To help you secure your workspace, Segment is launching a new access management system with more granular user roles. We designed the new system with the principle of least privilege in mind. This means that your team members can access the information and resources they need in Segment, but nothing more. 

Previously, teammates could be assigned to one of three roles: workspace owner, workspace read-only, or source collaborator for specific sources. Over time, we heard from customers that they needed more granular options. 

With the new system, you can now:

  • Control who can make changes to or view Protocols and Personas within your team with new admin and read-only roles

  • Assign admin or read-only access to specific sources or all warehouses

  • Easily audit who has access to every source, product, warehouse, and more, from a single control panel for access management

The new system and roles are now available for all customers on a Business plan. Customers on the Developer and Team plans will notice a consolidated design for access settings. 

Only give your teammates access to the products they need

When Segment launched in 2012, we offered a single API that was primarily used by engineers at startups to collect and activate customer data. Since then, we have improved our first product (Connections) and launched new products (Protocols and Personas). Today, teammates across analytics, growth, marketing, and product—in addition to engineering—have integrated Segment into their workflows. This is happening at both startups with 10 employees and global enterprises with tens of thousands of employees.

To enable more teammates to use the products they need without getting access to the rest, we’re launching admin and read-only roles for Protocols and Personas. Now, you can assign a designated owner (or owners) without exposing your entire workspace.  

Give teammates access to only Protocols or Personas.
Give teammates access to only Protocols or Personas.

Here are a few ways you can start using these new roles:

Empower your marketing team to use Personas

The new Personas roles enable you to grant admin access to only the people responsible for personalization and audience management at your company. To help you protect the privacy of your customers, only the Personas admin(s) will be able to create audiences or computed traits and download or export audience data. If you want other teammates to be able to view your audiences, you can always assign read-only access. 

Centrally manage your Tracking Plans

Assign your Central Analytics Manager, Data Engineer, or whoever is responsible for creating and managing your tracking plans admin access to Protocols. Only admins are able to create or edit tracking plans and define which data points should be allowed or blocked. You can then grant read-only access to other teammates so they can get context from your tracking plans without being able to make changes.

Check out the docs for details on all of the new roles that are available. 

Set granular permissions for each source 

To ensure teammates only have access to the sources they need, teammates can now be granted admin or read-only access to any or all of your sources and warehouses (all warehouses). Source admins will also be granted edit access to any connected streaming destinations. This enables them to make changes to the destinations connected to that source or to add new destinations.

Assign admin or read-only access to specific sources, warehouses, or products from a single UI.
Assign admin or read-only access to specific sources, warehouses, or products from a single UI.

For example, you can grant your mobile team admin access to your iOS and Android sources, but restrict access to your website source. That way, they can enable new destinations or configure settings for the sources they manage without being able to make any changes to or even view the web source. If you ever wanted your mobile team to have visibility into the web source, you could always grant them read-only access to that source in the future.

As a part of this update, your teammates have been migrated to new roles that more accurately describe their past access control. For instance, we’ve updated source collaborator to source admin because source admin is more consistent with their permissions.

Check out the docs for details on the migration or to learn how you can assign new roles. 

Get started with the new access management system today

Whether you have 100 employees or 100,000 employees, we designed the access management system to work with your organizational needs. It doesn’t matter if you have a few people who manage everything in your workspace or hundreds of distinct owners for each business unit, product line, or function. The new system gives you the flexibility you need to assign roles in a way that makes sense for your business.

This is what the new access management system looks like in Segment.
This is what the new access management system looks like in Segment.

We encourage you to evaluate your current settings and assign new roles based on your company’s needs. To get started, visit the Segment app and navigate to the Access Management section under Settings. 

For customers on a Team plan who are looking for more granular permissions, get in touch to discuss options for upgrading to a Business plan.