Introduction
FullStory's user management system allows you to control who can access your organization, what they can see, and what actions they can perform. Whether you're a startup with a small team or an enterprise with hundreds of users, understanding roles and permissions is essential for secure, efficient collaboration.
Understanding Organizations
An Organization in FullStory is your top-level account that contains all your data, settings, and users.
Key characteristics:
- Billing is managed at the organization level
- All users belong to the organization
- Data from all websites/apps is contained within the organization
- Organization-level settings apply to all users and data
User Roles & Permissions
FullStory offers four distinct user roles with different permission levels:
Admin
Full administrative control over the organization.
Permissions:
- Manage billing and subscription
- Add and remove users
- Assign roles to users
- Create and delete segments
- Configure privacy settings
- Manage integrations
- Access all session replays and data
- Create and modify dashboards
- Export data
- Delete the organization
Who should have this role:
- Company founders or executives
- Primary account administrators
- Operations managers
- Senior product managers with full oversight
Limit: Restrict Admin role to 2-5 trusted individuals in larger organizations.
Developer
Technical access with privacy configuration capabilities.
Permissions:
- Access all session replays and data
- Configure privacy and data masking rules
- Create and modify segments
- Create and modify dashboards
- Use developer tools (DevTools integration, API access)
- Implement FullStory tracking code
Cannot:
- Manage billing or subscription
- Add or remove users
- Assign roles
- Delete the organization
Who should have this role:
- Frontend developers
- Technical product managers
- Data engineers
- DevOps/platform engineers
User
Standard access for viewing and analyzing data.
Permissions:
- Access all session replays and data
- Create and modify segments
- Create and modify dashboards
- Share sessions and insights
- Use Omnisearch
- View analytics and funnels
Cannot:
- Manage users or billing
- Configure privacy settings
- Access developer tools
- Modify organization settings
Who should have this role:
- Product managers
- UX designers
- UX researchers
- Data analysts
- Marketing managers
- Customer support managers
Viewer
Read-only access for observing insights.
Permissions:
- View session replays
- View shared dashboards
- View shared segments
- Search sessions (limited)
Cannot:
- Create or modify segments
- Create or modify dashboards
- Configure any settings
- Manage users
- Export data
Who should have this role:
- Executive stakeholders
- External consultants (temporary access)
- Clients (for agencies)
- Junior team members in training
- Cross-functional stakeholders who need visibility
Summary Table
| Action | Admin | Developer | User | Viewer |
|---|---|---|---|---|
| Manage billing | ||||
| Add/remove users | ||||
| Configure privacy | ||||
| Developer tools | ||||
| Create segments | ||||
| View sessions | ||||
| Create dashboards | ||||
| Export data | ||||
| Delete org |
Access Control Best Practices
Principle of Least Privilege
Grant users the minimum access level they need to do their job.
Examples:
- Marketing analyst viewing landing page data → Viewer
- UX designer creating segments and analyzing sessions → User
- Product lead managing privacy settings → Developer
- Operations manager handling billing → Admin
Regular Access Audits
Review user access quarterly:
- Remove users who have left the company
- Downgrade access for users who changed roles
- Verify external contractor access is still needed
- Check that Admin role is limited to appropriate individuals
Temporary Access for Contractors
When granting access to external contractors:
- Use Viewer or User role (never Admin)
- Set a calendar reminder to review access after project completion
- Require NDAs for contractors with access to customer data
- Remove access immediately after project ends
Protect Admin Role
- Limit Admin role to 1-3 trusted individuals
- Use strong passwords and enable two-factor authentication
- Document who has Admin access
- Transfer ownership carefully if team changes
Team Collaboration Features
Sharing Sessions
All users can share session replays via:
- Direct links: Copy session URL and share
- Email: Send session directly from FullStory
- Slack/Teams: Share to channels via integrations
- Embed: Embed session replay in docs or tickets (with player)
Permissions:
- Shared links work for anyone with access to the organization
- External sharing can be disabled in organization settings
Comments & Annotations
Team members can add notes to sessions:
- Timestamp-specific comments
- Highlight issues or insights
- Tag teammates for review
- Create a conversation thread
Available to: User role and above (Viewers cannot comment)
Saved Searches & Segments
Save common analyses for team collaboration:
- Create segments for user cohorts
- Save searches for recurring analyses
- Share segments with team members
- Use segments in funnels and dashboards
Available to: User role and above
Dashboards
Build and share dashboards:
- Combine metrics, funnels, and session lists
- Share dashboards with stakeholders
- Schedule email reports
- Embed dashboards in other tools
Available to: User role and above
User Limits by Plan
FullStory plans have different user seat limits:
| Plan | Max Users |
|---|---|
| Business | 5-10 seats (varies by contract) |
| Advanced | 10-25 seats |
| Enterprise | Unlimited (or custom limits) |
Note: Check your specific plan details in Settings > Subscription.
