This guide covers all of the default permissions for each of the five roles in Heap along with steps to customize these permissions and create custom roles for your teammates.
If you haven’t done so already, we recommend reviewing Plan Your Data Governance Strategy to familiarize yourself with the three general approaches to data governance. Thinking through your data governance strategy will guide you when deciding on roles and permissions for your team.
To invite new teammates to Heap, navigate to Account > Manage > Teammates and click the Add Teammates button at the top.
In the pop-up that appears, provide your new teammates email addresses, assign them a role, choose an initial Environment, then click Send Invites.
They’ll receive an email invite to join your Heap workspace. Note that this email invite expires a month from when it’s sent.
Unless your role has the Change User Permissions setting enabled, you cannot invite someone to a role that has permissions that you do not have.
Not sure what role your new team member should have? Read on for an overview of the default roles and permissions in Heap and steps to create custom roles to suit your organizational structure.
When you invite new team members to Heap, you’ll be prompted to select their role. It’s important to understand the permissions associated with each role, and how these roles work within the structure of your team, to make the best choices for your team members.
By default, Heap provides five different roles with varying degrees of access within the product. These permissions define what team members can and cannot do in the app. See the permissions table below for a full overview of the different levels of access each role has.
|Export Query Results||✓||✓||✓||✓||✓|
|Get Emailed Reports||✓||✓||✓||✓||✓|
|Create Personal Reports||✓||✓||✓||✓||✓|
|Create Personal Events||✓||✓||✓||✓|
|Create Shared Reports||✓||✓||✓|
|Create Shared Events||✓||✓||✓|
|Modify Event Definitions||✓||✓||✓|
|Sync Events to Heap Connect||✓||✓|
|Change User Permissions||✓|
|Add Custom User Roles||✓|
|Create New Projects||✓|
|Manage Security Settings||✓|
Admins can also create custom roles, rename existing roles, and delete unused roles in Heap. This allows you to customize your roles to fit your organization.
Custom roles are only available for customers on the Business plan. To upgrade, contact your Customer Success Manager or firstname.lastname@example.org.
Creating Custom Roles
To create a new custom role, navigate to Account > Manage > Roles. From this page, click the + Add Role button in the top right.
On the page that appears, set a name, description, and default permission set for your custom role. You’ll have the option to customize this later, this is just a starting point.
Click Add at the bottom. This will take you back to the list of roles. Click on the role you just created to pull up the role details.
On this page, click the checkmark and X icons to the left of each permission to toggle it as enabled or disabled for this role.
Last but not least, click the Save button at the top to update this role.
Renaming Existing Roles
To rename existing roles, navigate to Account > Manage > Roles. From this page, click on the role you’d like to rename to pull up the role details.
Click on the name field, enter your new name for this role, then click the Save button at the top.
Deleting Unused Roles
Note that you can’t delete a role that is currently assigned to one or more team members. To update those team members’ roles, see the Changing Permissions section below.
To delete a role, navigate to Account > Manage > Roles. From this page, click on the role you’d like to delete to pull up the role details.
Click the trash icon at the top of the role details screen.
To change your teammates permissions, navigate to Account > Manage > Teammates, click the team member whose role you’d like to update, then adjust the permissions by clicking on them.
You can also set role-based permissions by clicking on a teammate. This will open up the teammate editor panel, where you can select a new permission level.
For practical advice on how to structure these roles to support a large-scale organization, see Team Permissions That Scale.