How roles work
datakant has four roles: Owner, Admin, Manager, Viewer. They exist at two levels:
- Account level — applies across every property in the account. Available roles: Owner, Admin, Manager, Viewer. Exactly one Owner per account.
- Property level — applies to one specific property only. Available roles: Admin, Manager, Viewer.
A property-level role overrides the cascaded account-level role for that property. So a user who is Account Viewer can be promoted to Property Admin on a single property, and their access on every other property stays at Viewer. The Owner role only exists at the account level.
The matrices below show what each role can actually do. Cells marked If granted require the Owner to flip the per-user billing-access switch first; cells marked Self only mean the action is allowed on the user's own account but not on anyone else's.
Account
Account-wide actions that change ownership, identity, or settings of the entire workspace. Only the Owner can perform the destructive ones (transfer, delete); Admins can rename and view.
Users
Who can invite, remove, or change the role of other people in the account. Managers can invite at the property level only; Viewers can only edit their own profile.
Billing
Subscription, invoices, and payment-method actions. Only the Owner can grant billing access; once granted, Admins / Managers / Viewers gain the same billing capabilities marked with "If granted" below.
Properties
Creating, deleting, and configuring properties — including the tracking snippet and first-party subdomain setup. Admins manage the property roster; Managers configure properties they're assigned to.
Dashboards & data
What each role can do with the analytics output: viewing dashboards, editing layouts, and running the AI engine. Viewers get full read access (including AI queries) but cannot save or change anything.