved.
- Ask the collaborator to log out and back in to pick up new permissions.
- Clear browser cache if old role persists.
- For self-hosted, verify database changes committed successfully.
Can't change role (option grayed out)
- Ensure you have Administrator access to the site.
- Site owners may have restrictions on role modification.
- For self-hosted, check user management permissions in your Plausible configuration.
Collaborator reports different access than expected
- Verify they're logged in with the correct email address (service account vs. personal).
- Check all sites - they may be viewing a different site than the one you modified.
- Confirm the change was saved by reviewing the Team page again.
- Check for browser extensions or caching interfering with session updates.
Invitation to new site not delivered
- Verify the email address matches their existing Plausible account.
- Check spam folders and email allowlists.
- For self-hosted, review SMTP logs for delivery errors.
- Consider manually sharing the invitation URL if email fails repeatedly.