Managing user permissions and access in Google Tag Manager (GTM) is crucial to ensure that the right people have the appropriate level of access to your GTM containers. Proper user management helps maintain security, streamline workflows, and ensure that only authorized personnel can modify critical tags, triggers, and settings.
Here’s a step-by-step guide on how to manage user permissions and access in Google Tag Manager:
Step 1: Access the GTM Admin Panel
To start managing user permissions, you must first have administrative access to your GTM account. Here’s how to access the admin panel:
- Log in to Google Tag Manager: Go to tagmanager.google.com and sign in with your Google account.
- Select Your GTM Account and Container: In the GTM interface, choose the account and container where you want to manage user permissions.
Step 2: Navigate to User Management
Once you’ve selected the right account and container, follow these steps to access user management:
- Click on Admin: In the left-hand sidebar of GTM, click on the Admin tab. This takes you to the admin panel where you can configure container settings, manage versions, and handle user permissions.
- Select User Management: Under the Account or Container column, click on User Management. This section allows you to manage user access for the selected container or account.
Step 3: Add a New User
To grant a new user access to your GTM account or container, follow these steps:
- Click on the + icon: In the User Management section, click on the + button to add a new user.
- Enter the User’s Email Address: A prompt will appear to enter the email address of the user you want to add. You’ll need their Google account email (usually a Gmail address) to grant them access.
- Choose Access Level: Once you enter the email, select the level of access you wish to provide the user. You have the following options:
- Container Permissions: This will apply the permissions to a specific container. Choose from the following roles:
- No Access: The user has no access to the container.
- Read: The user can view the container’s configuration but cannot make changes.
- Edit: The user can make changes to the container, including creating, editing, and publishing tags, triggers, and variables.
- Approve: The user can approve changes, typically within a workflow where changes must be reviewed before they’re published.
- Publish: The user can publish changes to the live website and approve tags. This permission is usually given to administrators or trusted users who manage the live environment.
- Account Permissions: If you’re managing user permissions at the account level (for all containers), you can apply different permissions:
- No Access: The user has no access to any container in the account.
- Read: The user can view the entire account and all containers.
- Edit: The user can edit the account-level settings and container-level permissions but cannot publish changes.
- Admin: The user has full administrative access to the account and can add, remove, and manage users, as well as edit container settings.
- Container Permissions: This will apply the permissions to a specific container. Choose from the following roles:
- Send Invitation: Once you’ve selected the appropriate permissions, click Invite. The user will receive an email invitation to join the GTM account/container with the specified permissions.
Step 4: Modify Existing User Permissions
To modify the permissions of an existing user, follow these steps:
- Select the User: In the User Management section, find the user whose permissions you want to modify. You can search for their email address or browse the list.
- Edit Permissions: Click on the user’s name, and you’ll see their current permissions. You can change the permissions as needed (e.g., from Read to Edit or Publish). You can also remove specific access levels if necessary.
- Save Changes: After modifying the permissions, click Save to apply the changes.
Step 5: Remove a User from GTM
To remove a user’s access from your GTM account or container:
- Select the User: In the User Management section, find the user you want to remove.
- Click on the Trash Icon: Beside the user’s name, click on the trash can icon to delete them from the account/container.
- Confirm Removal: You will be asked to confirm the removal. Once confirmed, the user will no longer have access to the container or account.
Step 6: Manage Access Using Google Groups (Optional)
If your organization uses Google Groups for teams, you can manage user access by assigning group-level permissions. This can help simplify user management, especially for large teams.
- Create a Google Group: In your Google Admin console, create a Google Group and add the users you want to grant access to.
- Assign Group Access in GTM: When adding users to your GTM account, instead of adding individual email addresses, you can add a Google Group email address. All members of the group will inherit the permissions granted to the group.
Step 7: Set Up Approval Workflow (Optional)
If you want to have an approval workflow in place, Google Tag Manager allows you to set up a process where Approvers review and approve changes before they are published.
- Set Up Approvers: In the User Management section, assign Publish or Approve permissions to users who should be able to review and approve changes before they go live.
- Create Versions and Request Approval: Users with Edit permissions can create versions, but to publish those versions, they’ll need approval from someone with Publish permissions.
- Monitor Approvals: In GTM, you can track the approval process through the Versions tab, where you can see which versions have been submitted for approval and which have been approved.
Best Practices for Managing User Permissions
- Limit Access: Avoid granting unnecessary permissions, especially at the Publish or Admin level, unless absolutely necessary. This reduces the risk of accidental changes or misconfigurations.
- Use Role-Based Access: Assign roles based on the user’s responsibilities. For example, marketing team members might only need Read or Edit permissions, while developers or trusted team members may require Publish access.
- Regular Audits: Periodically review and audit user access, particularly for people who may no longer need access (e.g., former employees or contractors). Regular audits help ensure that only the right people have access to sensitive settings.
- Use Google Groups for Large Teams: For teams with many users, using Google Groups can simplify user management, as permissions can be set at the group level rather than individually.
Conclusion
Proper user management in Google Tag Manager ensures that your team can work efficiently and securely, while also reducing the risk of mistakes and unauthorized changes. By using the Admin panel to assign and modify user roles, you can ensure that each user has the appropriate level of access based on their responsibilities. Regularly auditing and maintaining user access is essential for secure and streamlined tag management.