Simple Analytics User Management

Manage user roles, permissions, and team access in Simple Analytics — step-by-step admin guide.

Simple Analytics offers a straightforward team collaboration system focused on privacy-first analytics. Use this section to understand how to grant, modify, and revoke access for team members working with your Simple Analytics dashboards and data.

Access Requests at a Glance

Add User Access covers inviting team members and assigning appropriate permissions.
Update Access & Roles explains how to modify user permissions and adjust dashboard access.
Remove User Access details how to revoke access and maintain audit trails.

How Simple Analytics Structures Access

Simple Analytics uses a clean, privacy-focused permission model:

Owner - Full administrative control including billing, team management, and all dashboard features. The account creator has owner status by default.
Admin - Can manage dashboards, view all data, and invite users but cannot access billing or delete the account.
Viewer - Read-only access to dashboards and reports. Cannot modify settings or invite others.

Unlike complex enterprise analytics platforms, Simple Analytics deliberately keeps permissions simple to reduce administrative overhead while maintaining security.

Dashboard and Website Access Control

Access can be configured at different levels:

Account-level access - Users with Admin or Owner roles can access all websites in the account.
Per-website access - Viewers can be granted access to specific websites rather than the entire account.
Dashboard sharing - Individual dashboards can be shared via secure links without requiring user accounts.

This granular approach allows you to grant limited access to contractors or clients while maintaining control over sensitive properties.

Roles to Maintain

When managing your Simple Analytics team, consider these role assignments:

Account Owner - Limit to one or two trusted individuals who handle billing and critical account decisions. This role cannot be removed and should align with your organization's financial responsibility chain.
Team Admins - Assign to team leads who need to configure tracking, manage custom events, and invite new team members. Suitable for your analytics manager or technical lead.
Dashboard Viewers - Appropriate for stakeholders, clients, or contractors who need to see data but should not modify configurations. Use per-website access to limit scope.
API Access - Simple Analytics provides API keys for data export. Treat these as service accounts with separate credential management.

Add, Update, Remove at a Glance

Add: Invite users via email with the appropriate role (Admin or Viewer). For Viewers, specify which websites they can access. Confirm the user accepts the invitation and appears in the team list.
Update: Change user roles through the team management interface. When switching between Admin and Viewer, verify the user's access to specific websites is configured correctly.
Remove: Delete users from the team when their access is no longer needed. Simple Analytics immediately revokes all permissions. Export team audit data before removal for compliance records.

Platform Notes & Practical Steps

Privacy-first approach: Simple Analytics does not track personal data, so user management focuses on team collaboration rather than data protection compliance. However, team access still constitutes privileged access to business metrics.
Invitation system: All team additions require email invitation. Users must accept via email before gaining access. Track invitation acceptance to ensure team members have actually received access.
No SSO complexity: Simple Analytics uses straightforward email/password authentication. While this simplifies management, enforce strong password policies through your team guidelines.
API credentials: API keys are separate from user logins. When team members leave, audit and rotate any API keys they may have used in integrations or exports.
Email verification required: New users must verify their email addresses. Follow up on pending invitations to ensure access is activated.
Website-specific permissions for Viewers: When inviting Viewers, explicitly select which websites they can access. This prevents inadvertent exposure of internal or client data.

Governance Checklist

Conduct quarterly reviews of all team members with Admin access to ensure role assignments still match responsibilities.
Document which team members have access to which websites, especially when managing multiple client properties in one account.
Maintain a record of when users were added and removed, including the business justification (project start/end, role change, etc.).
Store API keys in a secure credential management system with clear ownership labels. Rotate keys when team members change roles or leave.
Verify that email addresses for team invitations are current and belong to authorized personnel.
Export the team member list monthly and archive it with your access control documentation.
Establish a process for immediate access revocation when team members depart or change roles.
For shared contractor accounts, use a dedicated service account email rather than individual addresses to simplify handoffs.

Best Practices for Simple Analytics Access

Principle of least privilege: Start new team members as Viewers and elevate to Admin only when configuration access is genuinely needed.
Separate concerns: Use distinct accounts or API keys for automated integrations versus human users.
Audit trail: Simple Analytics tracks team changes in the activity log. Reference this log during access reviews.
Client access: When granting client access to their data, use Viewer role with website-specific permissions to prevent cross-contamination.
Onboarding efficiency: Create a standard invitation template that includes your password policy, MFA recommendations, and support contacts.
Offboarding checklist: When removing users, verify they have not created any API keys or custom integrations that would persist after account removal.

Common Scenarios

Contractor engagement: Invite contractor with Viewer role limited to relevant client websites. Set calendar reminder for access removal based on contract end date.

Team expansion: Add new analyst as Viewer initially. After training period and verification of need, upgrade to Admin if they will manage tracking implementations.

Client dashboard access: Create Viewer account for client with access only to their specific website(s). Share login credentials via secure channel, not email.

Temporary access for audit: Invite external auditor as Viewer with time-limited access. Remove immediately after audit completion and document the access period.

Role change: When team member moves from analytics to another department, downgrade from Admin to Viewer or remove entirely based on ongoing need.

Service account for exports: Create dedicated account with Viewer access for automated reporting tools. Store credentials in secrets manager with clear ownership.

返回顶部