Identity & Access Management Overview

Improved access management is rolling out to all customers in March and April 2019, and might not be available in your workspace yet. See the changelog below for more information.

Access management lets workspace owners manage which users can access different parts of their Segment workspaces.

Access is scoped to a workspace. A Segment user is associated with one or more workspaces, either as an owner or member of each. Users access their Segment account with either email/password credentials, or by using Single Sign On.

Owners manage all aspects of the workspace, and members can have access to specific products and resource types.

Source adminProtocols adminPersonas admin
Source read-onlyProtocols read-onlyPersonas user
Warehouse adminPersonas read-only
Warehouse read-only

Check out the Roles documentation for more details.

You can grant Source roles to specific resource instances (for example you could give a member Source admin access for the iOS Prod source only) or to all current and future instances. A user with access to all current and future instances can also create new instances.

The other roles apply to all resource instances within the product area (Warehouses, Tracking Plans, Pesonas Audiences/Traits). These roles will become more granular very soon.


The access management system documented here is rolling out to all customers during March and April 2019. You’ll receive an email once your workspace has been migrated.

As a part of this update, your teammates will be migrated to updated roles with access rights that are equivalent to what they had previously. While the role names may have changed, the access levels remain the same:

Existing user roleNew user roleChange in access
Workspace ownerWorkspace ownerNo changes
Workspace read-onlyWorkspace read-only teammates will be granted access to the following roles:
  • Source read-only (all Sources and connected streaming Destinations)
  • Warehouse read-only (all warehouses)
  • Protocols read-only *
No change
Source collaboratorSource adminNo longer able to invite other users

* If product is available in your workspace

The main difference is that we’ve consolidated all users in the same place, so you will no longer have to manage source collaborators in each source. That also means source collaborators can no longer invite other users.

If you have any questions, or see anywhere we can improve our documentation, please let us know!