Zum Inhalt springen
In HitKeep Cloud starten

HitKeep Roles and Site Permissions

Dieser Inhalt ist noch nicht in deiner Sprache verfügbar.

Access control over your analytics data should live on your infrastructure, not in a third-party identity cloud you don’t control. HitKeep’s role-based access control (RBAC) is enforced entirely on your instance, with granular roles at both the instance level and per site.

Instance roles apply across the entire HitKeep installation.

Role Permissions
owner Full access: users, all sites, system settings, system status, maintenance actions, and instance audit export
admin Can view all sites, use system status, run maintenance actions, view instance audit logs, and manage IP exclusion rules through the dedicated exclusion controls. Admins cannot perform owner-only settings actions, export instance audit logs, change retention, or use other broad site data mutation endpoints unless they also hold a site role that grants those actions.
user Access only to explicitly assigned sites

Change a user’s instance role (instance owner only) via:

Deleting a user is blocked if that user is the last owner of any team. Transfer team ownership first, then retry the instance-level delete. This prevents orphaned teams that no one can manage anymore.

The administration sidebar separates operational status from instance configuration:

  • System Status shows runtime health, storage, ingestion volume, LRU cache status, backups, spam filter state, mail delivery status, maintenance actions, and instance audit logs.
  • System Settings keeps the configuration workflows for users, sites, teams, and global filters.

These entries are shown in the sidebar only for users with the matching instance role. See System Status and Settings for the full operator reference.

Site roles are scoped per user, per site. A user can be a viewer on one site and an owner on another.

Role What they can do
owner Full site access: data, goals, funnels, team, retention settings, stats reset, site deletion, and site-level IP exclusions
admin Manage data controls, site-level IP exclusions, goals, funnels, and team members
editor Create and edit goals and funnels
viewer Read-only access to dashboard and analytics

Site-level IP exclusions are managed by site owner and admin roles through the normal site data-control permission. Instance admin users have a separate, narrow override for exclusion rules only, so they can remove operational noise without inheriting retention or ingestion mutation rights.

Resetting site stats and deleting a site require the site owner role, or an instance owner role. The stats reset flow is dashboard-session only. API client bearer tokens cannot use it.

Saved Opportunity Recommendations follow the same split:

  • users with site.view can read saved Opportunities for the site
  • users with site.manage_data can generate or regenerate Opportunities, save them, dismiss them, or mark them done
  • instance owners and admins configure the optional AI provider at the runtime level, not from a site page

When you add site access for someone who is already in the site’s team, HitKeep grants or updates the site role directly. When the person is not in the team yet, HitKeep sends an invitation email and stages the requested site role. The role becomes effective after the recipient accepts the team invite.

Existing users sign in through the normal login flow before accepting the invite. New placeholder users set a password for the invited email address and are signed in automatically. No admin approval flow is required after acceptance.

For CI pipelines, integrations, or automated dashboards, use API Clients instead of sharing user credentials. API client tokens are bearer tokens that can be revoked individually without affecting any other user or session.

API clients also govern MCP access and AI fetch ingest. MCP tokens need site.view for read-only aggregate analytics. AI fetch forwarders need site.manage_data for the site they write crawler records into.

MCP clients can read saved Opportunities when their API client token can view the site. They cannot generate Opportunities or mutate status through MCP.

HitKeep Cloud adds managed user provisioning with tenant-aware isolation and a hosted login flow, while keeping your analytics portable. Start with HitKeep Cloud →