Select Page

GA4 User Roles: Best Practices from Solopreneurs to Enterprise

by | May 20, 2025 | Uncategorized

Proper user management in Google Analytics 4 is crucial for maintaining data security, ensuring appropriate access, and preventing accidental configuration changes. This guide will help you implement role-based access control tailored to your organization’s size and needs.

Understanding GA4 Access Levels

GA4 offers four primary access levels, each with specific permissions:

1. Admin (Highest Access)

Permissions include:

  • Full control over the account, properties, and data streams
  • Manage users and their access levels
  • Configure all settings and integrations
  • Delete properties or the entire account
  • Access all reports and create explorations

Risk level: High – Admins can make irreversible changes, including property deletion.

2. Editor

Permissions include:

  • Create and edit audiences, conversions, and custom dimensions
  • Configure data streams and measurement settings
  • Link to Google Ads and other Google products
  • Create and share explorations
  • Cannot manage user access or delete properties

Risk level: Medium – Editors can change configurations that affect data collection.

3. Analyst

Permissions include:

  • Create and share explorations and reports
  • Create audiences for analysis purposes
  • View all data and reports
  • Cannot change property settings or data collection

Risk level: Low – Analysts can view data but cannot alter configurations.

4. Viewer (Lowest Access)

Permissions include:

  • View reports and dashboards
  • View (but not create) explorations shared with them
  • Cannot modify any settings or create resources
  • Access to read-only data

Risk level: Minimal – Viewers can only consume information.

User Role Implementations by Business Size

For Solopreneurs (1 person)

When you’re a team of one, role management is straightforward, but still important for security.

Recommended Structure:

  • Admin Role (1 account): Your primary Google account
  • Editor Role (optional): A separate account for day-to-day work to prevent accidental changes

Example Setup:

Admin: your-primary-email@gmail.com (used rarely, for major changes only)
Editor: your-work-email@gmail.com (used for regular analytics work)

Best Practices:

  • Use different browsers or incognito mode when accessing Admin vs. Editor accounts
  • Enable 2-factor authentication on your Admin account
  • Document your configuration decisions in a secure location
  • Consider giving a trusted advisor Viewer access for consultation

Time Investment: 30 minutes to set up

For Small Businesses (2-10 people)

With a small team, clear role delineation becomes important to prevent configuration issues.

Recommended Structure:

  • Admin Role (1-2 people): Owner/digital marketing manager
  • Editor Role (1-2 people): Marketing specialist, webmaster
  • Analyst/Viewer Role (remainder): Other marketing team members, executives

Example Setup:

Admin: marketing-director@company.com, webmaster@company.com
Editor: marketing-specialist@company.com
Analyst: content-creator@company.com
Viewer: ceo@company.com, sales-director@company.com

Best Practices:

  • Create a simple documentation sheet tracking who has what access
  • Hold a brief training session for Editors on what they can and should change
  • Schedule quarterly reviews of who needs access
  • Consider using Google Groups for easier management (e.g., “Company-Analytics-Viewers”)

Time Investment: 1-2 hours initial setup, 30 minutes quarterly maintenance

For Mid-Sized Organizations (10-100 people)

At this scale, department-based access and formal governance become necessary.

Recommended Structure:

  • Admin Role (2-3 people): Analytics manager, senior digital marketer, IT support
  • Editor Role (3-5 people): Marketing team members responsible for campaigns, web team
  • Analyst Role (5-10 people): Marketing specialists, content team, PPC specialists
  • Viewer Role (10-20 people): Executives, department heads, sales team

Example Setup:

Admin Group: analytics-admins@company.com (includes the analytics manager, senior digital marketer)
Editor Group: analytics-editors@company.com (includes campaign managers, webmaster)
Analyst Group: marketing-analysts@company.com (includes content team, SEO specialists)
Viewer Group: analytics-viewers@company.com (includes executives, sales managers)

Best Practices:

  • Implement Google Groups for each access level
  • Create a formal governance document outlining who gets what access
  • Require approval for Editor access and above
  • Conduct training sessions for each access level
  • Implement change logs for all configuration changes
  • Review access quarterly and during employee role changes
  • Create specific measurement and tagging guidelines for Editors

Time Investment: 4-8 hours initial setup, 2 hours monthly maintenance

For Enterprise Organizations (100+ people)

Enterprise implementations require formal governance structures and complex role management.

