Update User Access

Use this procedure to modify existing user permissions when responsibilities change, access scope needs adjustment, or role requirements evolve.

Prerequisites

Before updating user access, confirm:

• You have Owner or Admin role permissions
• You understand the difference between Admin (full dashboard control) and Viewer (read-only) roles
• You've determined the new access level or website scope required
• The change is documented with business justification (role change, project expansion, security adjustment, etc.)
• The user has been informed of the upcoming permission change

Step-by-Step: Update User Permissions

1. Access Team Management

1. Log into Simple Analytics with Owner or Admin credentials
2. Navigate to Settings → Team
3. Locate the user whose access needs modification in the team list

2. Document Current State (Before Making Changes)

Before modifying permissions, capture the current configuration:

1. Screenshot the user's existing role and website access
2. Note their current role (Owner, Admin, or Viewer)
3. For Viewers, document which websites they currently access
4. Record why the change is needed
5. Store this in your access control documentation

3. Edit User Permissions

1. Click the Edit button or user's name in the team list
2. The user permissions dialog opens showing current settings

To change user role:

1. Select the new role from the dropdown: Admin or Viewer
2. Understand the implications:
   • Upgrading to Admin: User gains ability to configure tracking, manage goals, and invite team members
   • Downgrading to Viewer: User loses configuration access, becomes read-only

To modify website access (Viewer roles only):

1. Review the list of websites/properties
2. Check boxes for websites the user should access
3. Uncheck boxes for websites to remove from their access
4. Admins automatically see all websites - to restrict website access, first downgrade to Viewer

4. Save and Verify Changes

1. Click Save or Update Permissions
2. Verify the user appears in the team list with updated role/access
3. Changes take effect immediately - user may need to refresh their browser

5. Confirm with User

1. Notify the user that their permissions have changed
2. Ask them to log out and log back in to ensure changes are applied
3. Verify they can access the expected dashboards and features
4. For role upgrades, confirm new capabilities are working (e.g., can access Settings for new Admins)
5. For downgrades or restrictions, verify they cannot access removed areas

After Update: Documentation Steps

Update access records:

• Document the permission change date, old role/access, new role/access, and justification
• Add entry to your access change log or audit trail
• Update any responsibility matrices or team documentation

Verify dependent systems:

• Check if the user has API keys that may be affected by role changes
• Review any automated reports or integrations linked to this user
• Confirm custom dashboards are still accessible with new permissions

Communicate changes:

• Inform stakeholders if this user's role change affects project support
• Update team contact lists if responsibilities shifted
• Brief the user on any new capabilities (upgrades) or restrictions (downgrades)

Common Update Scenarios

Promoting Viewer to Admin

Situation: Team member initially given read-only access now needs to configure tracking and manage settings.

Process:

1. Verify the user has completed any required training on Simple Analytics configuration
2. Document business justification (e.g., "promoted to Analytics Manager role")
3. Edit user and change role from Viewer to Admin
4. User automatically gains access to all websites in the account
5. Brief user on new responsibilities: tracking management, goal configuration, team invitations
6. Monitor their initial configuration changes to ensure proper use of new privileges

Downgrading Admin to Viewer

Situation: User's role changed and they no longer need configuration access.

Process:

1. Document why downgrade is needed (role change, security review, etc.)
2. Ensure critical configurations managed by this user are documented or transferred
3. Edit user and change role from Admin to Viewer
4. Select specific websites they should continue to access (or all if appropriate)
5. Save and verify user can still view dashboards but cannot access Settings
6. Notify user of the change and explain they retain read-only access

Expanding Website Access for Viewer

Situation: Viewer initially granted access to one client property now needs access to additional websites for expanded project scope.

Process:

1. Confirm which additional websites should be added
2. Document the project expansion or business reason
3. Edit user permissions and check additional website boxes
4. Save and verify user can now see the new websites in their dashboard
5. Notify user which new properties they can now access
6. Update project documentation to reflect expanded scope

Restricting Website Access for Viewer

Situation: Contractor's project concluded for one client property but continues for another.