Managing Access for Different Scenarios
Scenario 1: Small Startup Team
Team:
- 1 Founder
- 1 Product Manager
- 2 Engineers
- 1 Designer
Recommended Structure:
- Founder: Admin (billing + full access)
- Product Manager: User (analyze + create segments)
- Engineers: Developer (implement + configure privacy)
- Designer: User (analyze sessions + create segments)
Scenario 2: SaaS Company
Team:
- Engineering team (10 people)
- Product team (5 people)
- Marketing team (3 people)
- Support team (5 people)
- Executives (3 people)
Recommended Structure:
- Engineering Lead: Admin
- Frontend Engineers: Developer
- Product Managers: User
- UX Designers: User
- Marketing Analysts: User
- Support Agents: User
- Executives: Viewer
Scenario 3: Agency Managing Client Sites
Team:
- Agency staff (8 people)
- Multiple clients (each needs visibility)
Recommended Structure:
- Agency Owner: Admin (billing + full control)
- Agency Analysts: User (analyze all client data)
- Agency Developers: Developer (implement for clients)
- Client stakeholders: Viewer (read-only access)
Note: For agencies, consider creating separate organizations per client if you need stricter data isolation.
Scenario 4: Enterprise Company
Team:
- Multiple product teams (50+ people)
- Shared analytics team (5 people)
- Executive stakeholders (10 people)
- External consultants (3 people, temporary)
Recommended Structure:
- Analytics Lead: Admin
- Product Managers: User
- UX Researchers: User
- Engineers: Developer
- Data Analysts: User
- Executives: Viewer
- External Consultants: Viewer (revoke after project)
Security Best Practices
Account Security
Enable Two-Factor Authentication (2FA):
- Recommended for all users
- Required for Admin and Developer roles
- Reduces risk of account compromise
Use Strong Passwords:
- Minimum 12 characters
- Mix of letters, numbers, symbols
- Unique to FullStory (no password reuse)
- Use a password manager
Review Login Activity:
- Monitor for suspicious logins
- Verify team member access is legitimate
- Set up alerts for failed login attempts
Data Access Controls
Limit Admin Roles:
- Only grant Admin to users who truly need it
- Regularly review Admin list
- Document who has Admin access and why
Remove Departed Employees Immediately:
- Disable access on last day of employment
- Transfer ownership of created content if needed
- Revoke API keys and integrations
Use Viewer Role for External Stakeholders:
- Never grant Admin to clients or contractors
- Viewer provides visibility without risk
- Set calendar reminders to review external access
Compliance Considerations
- Ensure team members understand data privacy responsibilities
- Limit access to sessions containing sensitive user data
- Document who has access to user data
- Implement data retention policies
Internal Policies:
- Align FullStory access with company data governance policies
- Require NDAs for contractors with data access
- Maintain audit trail of access changes
- Conduct regular privacy training for users
Common User Management Tasks
Adding a New Team Member
See: Add User Access
Quick Steps:
- Go to Settings > Users
- Click Invite User
- Enter email address
- Assign role
- Send invitation
Changing User Role
See: Update Access
Quick Steps:
- Go to Settings > Users
- Find user in list
- Click role dropdown
- Select new role
- Save changes
Removing a Team Member
See: Remove Access
Quick Steps:
- Go to Settings > Users
- Find user in list
- Click Remove
- Confirm removal
Troubleshooting Access Issues
User Can't See Data
Possible Causes:
- User has Viewer role (limited search capabilities)
- Privacy settings restrict what user can see
- User not properly added to organization
Solution:
- Verify user's role is appropriate for their needs
- Check privacy settings
- Re-send invitation if needed
User Can't Create Segments
Possible Causes:
- User has Viewer role (read-only)
Solution:
- Upgrade user to User role or higher
Invitation Email Not Received
Possible Causes:
- Email in spam folder
- Typo in email address
- Email server blocking FullStory
Solution:
- Check spam/junk folders
- Verify email address is correct
- Resend invitation
- Contact FullStory support if persistent
Next Steps:
- Add User Access - Invite team members
- Update Access - Change user roles
- Remove Access - Remove team members
Additional Resources: