Set project-level user permissions in Amplitude Experiment
Experiment project-level permissions let Amplitude admins manage access to Experiment separately from Analytics permissions. Use project-level permissions when you want to:
- Prevent analytics team members from releasing features through Experiment.
- Prevent product development team members from affecting data taxonomy or key dashboards and charts in Analytics.
- Allow all team members to keep higher permission levels in their primary apps.
Project-level user permissions in Experiment are only available to Growth or Enterprise customers.
Set project-level user permissions in Experiment
- In Experiment, select Permissions. The Experiment Permissions page opens to the Joined Users tab.
- In the Search field, type the name or email of the user. Then select the checkbox next to the user's name. The actions above the table become selectable.
- Select Manage Project Access to search for the project where you want to adjust permissions.
- From the dropdown that shows the current permission level for the selected user, select the updated access level. Then select Next.
- To confirm the changes, select Submit.
Flag-level access controls
Flag-level access controls let you decide which Experiment users can change specific flags or experiments.
When you turn on flag-level access controls, users in your organization can't save changes to a restricted flag or experiment unless you designate them as an editor for that item.
Default access for new flags and experiments
Set the default access for new flags and experiments to a restricted list of editors, or to all users in your organization. An organization-wide setting controls this default. Go to Experiment > Permissions > Organization Settings to change the setting.
Only users with the admin role can change this setting.
The default makes new flags and experiments editable by all users in your organization. After you create a new flag or experiment, you can manually restrict access to that item.
If you change the default so that new flags and experiments are viewable instead of editable, only editors can change new flags and experiments. Remove this restriction after you create the flag or experiment.
If you create a flag or experiment through the Management API, the item defaults to editable regardless of the organization setting.
Manage access to flags and experiments
To edit the list of approved editors, navigate to [flag or experiment] > More Actions > Manage Access. From this page, add individual users, or specify that all users in your organization can edit the flag.
After you grant a user editor permissions to your flag, Amplitude Experiment checks permissions and verifies that the user's role has edit access. For example, if you assign a user the viewer role and later add the user as an editor to your flag, the user can't save changes until you give the user a role with editing privileges.
Users get a notification when you add them as an editor to a flag or experiment. To control your notification settings, go to Personal settings > Notifications > Updates about my experiments.
Bypass access restrictions
Use one of the following methods to change a restricted flag or experiment when no editor users are available:
- Admin users can edit restricted flags and experiments, even when admins aren't on the list of editors.
- Use the management API to edit all flags and experiments, regardless of the item's restricted access.
Permissions matrix
The following tables describe the permissions included with each permission level.
Role-based Access Controls (RBAC)
For Enterprise organizations that use Role-based Access Controls (RBAC), refer to the available Experiment Roles and Permissions.
| Viewer | Member | Manager (Project) | Admin (Org) | |
|---|---|---|---|---|
| Deployments | Read | Read/Write | Read/Write | Read/Write |
| Activate | Read | Read/Write | Read/Write | Read/Write |
| Variants | Read | Read/Write | Read/Write | Read/Write |
| Allocation | Read | Read/Write | Read/Write | Read/Write |
| Analysis | Read | Read/Write | Read/Write | Read/Write |
| Metrics | Read | Read/Write | Read/Write | Read/Write |
| Experiments and Flags | Viewer | Member | Manager (Project) | Admin (Org) |
|---|---|---|---|---|
| Read | Y | Y | Y | Y |
| Create | Y | Y | Y | |
| Edit | Y | Y | Y | |
| Delete | Y | Y | Y |
| Deployments | Viewer | Member | Manager (Project) | Admin (Org) |
|---|---|---|---|---|
| Read | Y | Y | Y | Y |
| Create | Y | Y | Y | |
| Edit | Y | Y | Y | |
| Delete | Y | Y | Y |
| Mutual Exclusion Groups | Viewer | Member | Manager (Project) | Admin (Org) |
|---|---|---|---|---|
| Read | Y | Y | Y | Y |
| Create | Y | Y | Y | |
| Edit | Y | Y | Y | |
| Delete | Y | Y | Y |
| Users | Viewer | Member | Manager (Project) | Admin (Org) |
|---|---|---|---|---|
| Add user to a project | Y | Y | ||
| Edit project role | Y | Y | ||
| Add user to organization | Y | |||
| Edit organization role | Y |
| Other | Viewer | Member | Manager (Project) | Admin (Org) |
|---|---|---|---|---|
| View Project API Key | Y | Y | Y | Y |
Was this helpful?