Process:

1. Identify which websites should be removed from access
2. Verify the user no longer needs data from those properties
3. Edit user permissions and uncheck the website boxes for completed projects
4. Save and confirm user can no longer access removed websites
5. Export any final reports from removed websites for user's records before restricting
6. Update contract documentation to reflect reduced scope

Temporary Privilege Elevation

Situation: Viewer needs brief Admin access for specific configuration task, then should return to Viewer role.

Process:

1. Document the specific task requiring Admin access and expected duration
2. Upgrade user to Admin temporarily
3. Set calendar reminder for when to downgrade back to Viewer
4. Monitor the user's configuration activities during elevated access
5. Downgrade back to Viewer once task is complete
6. Document the temporary elevation period in audit trail

Troubleshooting Update Issues

Changes Don't Take Effect

Symptoms: User reports they still see old permissions after update.

Solutions:

1. Verify changes were saved (check team list shows updated role)
2. Have user log out completely and log back in
3. Clear browser cache or use incognito/private mode to test
4. Verify you edited the correct user (check email address)
5. Wait a few minutes - some changes may have brief propagation delay

User Lost Access After Downgrade

Symptoms: After downgrading Admin to Viewer, user cannot access any dashboards.

Solutions:

1. Verify you selected at least one website during the downgrade
2. Viewers with zero websites selected have no access
3. Edit user again and check appropriate website boxes
4. Save and have user refresh their browser

Cannot Change Owner Permissions

Symptoms: Unable to modify the account Owner's role.

Solutions:

1. The account Owner role cannot be changed or removed through normal team management
2. To transfer ownership, use account settings or contact Simple Analytics support
3. Only one Owner is allowed per account
4. If you need to restrict Owner access, consider organizational policy rather than platform controls

Update Affects API Access

Symptoms: User's API integrations stopped working after role change.

Solutions:

1. API keys persist regardless of role changes, but permissions may be affected
2. Verify API key still exists and is valid
3. Check if role change affected data access needed for the API integration
4. May need to regenerate API key with appropriate permissions
5. Review Simple Analytics API documentation for role-based access requirements

Best Practices for Access Updates

Regular access reviews:

• Conduct quarterly reviews of all team member permissions
• Verify each user's role still matches their current job responsibilities
• Identify and downgrade or remove access that's no longer needed

Principle of least privilege:

• Default to Viewer role and upgrade only when Admin capabilities are genuinely required
• Limit website access to only properties relevant to each user's work
• Regularly audit Admin users to ensure the elevated role is still necessary

Change management:

• Always document why access is being changed
• Capture before and after states for audit trail
• Notify users before making changes when possible
• Verify changes worked as intended

Temporary elevations:

• Use time-limited Admin upgrades for specific tasks
• Set reminders to downgrade after task completion
• Document the temporary elevation period
• Consider whether the task could be performed by a permanent Admin instead

Communication:

• Inform users before changing their permissions
• Explain new capabilities (upgrades) or restrictions (downgrades)
• Provide training or documentation for users receiving new privileges
• Follow up to ensure users understand their updated access

Security Considerations

When updating user access, maintain security best practices:

• Justify all upgrades: Require documented business need before elevating to Admin
• Regular downgrades: Review Admin users quarterly and downgrade those who no longer need elevated privileges
• Audit before changing: Document current state before modifying permissions
• Verify identity: For privilege escalations, confirm the request came from the legitimate user through trusted channels
• Monitor new admins: Watch configuration changes made by recently upgraded Admin users
• Limit Owner access: Keep Owner role extremely limited - typically one or two trusted individuals

Compliance Documentation

For each access update, maintain these records:

• Change date and time: When permissions were modified
• Old permissions: Screenshot or description of previous role and website access
• New permissions: Screenshot or description of updated role and website access
• Business justification: Why the change was needed
• Requestor: Who requested the change
• Approver: Who approved and implemented the change
• Verification: Confirmation that changes took effect as intended

Store update records according to your compliance retention requirements, typically 7 years for regulated industries.