Recommended Structure:

  • Admin Role (3-5 people): Analytics team lead, data governance officer, senior marketing technologist, IT security representative
  • Editor Role (5-15 people): Digital marketing managers, regional webmasters, marketing operations team
  • Analyst Role (15-30 people): Marketing specialists by region/product, agency partners, business analysts
  • Viewer Role (30-100+ people): Department leaders, country managers, marketing teams, agency account managers

Example Setup:

Super Admin Group: analytics-governance@enterprise.com (critical changes only)
Admin Group: analytics-admins@enterprise.com (day-to-day administration)
Editor Groups: 
  - web-analytics-editors@enterprise.com
  - mobile-analytics-editors@enterprise.com
  - regional-editors-europe@enterprise.com
Analyst Groups:
  - marketing-analysts@enterprise.com
  - regional-analysts-america@enterprise.com
  - partner-analysts@enterprise.com
Viewer Groups:
  - executive-viewers@enterprise.com
  - marketing-team-viewers@enterprise.com
  - sales-viewers@enterprise.com

Best Practices:

  • Create a formal analytics governance board that meets monthly
  • Implement a ticketing system for access requests
  • Develop comprehensive documentation and training for each role
  • Require certification/training before granting Editor or Admin access
  • Implement audit logs review procedures
  • Conduct quarterly access reviews
  • Create a center of excellence for analytics knowledge sharing
  • Implement emergency access procedures with temporary elevated privileges
  • Consider custom roles via the Google Analytics API for specialized needs
  • Design workflows for tag and event approval

Time Investment: 20-40 hours initial setup, 8-10 hours monthly maintenance

Implementation Checklist

Regardless of organization size, follow these steps when implementing user roles:

  1. Audit Existing Access
    • [ ] List all current users with access
    • [ ] Document their current roles
    • [ ] Identify access that is no longer needed
  2. Define Role Framework
    • [ ] Determine who needs Admin access (minimize this number)
    • [ ] Identify who needs Editor capabilities
    • [ ] List potential Analysts who need to create reports
    • [ ] Document which stakeholders need Viewer access
  3. Create Documentation
    • [ ] Build a user access spreadsheet with names, roles, and justification
    • [ ] Document the process for requesting access changes
    • [ ] Create role-specific training materials
  4. Implement Access Structure
    • [ ] Configure Google Groups (recommended for 5+ users)
    • [ ] Assign proper access levels
    • [ ] Test access limitations
  5. Establish Maintenance Procedures
    • [ ] Set calendar reminders for access reviews
    • [ ] Create an offboarding checklist for departing employees
    • [ ] Implement change notification processes

Common Mistakes to Avoid

  1. Too Many Admins: The most common mistake is granting Admin access to too many users. Limit this to the absolute minimum necessary.
  2. Using Personal Accounts: Always use work email addresses for access, not personal emails that remain when employees leave.
  3. Neglecting Regular Audits: Access permissions should be reviewed quarterly at minimum.
  4. Sharing Login Credentials: Never share login information; always provision individual access.
  5. No Documentation: Maintain clear records of who has access and why.
  6. Skipping Training: Users with Editor or Admin access should be trained on the implications of their changes.
  7. Ignoring Governance: Even small organizations need basic governance rules for analytics.

Role-Specific Training Topics

RoleEssential Training Topics
AdminProperty configuration, data governance, security best practices, advanced troubleshooting, recovery procedures
EditorEvent configuration, audience creation, conversion setup, data stream management, Google Ads linking
AnalystExploration techniques, audience segmentation, report creation, data interpretation, dashboard development
ViewerReport navigation, dashboard interpretation, exploration viewing, asking effective questions about the data

Conclusion

Proper GA4 user role management is a foundational element of analytics governance. By implementing appropriate access levels based on your organization’s size and needs, you’ll maintain data security while ensuring team members have the access they need to perform their jobs effectively.

Remember that user management is not a one-time setup but an ongoing process that should evolve with your organization. Regular audits and clear documentation will help maintain the integrity of your analytics implementation.

Next Steps: After implementing proper user roles, consider developing a GA4 tracking plan that aligns with your organizational structure and analytics objectives.

Why a GA4 Audit is Not Enough

Why a GA4 Audit is Not Enough

by | May 20, 2025 | Uncategorized

Are you staring at your GA4 dashboard wondering where all your familiar metrics went? You’re not alone. Since Google forced the migration from Universal Analytics, countless businesses and analysts have been struggling to extract meaningful insights from what feels like an entirely new platform. But here’s the truth: conducting a traditional “audit” of your GA4 implementation might be missing the point entirely.

What you really need is a complete reonboarding experience—a fresh start that rebuilds your analytics foundation from the ground up. In this ultimate guide, we’ll walk you through every critical stage of properly reestablishing your GA4 implementation, from fundamental data retention settings to complex compliance requirements and seamless data pipeline integration. Stop patching up a broken system and start fresh with a proper GA4 reonboarding.

