Roles and Permissions
Access control over your analytics data should live on your infrastructure — not in a third-party identity cloud you don’t control. HitKeep’s role-based access control (RBAC) is enforced entirely on your instance, with granular roles at both the instance level and per site.
Instance Roles
Section titled “Instance Roles”Instance roles apply across the entire HitKeep installation.
| Role | Permissions |
|---|---|
owner | Full access — users, all sites, system settings |
admin | Can view all sites; cannot modify system settings |
user | Access only to explicitly assigned sites |
Change a user’s instance role (admin only) via:
Deleting a user is blocked if that user is the last owner of any team. Transfer team ownership first, then retry the instance-level delete. This prevents orphaned teams that no one can manage anymore.
Site Roles
Section titled “Site Roles”Site roles are scoped per user, per site. A user can be a viewer on one site and an owner on another.
| Role | What they can do |
|---|---|
owner | Full site access — data, goals, funnels, team, retention settings |
admin | Manage data, goals, funnels, and team members |
editor | Create and edit goals and funnels |
viewer | Read-only access to dashboard and analytics |
Site Permission REST API Reference
Section titled “Site Permission REST API Reference”An invitation email is sent to the address. The user accepts via a link — no admin approval flow required on your end.
Service Accounts and API Access
Section titled “Service Accounts and API Access”For CI pipelines, integrations, or automated dashboards, use API Clients instead of sharing user credentials. API client tokens are bearer tokens that can be revoked individually without affecting any other user or session.
Related
Section titled “Related”HitKeep Cloud adds managed user provisioning with tenant-aware isolation and a hosted login flow, while keeping your analytics portable. Start with HitKeep Cloud →