Umami is a self-hosted, open-source analytics platform that offers privacy-focused website tracking. User management operates through a centralized system where administrators create and manage user accounts with role-based access control. Use this section to understand how to grant, modify, and revoke access for team members accessing your Umami instance.
Access Requests at a Glance
- Add User Access covers creating user accounts and assigning appropriate roles.
- Update Access & Roles explains how to modify user permissions and change role assignments.
- Remove User Access details how to delete user accounts and maintain audit trails.
How Umami Structures Access
Umami uses a straightforward role-based access control system:
- Admin - Full system access including user management, website creation, and all analytics data. Admins can create/delete users, manage websites, and access all reports. This is the highest privilege level.
- User - Standard access to view analytics for assigned websites. Users can view reports and statistics but cannot create websites, manage other users, or access system settings.
- Website-level permissions - In addition to account roles, access can be scoped to specific websites. Users typically see only websites they've been granted access to, not all websites in the Umami instance.
Since Umami is self-hosted, you control the entire installation and all user data remains on your infrastructure, providing maximum privacy and control.
Understanding Umami Access Control
Self-hosted architecture:
- You manage your own Umami server and database
- All user accounts exist in your Umami installation
- No external account dependencies or cloud services
- User management is local to your Umami instance
Role-based system:
- Admin role for system management and full access
- User role for standard analytics viewing
- Role determines system-wide capabilities
- Website access further scopes what users can see
Website-level access:
- Users are granted access to specific websites
- One user can have access to multiple websites
- Different users can see different subsets of websites
- Admins see all websites by default
Roles to Maintain
When managing Umami access, consider these role assignments:
- System Administrators - Limit Admin role to 2-3 trusted individuals who manage the Umami infrastructure, create websites, and handle user management. These users have unrestricted access to all data and system functions.
- Analytics Team - Assign User role to analysts and marketers who need to view reports. Grant them access only to relevant websites for their area of responsibility.
- Client Access - For agencies managing client analytics, create User accounts for clients with access limited to their specific website(s). Clients should never have Admin access.
- Contractor Access - Create User accounts for temporary contractors with access only to websites they're actively supporting. Remove these accounts when engagements end.
- Service Accounts - For API integrations or automated reporting, create dedicated User accounts with minimal website access required for the integration.
Add, Update, Remove at a Glance
- Add: Create new user account by providing username, password, and role (Admin or User). Then grant access to specific websites as needed. User can log in immediately with provided credentials.
- Update: Modify user's role between Admin and User, or adjust which websites they can access. Changes take effect immediately upon saving.
- Remove: Delete user account entirely. Umami removes all access instantly. Export any necessary audit information before deletion as user records are permanently removed.
Platform Notes & Practical Steps
- Self-hosted control: Since you host Umami yourself, you have complete control over user data and access patterns. This provides maximum privacy but requires you to manage user lifecycle yourself.
- No email invitations: Unlike SaaS platforms, Umami requires you to create accounts directly and share credentials securely with users. There's no automated invitation system.
- Database-level users: User accounts are stored in your Umami database. Backup your database regularly to preserve user configurations.
- Password management: You set initial passwords for new users. Implement password policies through organizational procedures since Umami has minimal built-in password requirements.
- No SSO integration: Umami doesn't natively support SSO or SAML. User authentication is handled within Umami using username/password combinations.
- API access: Umami provides API endpoints for programmatic access. API authentication typically uses the same user credentials, so manage API access through dedicated service accounts.
- Website assignment is manual: When creating users, you must explicitly grant access to each website they should see. There's no "grant all websites" option.
- Immediate changes: Role changes and website access modifications take effect immediately. Users may need to refresh their browser to see updates.
Governance Checklist
- Conduct quarterly reviews of all Admin users to ensure the role is still needed.
- Document which User accounts have access to which websites, especially in multi-client scenarios.
- Maintain records of user creation, modification, and deletion dates with business justifications.
- Regularly backup your Umami database to preserve user account data and configurations.
- Establish password policies for Umami accounts (complexity, rotation) through organizational procedures.
- Create dedicated service accounts for API integrations rather than using personal accounts.
- For contractor access, set calendar reminders to review and remove accounts when engagements end.
- Monitor Admin account activities, particularly user creation/deletion and website management actions.
Best Practices for Umami Access
- Minimal Admin accounts: Limit Admin role to essential personnel only. Most users should have standard User role.
- Website-scoped access: Grant users access only to websites they actively need. For multi-client agencies, strict website scoping is critical.
- Dedicated service accounts: Create separate accounts for automated scripts or integrations, never use personal accounts for automation.
- Secure credential sharing: Since Umami lacks email invitations, share initial credentials through secure channels (password managers, encrypted messaging), not plain email.
- Document everything: Maintain external documentation of user accounts, roles, and website assignments. Umami's UI provides limited audit history.
- Regular access reviews: Monthly review of User accounts to identify stale access from departed contractors or completed projects.
- Database backups: Regular backups preserve user configurations and provide recovery capability if accounts are accidentally deleted.
- Force password changes: Require users to change default passwords on first login through organizational policy.
Common Scenarios
New employee onboarding: Create User account with username matching company convention. Set strong initial password. Grant access to websites relevant to their role. Share credentials securely. Require password change on first login.
Client dashboard access: Create User account for client contact. Grant access only to their specific website(s). Use naming convention like "client-companyname". Share login credentials via secure method. Never grant Admin access to clients.
Contractor engagement: Create User account for contractor. Grant access to relevant client website(s) only. Document contract end date. Set calendar reminder to delete account when engagement completes.
Promote user to admin: Edit existing User account and change role to Admin. Document business justification. Brief user on new responsibilities (user management, website creation). Monitor initial admin activities.
Multi-website analyst: Create User account for analyst. Grant access to all websites they need to analyze. As new websites are added to Umami, remember to grant access manually - Umami doesn't auto-assign new websites.
Service account for reporting: Create User account with generic name like "reporting-service". Grant access to websites needed for reporting. Store credentials in secrets management system. Document which systems use this account.
Security Considerations
Admin role protection:
- Severely limit Admin access - typically 2-3 people maximum
- Monitor who has Admin role quarterly
- Never grant Admin access to external parties or clients
- Consider creating separate admin account for yourself vs. daily-use account
Password security:
- Since Umami stores passwords, ensure your Umami database is encrypted
- Implement organizational password policies (Umami has minimal built-in requirements)
- Use password manager for storing/sharing credentials
- Rotate passwords for service accounts annually
Access reviews:
- Monthly review of all User accounts, especially contractors and temporary access
- Quarterly review of Admin accounts
- Immediate review when team members depart
Database security:
- Secure your Umami database since it contains all user credentials
- Regular database backups
- Restrict database access to infrastructure admins only
- Encrypt database at rest and in transit
Compliance and Documentation
Maintain proper records for Umami user management:
- User creation log: Track when accounts were created, by whom, with what role, and business justification
- Website access mapping: Document which users can access which websites - critical for multi-client scenarios
- Role change history: Record when users were promoted to Admin or downgraded to User
- Account deletion log: Document when and why accounts were deleted, including the requestor
- Database backup schedule: Maintain regular backups that preserve user configurations
- Access review records: Document quarterly reviews showing which accounts were validated vs. removed
For agencies handling client data or regulated industries, maintain these records for your compliance retention period, typically 7 years.
Since Umami is self-hosted, you're responsible for maintaining these audit trails externally. The platform provides limited built-in audit logging compared to enterprise SaaS platforms.