Skip to main content

Members and roles

Managing your project's members and assigning roles - admin, user or viewer

Updated today

Role-based access control

This article explains Role-Based Access Control in Factors: what each role can do, when to use each role, and how to choose the right level of access.

Roles at a glance

Factors projects support three roles:

  • Admin

  • Full access across the project

  • Manages billing, add-ons, and security settings

  • Can also do everything a User can do

  • User

  • Day-to-day collaborator role

  • Can create and edit work in the project

  • Cannot manage billing/add-ons/security

  • Viewer (View-only)

  • Can view everything that’s enabled in the project

  • Cannot create, edit, delete, or change settings

What each role can do

Admin

Admins have full control of the project.

  • Can

  • Do everything a User can do

  • Create and manage reports and analyses (Dashboards, Path Analysis, Attribution, Explain)

  • Manage security settings (for example: SSO/SAML, SSO enforcement, 2FA controls)

  • Manage billing and add-ons

  • Connect, disconnect, and configure integrations (for example: Slack, OpenAI, HubSpot, Salesforce, Google Ads)

  • Manage automations (Workflows and Event Alerts)

  • Manage project configuration (Touchpoint Definitions, Custom Definitions, Attribution settings, Account Configurations)

  • Manage Accounts and Segments (including creating/updating segments)

  • Manage AdPilot integrations and syncs (LinkedIn Audience Sync, LinkedIn CAPI, Google Enhanced Conversions, Google Audience Sync)

  • Promote other members to Admin

  • Best for

  • Project owners and people responsible for billing/security.

User

Users are standard collaborators who can work inside the project.

  • Can

  • Create and manage reports and analyses (Dashboards, Path Analysis, Attribution, Explain)

  • Create, edit, and delete dashboards

  • Create, edit, and delete queries

  • View and manage Accounts and Segments (create/edit/delete segments)

  • Create, edit, and manage automations (Workflows and Event Alerts)

  • Set up and manage AdPilot integrations and syncs (LinkedIn Audience Sync, LinkedIn CAPI, Google Enhanced Conversions, Google Audience Sync)

  • Connect, disconnect, and configure integrations (for example: Slack, OpenAI, HubSpot, Salesforce, Google Ads)

  • Manage project configuration (Touchpoint Definitions, Custom Definitions, Attribution settings, Account Configurations)

  • Update general project settings (non-security)

  • Invite/remove members (depending on your plan/limits)

  • Assign roles like User and Viewer

  • Cannot

  • Change security-critical settings (like SSO/SAML, forced SSO, or 2FA controls)

  • Make someone an Admin

  • Manage billing upgrades and add-ons

  • Best for

  • Everyday contributors who build dashboards, queries, and workflows.

Viewer (View-only)

Viewers are “read-only” members of a project. This is the safest role for people who need visibility but should not be able to change anything.

  • Can

  • View reports and analyses (Dashboards, Path Analysis, Attribution, Explain)

  • View dashboards and analysis

  • Download reports

  • View saved queries

  • View Accounts and Segments (including existing saved segments)

  • View automations (Workflows and Event Alerts)

  • View AdPilot integrations and sync status (LinkedIn Audience Sync, LinkedIn CAPI, Google Enhanced Conversions, Google Audience Sync)

  • View integrations and connection status (for example: Slack, OpenAI, HubSpot, Salesforce, Google Ads)

  • View project configuration (Touchpoint Definitions, Custom Definitions, Attribution settings, Account Configurations)

  • View project settings (visibility only)

  • View the member list

  • Cannot

  • Create, edit, or delete reports or analyses

  • Create, edit, or delete dashboards

  • Create, edit, or delete queries

  • Create, edit, or delete segments

  • Create, edit, enable/disable, or delete automations (Workflows and Event Alerts)

  • Set up, edit, publish, pause/resume, or delete AdPilot integrations or sync rules

  • Connect, disconnect, or change integration settings

  • Change project configuration (Touchpoint Definitions, Custom Definitions, Attribution settings, Account Configurations)

  • Change project settings

  • Invite/remove members or change roles

  • Perform actions that change billing or security configuration

In the product, viewers will typically see edit actions disabled or be blocked if they try to take an action that would change the project.

How to invite someone or change a member’s role

You can assign a role when you invite someone, or update their role later.

  1. Go to your project’s Settings

  2. Open Members

  3. Choose one of the following:

  • Invite a new member: Click Invite Users, enter their email, then select a role (Admin, User, or Viewer) and send the invite.

  • Change an existing member’s role: Find the member in the list and update their role to Admin, User, or Viewer.

Note: Promoting someone to Admin is typically restricted to existing Admins. Some integrations and advanced integration settings may also be restricted to Admins.

FAQs

  • Can a Viewer “break” anything?

  • No. Viewers can’t make changes to dashboards, queries, settings, billing, or security.

  • Can a User make someone an Admin?

  • No. Only Admins can promote someone to Admin.

  • Can a Viewer see sensitive settings (like SSO configuration)?

  • Viewers can typically view project settings, but only Admins can change security-related settings.

Did this answer your question?