There are three parts to managing users and access control on Clarisights. 

  1. Roles - Assigning each user to the right role that's relevant to their needs.

  2. Data Groups - Creating the right slices of data, based on which data access of users can be restricted.

  3. Teams - Assigning the right data groups to each team (more on this later) and adding users to the right teams.

Roles

Each user can be assigned to a single role on Clarisights. This role can be set while inviting the user, and can also be modified later. Note that a user can't modify his/her own role at any point.

Click here for the help article on inviting a user, and modifying his/her role on Clarisights.

Following are the roles that you can assign a user to - 

  1. Admin - Can add/remove users and control their data access, can access all the data in the company, can create/edit custom dimensions and custom metrics, can add/edit integrated data sources, can add/edit report segments.

  2. Data Manager - Can add and manage integrated accounts and data groups, in addition to viewing all data in the company.

  3. User Manager - Can add/remove users and control their data access, can access all the data in the company.

  4. Editor - Can access all the data in the company, can create/edit custom dimensions and custom metrics, can add/edit integrated data sources, can add/edit report segments.

  5. User - Can access all the data in the company.

  6. Team Member - Can view only that data for which access has been granted. This data access is controlled via ’Teams’ (more on this in the section on Teams). A Team Member can be a part of multiple teams and access all of that data together.

  7. Viewer - Can view only that data for which access has been granted. This data access is controlled via ’Teams’ (more on this in the section on Teams). A Viewer can be a part of multiple teams and access all of that data together. Cannot create reports - while all other roles can create reports at will, viewers do not have the permission to create any reports.

Access to reports on Clarisights is controlled separately for each report, and is independent of the above roles. Anyone (except Viewers) can create a report, and anyone can be given access to view/edit that report. This ensures that Team Members who have limited access to data are not constrained in any way when they’re playing around with that data or building their own reports. The data that different team members see in the same report will vary however, depending on which data they have access to.

All team members are by default logged in at the "Company" level - essentially granting them combined access to all the teams they're a part of. 

Here's an article on adding users and managing their roles on Clarisights.

Data Groups

Data Groups offer a way to logically slice and organize data into chunks, that can then be used to control access that teams have. For example, you might want to create a set of data groups, one for each country you operate in - and then use those to allow users from each country to only access the data of that country. Similarly, you could create data groups based on the channels you advertise in - Search, Social, Display, Mobile etc and only allow users from those individual teams to access the respective data.

Data groups can be created based on account level filters - essentially, each data group is a group of accounts, potentially across multiple data sources. When you are creating a data group, based on the filters you have specified, you can see a preview of which accounts will constitute that data group.

Note that you cannot add any filters apart from those at account level, while creating data groups. This means that if you're running country-specific campaigns in a single account and would like to then create data groups for different countries - that is not currently possible.

Once a data group is created, you can assign it to one or more teams. And once assigned, each of those teams will have access to the accounts that are part of that data group. Here, 'access' meaning that they will be able to see the data of those accounts in their reports. You can also assign multiple data groups to a team - in which case, that team will be able to access the data of all the accounts that are part of the multiple data groups (the 'sum' of access of the different data groups).

Here's an article on creating and managing data groups.

Teams

Teams are the organizational unit for users with the role "Team Member" in Clarisights. Each team can contain multiple team members (no limits) and each team member can be a part of multiple teams (no limits). It is not recommended to add users with roles other than "Team Member" on Clarisights - since they have access to all the data anyway and there's no additional utility in giving them access to individual chunks of data.

Here's an example to explain how Teams and Data Groups are related - 

Consider a hypothetical company X that has accounts split by country - US, UK, Germany, Canada, Australia and New Zealand. It wants to create the following 9 teams on Clarisights and give members of those teams appropriate access - 

Americas
Europe
Oceania
US
UK
Germany
Canada
Australia
New Zealand 

In such a scenario, you would create only 6 data groups based on account rules - US, UK, Germany, Canada, Australia, New Zealand. Each of these data groups would then be assigned to the respective teams as follows - 

Team --- Data Groups

Americas --- US, Canada
Europe --- UK, Germany
Oceania --- Australia, New Zealand
US --- US
UK --- UK

and so on.

Team members would then be added to those respective teams based on the quantum of access to data they need.

Here's an article on creating and managing teams.

*Note on access to data in reports - Consider the following example - 

User X is a part of Team A and has access to Data Groups 1,2,3,5
User Y is a part of Team B and has access to Data Groups 4,5,6
User Z is a part of Team A and B 

If all these users look at the same report,

X will see data of accounts belonging to 1,2,3,5
Y will see data of accounts belonging to 4,5,6
and Z will see data of accounts belonging to 1,2,3,4,5,6

Essentially, each of them can only see the data that they have access to in the report, even if the report contains all of the data in the company.

Did this answer your question?