GA4 Reonboarding Part 1: Foundation & Basic Setup (Total time: 3-4 hours)

Introduction (5 minutes)

Welcome to the first part of our comprehensive GA4 reonboarding guide. In this section, we’ll establish a solid foundation for your GA4 implementation. Unlike a traditional audit that simply identifies issues, this reonboarding approach rebuilds your analytics from the ground up. By the end of this guide, you’ll have a properly configured GA4 property that delivers reliable data and insights.

GA4 Foundation Checklist: Information You’ll Need Before Starting

Before beginning your GA4 reonboarding process, gather the following information to ensure smooth implementation. Consider scheduling brief meetings with relevant stakeholders to collect this data:

Business Requirements (Meeting with Leadership/Marketing)

  • [ ] Key business objectives for your analytics implementation
  • [ ] Primary KPIs and conversion goals
  • [ ] List of all digital properties (websites, apps, subdomains)
  • [ ] Reporting needs and stakeholders who need dashboard access

Technical Information (Meeting with IT/Development)

  • [ ] List of internal IP addresses to filter
  • [ ] All domains requiring cross-domain tracking
  • [ ] Site search query parameters
  • [ ] Server-side capabilities assessment
  • [ ] User ID implementation possibilities
  • [ ] Existing data layer structure (if any)

Privacy & Legal Requirements (Meeting with Legal)

  • [ ] Data retention requirements for your industry/region
  • [ ] GDPR/CCPA compliance needs
  • [ ] Consent management solution in place
  • [ ] User data anonymization requirements
  • [ ] Any prohibited data collection (PII, sensitive categories)

Admin & Access Management (Meeting with Stakeholders)

  • [ ] List of all users requiring analytics access
  • [ ] Role assignments for each user (admin, editor, analyst, viewer)
  • [ ] Google Groups structure (if applicable)
  • [ ] Documentation requirements and storage location
  • [ ] Change management procedures

Integration Requirements (Meeting with Marketing Tech)

  • [ ] Google Ads account linking needs
  • [ ] BigQuery export requirements
  • [ ] Third-party tool integrations (CRM, marketing automation)
  • [ ] Data visualization tools being used
  • [ ] API access requirements

This checklist ensures you have all necessary information before beginning the implementation process. Schedule these meetings early to prevent delays during the reonboarding process.

Next Steps: Review your implementation against our checklist, document any custom

Understanding the GA4 Data Model (15 minutes)

GA4’s event-based model differs fundamentally from Universal Analytics’ session-based approach. Let’s clarify these differences:

  1. Event-Based vs. Session-Based: In GA4, everything is an event. Even pageviews are now events called “page_view.” This shift allows for more flexibility but requires a different mental model.
  2. User-Centric Focus: GA4 prioritizes users across devices and platforms rather than sessions.
  3. Parameters Instead of Categories: UA used category/action/label for events; GA4 uses events with parameters.

Action step: Review your current data needs and map how they translate to GA4’s event model. Create a simple table listing key UA metrics and their GA4 equivalents.

Account Structure Review (20 minutes)

An optimal account structure ensures clean data organization:

  1. Property Assessment: Determine if you need multiple properties (separate websites/apps) or if a single property with data streams is sufficient.
  2. Data Stream Configuration:
    • For each website, set up a web data stream
    • For each mobile app, set up an app data stream
    • For offline data, consider measurement protocol setup

Action step: Draw your ideal GA4 account structure on paper, then implement it in the GA4 interface. Go to Admin > Property > Data Streams to configure.

Data Retention Settings (5 minutes)

GA4’s default data retention is only 2 months for user-level data:

  1. Navigate to Admin > Property > Data Settings > Data Retention
  2. Change from 2 months to 14 months (maximum in standard GA4)
  3. Toggle “Reset user data on new activity” based on your needs:
    • ON: Resets the retention period when users return
    • OFF: Data is deleted after the specified period regardless of activity

Action step: Set data retention to 14 months unless you have specific privacy requirements for shorter retention.

Basic Configuration Essentials (30 minutes)

Timezone and Currency Setup (5 minutes)

  1. Go to Admin > Property Settings
  2. Set appropriate reporting time zone
  3. Set default currency for revenue reporting

Automated Link Tagging (5 minutes)

  1. Navigate to Admin > Property > Enhanced Measurement
  2. Enable “Outbound clicks” to track traffic to external sites
  3. Enable “Site search” with the correct search query parameter (often “q” or “s”)

Campaign Timeout Settings (5 minutes)

  1. Go to Admin > Property > Data Settings > Data Collection
  2. Set appropriate session timeout (default: 30 minutes)
  3. Configure campaign timeout settings:
    • Campaign timeout: 30-90 days recommended
    • Google Ads linking: If applicable

Google Signals Activation (5 minutes)

  1. Go to Admin > Property > Data Settings > Data Collection
  2. Enable Google signals to get cross-device reporting capabilities

Action step: Create a checklist of these settings and mark each as you complete them.

