Add a User to Plausible | OpsBlu Docs

Add a User to Plausible

How to invite team members and grant access to Plausible Analytics. Covers role assignment, permission levels, API key generation, and onboarding best.

Invite the collaborator to Plausible using this workflow. Plausible uses a straightforward, site-level permission model that makes access management simple while maintaining security.

Understanding Plausible User Roles

Plausible offers two primary roles at the site level:

Administrator

Full control over the site including:

  • View all analytics data and reports
  • Configure goals, custom events, and conversions
  • Manage integrations (Google Search Console, email reports, Slack)
  • Add or remove team members
  • Modify site settings including domain configuration
  • Delete the site entirely
  • Access and manage custom properties
  • Configure funnels and custom segments

Use Administrator access when the collaborator needs to:

  • Set up or modify conversion tracking
  • Configure new goals or custom events
  • Integrate third-party services
  • Provide implementation or debugging support
  • Manage team access during engagements

Viewer

Read-only access to analytics with the ability to:

  • View all dashboard data and reports
  • Export data to CSV
  • Create and save custom reports
  • Access historical data within retention limits
  • View real-time visitor data

Cannot:

  • Modify site settings or goals
  • Invite or remove team members
  • Change integrations
  • Delete or modify custom events
  • Access API credentials

Use Viewer access when the collaborator only needs to:

  • Generate reports for clients
  • Monitor analytics performance
  • Provide data analysis support
  • Create presentations or dashboards

Prerequisites

  • List the Plausible sites (domains) the collaborator should access.
  • Confirm whether you want to grant Administrator or Viewer rights based on engagement scope.
  • Gather the collaborator's service account email (must be a valid email address).
  • Ensure you have Administrator privileges for each site where you plan to grant access.
  • If using Plausible self-hosted, verify your SMTP configuration is working for invitation emails.
  • Review your contract to confirm the site falls within the agreed engagement scope.

Send the Invitation

  1. Sign in to Plausible and navigate to the site dashboard you want to share.
  2. Click Settings → Team from the site menu.
  3. Review the current team list to confirm the collaborator doesn't already have access.
  4. Choose Invite team member and enter the collaborator's service account email.
  5. Select the desired role:
    • Administrator if the collaborator should manage goals, integrations, or custom events.
    • Viewer for read-only reporting and analysis support.
  6. Click Send invitation to dispatch the invite email.
  7. Document the request in your IAM tracker with the site domain, role, date, and ticket reference.
  8. Repeat the process for each additional site the collaborator should access.

Managing Multiple Sites

If the collaborator needs access to multiple Plausible sites:

  1. Complete the invitation process for each site individually (Plausible manages permissions per-site, not globally).
  2. Consider documenting site-to-role mappings in your access tracker to maintain clarity.
  3. Use consistent role assignments across sites unless specific circumstances require different permissions.
  4. For large site portfolios, create a spreadsheet tracking which collaborator accounts have access to which sites.

After Inviting

Immediate Steps

  • Confirm the invitation appears under Pending invitations in the Team section.
  • Verify the email address is correct to avoid delays in acceptance.
  • Share the invitation details with the collaborator's project lead.

Communication to Collaborator

Provide the following information:

  • The site domain(s) they've been granted access to
  • The role assigned (Administrator or Viewer)
  • Any VPN or IP allowlist requirements if your Plausible instance is restricted
  • Instructions to check spam folders if the invitation email doesn't arrive within 15 minutes
  • Link to your internal onboarding documentation

Follow-Up

  • Monitor pending invitations and follow up if not accepted within 48 hours.
  • Once accepted, verify the user appears in the active team member list.
  • Update your access log with the acceptance date and confirmation.
  • Schedule a review date if the access is temporary or project-based.

Self-Hosted Plausible Considerations

If you manage a self-hosted Plausible instance:

Email Configuration

  • Ensure your SMTP server is properly configured in the Plausible environment variables.
  • Test outbound email using the Plausible admin panel before sending invitations.
  • If email delivery fails, manually generate invitation links from the database and share them securely.

Database Access

  • For self-hosted deployments, you can manually add users via the PostgreSQL database if necessary.
  • Always prefer the web UI for user management to maintain audit trails.
  • Document any database-level changes in your system logs.

Server-Level Access

  • Granting Plausible site access is separate from SSH or server-level access.
  • Never share server credentials for analytics access - always use site-level invitations.
  • If the collaborator needs server access for deployment or debugging, manage that through your infrastructure team separately.

API Access Considerations

Plausible provides API access for programmatic data retrieval:

  • API keys are separate from site team access and must be generated per site.
  • If the collaborator needs API access, generate a key after they accept the site invitation.
  • Document API key creation in your security log.
  • Set API key expiration dates aligned with engagement timelines.
  • Rotate API keys when team membership changes or at least quarterly.

Troubleshooting

Invite not delivered

  • Verify the email address is spelled correctly.
  • Ask your email team to allowlist @plausible.io (for cloud) or your self-hosted domain.
  • Check spam and quarantine folders.
  • Resend the invitation from the Team settings page.
  • For self-hosted, verify SMTP logs for delivery errors.

Collaborator can't find site after accepting

  • Confirm the invitation was sent from the correct site dashboard.
  • Verify the collaborator is logged in with the email address that received the invitation.
  • Check that the site hasn't been deleted or domain changed since sending the invite.
  • Ensure the collaborator refreshed their dashboard after accepting.

Wrong site or role assigned

  • Cancel the pending invitation from the Team page.
  • Re-send from the correct site with the appropriate role.
  • If already accepted, change the role or remove access and re-invite if necessary.

Multiple Plausible accounts conflict

  • The collaborator may have personal and service accounts; ensure they log in with the correct one.
  • Plausible ties access to email addresses, not names, so verify the exact email used.
  • If confusion persists, remove all invitations and start fresh with a clearly documented service account.

Self-hosted invitation failures

  • Verify the Plausible container has network access to your SMTP relay.
  • Check environment variables for BASE_URL, MAILER_EMAIL, and SMTP settings.
  • Review Docker or system logs for email sending errors.
  • Test email configuration using a simple test invitation to your own address first.

Security Best Practices

  • Use dedicated service account emails rather than personal addresses.
  • Review team membership quarterly and remove inactive accounts.
  • Grant minimum necessary permissions - start with Viewer and elevate only when needed.
  • Document the business justification for Administrator access in your IAM tracker.
  • If using self-hosted Plausible, ensure TLS is enabled for all connections.
  • Implement IP allowlisting or VPN requirements for sensitive client sites.
  • For temporary engagements, set calendar reminders to review and remove access after project completion.

Compliance and Audit Requirements

  • Capture screenshots of the Team page showing the pending invitation.
  • Log the invitation in your IAM tracker with requester name, approval reference, and date.
  • Retain invitation acceptance confirmations for compliance audits.
  • If GDPR or data processing agreements apply, ensure the collaborator's access is documented in your data processing records.
  • For client sites, confirm the invitation aligns with master service agreement terms.

After granting access, the collaborator may need:

  • Site-specific goal and event configurations
  • Custom property definitions
  • Funnel or segment documentation
  • API documentation if programmatic access is required
  • Integration credentials for Google Search Console or other connected services
शीर्ष पर वापस जाएँ