Gtmhub uses role-based access control to determine the different level of user permissions. There are 3 default roles that are build in each Gtmhub account - Admin, Data, Hcm (Human Capital Management), and User.
The Admin role has access to view and manage all parts of Gtmhub account which includes inviting users, creating and managing roles, teams, integrations, etc.
Users assigned the Data role can access Insightboards and manage Insightboards, Insights, Data, Setup, and Data Sources.
The User role has a more limited set of permissions - it can view and manage objectives and insight boards and view the People module.
The Hcm has the same permission level as the User one but some additional options are added so this role can also manage the People module.
By default each new user invited to a Gtmhub account will be assigned to the User role.
Build-in roles cannot be deleted.
Create custom roles
If you need to provide more limited access to users, for example, to ensure they can only view Objectives but not manage or update them, you can create a custom role and provide it the necessary set of permissions.
Here's how to do that:
- Go to Settings > Users > Manage Roles
- Click the Add new role button
- Type in the Role name > Save
- Set permissions to this role
Assign roles to the users
You can assign roles to users either individually or in bulk.
To set a role for a user:
- Go to Settings > Users
- Pick a user and click on the name
- Choose the User role you want this user to take
To set a role for a group of users:
- Go to Settings > Users > Bulk Select
- Select Users
- Change Role > choose roles
- Apply roles
To create a new role, you must be an account administrator.
Gtmhub exposes the following permission sets:
Whether the users in this role can access and preview Insightboards
Whether the users can create, edit or delete Insightboards
Whether the users can create, edit or delete Insights
Whether the users can create, edit or delete data
Whether the users in the role can browse Goals
Access Private Goals
Whether the users in the role can browse private goals
Whether the users in the role can create, edit (assign, change) Goals
Whether the users in the role can access (browse) the configuration settings under Setup tab
Whether the users in the role can manage (edit, create, delete) Insights, Entities, Data Sources
Whether the users in the role can manage (edit permissions, delete, invite) other user profiles
Whether the users can manage users, roles and general configurations
Manage Planning Sessions
Whether the users in the role can create, edit or delete Planning Sessions
Whether the user in the role can access (browse) people module
Whether the user in the role can manage teams, their managers and hirarchy in the people module
Whether the user in the role can manage billing settings for the whole account
Manage Data Sources
Whether the user in the role can create, update and delete data sources and the corresponding entities which in turn affects insights and metrics
Manage API Tokens
Allows viewing, creation and revocation of API tokens on the behalf of the interacting user. Only administrators can manage tokens for all users
Allows viewing, creation and removing of badges
Allows posting announcements
Manage Users Invitations
Whether the user in the role can send user invitations
Whether the user in the role can create, edit and modify announcements
Whether the user in the role can access conversations
Whether the user in the role can create, edit and modify conversations
Whether the user in the role can view feedback
Manage Feedback Topics
Whether the user in the role can manage and post public topics
Create Feedback topics
Whether the user in the role can create topics