As organizations become more data-driven and scale their analytics tools to more team members, a common challenge they face is how to manage their team’s permissions to ensure that their Heap account stays organized with high quality content. This guide contains some best practices for achieving this goal as your team grows.
Best use of Shared and Personal Spaces
Understanding the difference between, and proper use of, shared and personal spaces in Heap is critical to maintaining a well-organized account.
For larger organizations, most of the work in Heap should be done in one’s personal space; most users should only have permissions to edit their personal spaces, and even those who have permissions to publish to the shared space should do so sparingly, and only after their content has been validated for quality.
The three permission types for keeping an account organized, and the Heap account types that correspond to them, are:
- Ability to manage the account itself (Admins)
- Ability to modify the public space (Architects, Analysts)
- Ability to only modify one’s personal space (Consumers, Read-Only)
Teammate permissions within a Heap account should be structured to limit publishing to the shared space. This ensures the shared space can be managed by experienced users who are trusted to maintain quality standards, such as:
- A consistent, organization-wide naming convention
- Events, segments, and reports organized within appropriately-named categories
- High quality event definitions
This last point in particular is important. Since analytics tools like Heap drive business decisions, it’s vital that events and segment definitions in the shared space, and the reports based on them, are vetted by experienced teammates or by the customer success team at Heap.
A Scalable Permissions Structure
All accounts should have around one to three Admins. The number of Architects and Analysts will vary by organization. In general, there should be fewer Admins than Architects, and fewer Architects than Consumers. Unless your organization is very small, the majority of users should be Consumers.
Admins: As this user type is allowed to change permissions, add new teammates, and set up integrations, the Admin’s role as master of your Heap domain is critical to keeping an account clean as it scales. Admins should be in the habit of promoting team members who will only add quality events and reports in the shared space to higher permissions tiers.
Architects: Architects can be thought of as the gatekeepers of events. Accordingly, the bar for promoting users to this permissions level should be high. They should meet all of the same requirements as an Analyst, and be thoughtful about existing event definitions. Architects should own the process behind defining new events, and have a consistent naming convention for doing so.
Analysts: As users who are able to publish to the shared space, Analysts should also be carefully selected. Requirements should include an understanding of the difference between personal and shared spaces, the correct procedure for publishing to a shared space, and a demonstrated ability to keep their personal space clean and well-organized.
Consumers: Consumers can get the most out of Heap by defining personal events and reports. They will also have access to all public events, segments, and reports in the shared space, confident that they are pre-vetted and high-quality.
Read-Only: Users at this level have access to review all shared dashboards, reports, events, properties, and segments in your Heap account, allowing them to get the information they need without modification permissions.
For a checklist of permission settings for each role, see our article on Teammates & Permissions.
Adding Individual Users vs. Adding Teams
There may be other individuals within your organization who are interested in having access to your Heap dashboard, which they can do via the Consumer role.
When it comes to adding a whole team at a time, it’s not recommended to add them all as Consumers due to the utility of having communal team resources in the shared space. In these cases, it’s best to select one team member to act as the analytics leader and grant them an Architect account while keeping everyone else as a Consumer.
Analytics leaders should be promoted on the same basis that other users with higher permissions are, i.e. a demonstrated ability to keep the shared space clean and create high-quality definitions and reports. If they are new to Heap, then they should be trained on these concepts prior to having their permissions upgraded.
Scaling Project Access and Permissions
Heap supports setting permissions by team and/or project. This allows you to set granular access control at scale. We recommend setting individual permissions according to “least privilege” across all projects, and increasing permissions for each project as appropriate. Learn how to set up project-level permissions in Managing Permissions from the Projects Page.