User Access Management & Administrative Best Practices (45 minutes)

User Access Control (15 minutes)

Proper access control is essential for data security and governance:

  1. Audit Current Users:
    • Go to Admin > Account/Property/View Access Management
    • Review all users with access to your analytics
    • Remove inactive users or those who no longer need access
  2. Role-Based Access: Assign appropriate permission levels:
    • Admin: Full control (limit to 2-3 key people)
    • Editor: Can make changes but not manage users
    • Analyst: Can create reports and annotations
    • Viewer: Read-only access to reports
  3. Google Groups Implementation:
    • Create Google Groups for different access levels (e.g., “Analytics Admins,” “Marketing Analysts”)
    • Add users to these groups rather than granting individual access
    • This simplifies management when team members change

Action step: Create a spreadsheet documenting each user, their role, and their access level. Implement access through Google Groups where possible.

Administrative Best Practices (30 minutes)

  1. Change History Monitoring:
    • Go to Admin > Account > Change History
    • Review recent changes to identify unauthorized modifications
    • Document major configuration changes
  2. Admin Account Security:
    • Enable 2-factor authentication for all admin users
    • Use a password manager for complex, unique passwords
    • Consider using a dedicated admin email that multiple authorized people can access
  3. Backup Configuration:
    • Document all critical settings in a secure location
    • Consider using the GA4 API to export your configuration
    • Create a recovery plan for account access issues
  4. Regular Access Audits:
    • Schedule quarterly reviews of all users with access
    • Verify that departed employees have been removed
    • Check that access levels still match job responsibilities
  5. Notification Settings:
    • Configure email notifications for critical alerts
    • Go to Admin > Account > Settings > Notifications
    • Assign at least two people to receive critical alerts
  6. Documentation Standards:
    • Maintain a central repository of GA4 implementation documents
    • Include naming conventions for events, parameters, and custom dimensions
    • Document decisions about configuration choices

Action step: Create an administrative calendar with scheduled tasks for account maintenance and a GA4 governance document that outlines roles, responsibilities, and documentation standards.

Internal Traffic Filters (20 minutes)

Filter out your company’s traffic to ensure clean data:

  1. Collect internal IP addresses from your IT department
  2. Create an internal traffic parameter:
    • Go to Admin > Data Streams > select your web stream
    • Click “Configure tag settings”
    • Under “Define internal traffic”, add your IP ranges

Alternatively, use Google Tag Manager to set an internal traffic parameter.

Action step: Test your internal filter by verifying in the DebugView that your own traffic is properly tagged.

Cross-Domain Tracking Setup (20 minutes)

If you have multiple domains that users move between:

  1. Go to Admin > Data Streams > select your web stream
  2. Click “Configure tag settings”
  3. Under “Configure your domains”, add all domains you want to track together
  4. Enable “Allow automatic cookie updates across domains”

Action step: Test cross-domain tracking by navigating between your domains and confirming in DebugView that the same client ID is maintained.

Enhanced Measurement Toggles (15 minutes)

GA4 offers automatic tracking of common events:

  1. Go to Admin > Data Streams > select your web stream
  2. Click “Enhanced Measurement” (toggle on/off as needed):
    • Page views (keep on)
    • Scrolls (recommended on)
    • Outbound clicks (recommended on)
    • Site search (on if you have search functionality)
    • Video engagement (on if you have embedded videos)
    • File downloads (on if you offer downloadable content)

Action step: Create a document explaining which enhanced measurements are enabled and why.

Basic GA4 Debugging Techniques (30 minutes)

Verify your implementation is working correctly:

  1. DebugView Setup:
    • Install the Google Analytics Debugger Chrome extension
    • Or add “?debug_mode=1” to your URL to enable debugging
  2. Real-Time Reports:
    • Go to Reports > Realtime
    • Visit your website in another tab to verify data collection
  3. Event Validation:
    • Check that essential events like page_view appear in DebugView
    • Verify parameters are correctly formatted

Action step: Create a testing protocol document that outlines the steps to validate your implementation. Include screenshots of successful debug output.

Conclusion (5 minutes)

Congratulations! You’ve completed the foundation of your GA4 reonboarding. These settings form the backbone of reliable analytics data. In Part 2, we’ll build on this foundation by implementing a comprehensive event tracking strategy using Google Tag Manager.