Users & Permissions
Manage who can access Ghost Metrics and what they can do.
Overview
Ghost Metrics provides granular permission controls so you can give team members access to exactly what they need — nothing more, nothing less. This is essential for healthcare organizations where data access must be carefully controlled.
User Roles
Ghost Metrics uses a role-based permission system. Roles are assigned per website — a user can hold different roles on different sites.
Admin
Full administrative access to assigned websites. This is the highest role available on client accounts — platform-level operations are handled by Ghost Metrics support.
Can do:
- Everything Write can do, plus:
- Configure website settings (name, URLs, timezone, currency, exclusions, ecommerce)
- Invite new users and manage user roles for the websites they administer
- Manage Tag Manager containers for assigned websites
Cannot do:
- Access unassigned websites
- See or edit users who have no access to their websites
- Edit another user’s email or password
- Create or delete websites (contact support)
- Grant anyone platform-level (superuser) access — that level is reserved for the Ghost Metrics support team
Best for: Marketing managers, department leads, account owners
Write
Can create and manage measurement configuration for assigned websites.
Can do:
- Access all reports for assigned websites
- Create and edit goals, funnels, forms, experiments, heatmaps, and session recordings
- Create and edit custom reports
- Create segments
Cannot do:
- Change website settings
- Manage users
- Access unassigned websites
Best for: Marketing analysts, digital specialists
View
Read-only access to reports for assigned websites.
Can do:
- View all reports for assigned websites
- Export report data
- Create and use their own segments
- View heatmaps and session recordings
Cannot do:
- Modify any settings
- Create or edit goals, funnels, etc.
- Manage users
Best for: Stakeholders, executives, external partners, compliance officers
Inviting a New User
Users are added by invitation — you never set someone else’s password:
- Navigate to Administration (gear icon) → System → Users
- Click Invite a New User
- Enter their username and email address
- Assign their website access and role
- Send the invitation
The invitee receives an email to accept or decline. On accepting, they set their own password. Invitations expire after 7 days — pending invites show in the user list, where you can resend the email or copy the invite link to share directly.
As a site admin, you’ll see (and can invite) users for the websites you administer.
Assigning Website Access
- Go to Administration → System → Users
- Click the user to open their Permissions tab
- For each website, choose the role (View, Write, or Admin) from the dropdown
- Changes save as you make them
Per-Website Roles
A user can have different roles on different websites:
- Admin on “Main Hospital Website”
- View on “Clinic Network Roll-Up”
- No access to “Internal Dashboard”
This flexibility lets you precisely control access across your website portfolio.
Managing Existing Users
Changing Permissions
Open the user’s Permissions tab and adjust their per-site roles, or remove website access entirely.
Passwords
Users manage their own passwords. If someone forgets theirs, they can use the Lost your password? link on the login screen to reset it via email. Admins can’t set or reset another user’s password — for account-level issues (locked accounts, email changes), contact support.
Two-Factor Authentication
Every user can enable 2FA for their own account under Administration → Personal → Security — strongly recommended for healthcare organizations. If you’d like 2FA required for all users in your organization, contact support and we’ll enforce it platform-side.
Removing Access
When someone leaves your organization or no longer needs access:
- Go to Administration → System → Users
- Open the user’s Permissions tab
- Remove their website permissions
Removing permissions takes effect immediately. Deleting the account entirely is handled by Ghost Metrics support.
Recommendation: Remove access immediately when team members leave your organization.
Permission Best Practices
Principle of Least Privilege
Give users the minimum access they need:
- Start with View access
- Upgrade only when needed
- Review permissions regularly
Regular Access Reviews
Schedule periodic reviews of user access:
- Who has access to what?
- Do they still need it?
- Have roles changed?
Quarterly reviews are a good starting point.
Document Access Decisions
Keep records of:
- Why each user has access
- Who approved their access
- When access was granted
This helps with compliance audits and access reviews — and pairs well with the Activity Log, which records permission changes automatically.
Use Role-Appropriate Access
Match roles to actual job needs:
| Job Function | Recommended Role |
|---|---|
| Marketing Director | Admin |
| Marketing Analyst | Write |
| External Agency | View or Write |
| Executive | View |
| Compliance Officer | View |
Separate Personal and Shared Accounts
Each user should have their own account:
- Never share login credentials
- Individual accounts enable audit trails
- Easier to revoke access when needed
Access for External Partners
When granting access to agencies or vendors:
Create Dedicated Accounts
- One account per person, not shared agency accounts
- Use their work email addresses
- Document the business relationship
Limit Access Appropriately
- Grant View access by default
- Only grant Write if they need to configure tracking
- Avoid granting Admin to external partners unless necessary
Set Review Dates
- Note when contracts end
- Schedule access removal
- Review quarterly at minimum
Use Descriptive Usernames
Make it clear who external users are:
agency-name-firstname- Include company identifier
Audit Trail
Every important account action — logins, failed logins, permission changes, configuration edits — is recorded in the Activity Log. Each user can review their own history, and organization-wide audit extracts are available from support for compliance purposes.
Multi-Site Permission Patterns
Healthcare System with Multiple Facilities
Admin: Marketing leadership (all websites) Admin: Facility marketing managers (their facility only) View: Facility administrators (their facility only) View: Executive team (Roll-Up access)
Marketing Team Structure
Admin: Digital marketing director Write: Senior marketing analysts Write: Marketing specialists View: Content team, stakeholders
Agency Relationship
Admin: Internal team only Write: Agency team (specific websites only) View: Agency leadership (for reporting)
Requests Requiring Support
Some changes are platform-level operations handled by Ghost Metrics support:
- Creating new websites
- Deleting websites or user accounts
- Roll-Up configuration
- Enforcing 2FA organization-wide
- Organization-wide audit log extracts
Contact Support for these requests.
Troubleshooting
User Can’t Log In
- Verify the username; have them use Lost your password? to reset
- Check whether their invitation expired before they accepted (resend it)
- Contact support if the account appears locked
User Can’t See a Website
- Check the user’s Permissions tab for that website
- Verify they have at least View access
- Confirm they’re looking at the right website in the selector
User Can’t Edit Settings
- Check their role level
- View role cannot edit anything
- Write role covers goals, funnels, and measurement features
- Admin role is needed for website settings and user management
Next Steps
- Managing Websites — Configure your websites
- Activity Log — Audit trail of account actions
- Contact Support — Get help with permissions