Roles and Permissions Overview

Note: This article covers new functionality for controlling Pendo user roles and permissions for all Pendo customers. For articles on the legacy version of user roles, please refer to the User Roles article and User Roles matrix article

Overview

Pendo user roles and permissions control which features users can access in Insights and Guidance. Users can have different roles applied to each app in a multi-app subscription. Roles provide more granular access to guide creation, editing, and publishing, page and feature tagging, analytics tools, sharing, and settings.

 

Requirements

  • Pendo Admin users can change roles for a user and create custom roles
  • Pro and Enterprise-tier subscriptions have access to Custom Roles

Admin and User Permissions

Users can have Admin permissions or User permissions. Admin users have full access to the entire subscription. Users have Viewer access to the entire subscription but there are settings for controlling visibility of the reports and segments at the subscription-level and any additional app-level roles.

subpermissions.png

 

subroles.png

 

Default User Roles

Application permissions manage a user's access to guides and analytics features for each of your applications in Pendo. Multiple roles can be assigned to give a user the right permissions. For example, a user could be assigned the Guide Publisher and Analyst roles to manage guide content and analytics tags without being able to create new guides. Users can have different roles for each application in your multi-app subscription. A user that only needs to create guides in one app can be a Guide Creator in one app and a Viewer in all other apps. Viewer is the default role automatically assigned to all apps for all users. This role cannot be removed.

apppermissions.png

 

approles.png

Note: Viewer is applied to all users for all apps by default. This role cannot be unassigned. Roles and permissions cannot limit data visibility. All users will be able to see all data in the subscription.

 

Custom User Roles

Custom roles allow admins in the subscription to save their own sets of permissions as new user roles in addition to the default roles provided by Pendo. There are additional more granular permissions that control the level of access to various Pendo features. When you're getting started with custom roles you may want to create a custom role for a team to easily provision those users or create roles by Pendo product area to provide deliberate access to certain features.

RPAppPermCustomRoles.png

Note: Customers in the Pro and Enterprise subscription tiers have access to Custom Roles.

 

Assign Roles to a User

Pendo admin users can assign roles when creating a new user or editing an existing user. Admins cannot edit their own roles and must be assisted by another admin in the subscription.

Users for the subscription are managed in Settings > Users.

navusers.png

 

1. Select an existing user from the user list or invite a new user.

userlist.png

 

2. Enter user details if needed.

userdetails.png

 

3. Select subscription-level roles and permissions. 

subpermissions.png

  • Admin Permissions - Full access to the entire subscription, including all features and settings
  • User Permissions  - Assign roles by app and toggle sharing with everyone or limit to personal segments and reports only.

 

4. If User Permissions is selected, select the roles for each app. Roles can be assigned to multiple apps at the same time to apply roles quickly.

Select the app(s) you're assigning roles to. Select a single app to adjust roles for only that app. Select multiple apps to adjust roles for all them at the same time.

RPSelectApp.png

 

Click on the roles(s) you want to apply or remove from the selected apps. You can apply multiple roles. Viewer is applied by default and cannot be removed.

Giving a user multiple roles gives that user any additional permissions assigned to that role. Access that is granted in one role but denied in another is granted if both roles are applied.

RPApplyRole.png

 

5. Review the applied roles.

selectedapppermissions.png

 

6. Click Save User for an existing user or Invite User for a new user to save changes.

SaveUser.png    InviteUser.png

 

Create Custom Roles

Manage custom roles on the Custom Roles tab in User Settings. Custom roles are only available to Admin users in Pro and Enterprise subscriptions.

RPCustomRolestab.png

 

1. Click + Create Custom Role to create a new custom role.

RPCreateCustomRole.png

 

2. Enter Custom Role Details.

RPCustomRoleDetails.png

 

3. Select permissions for each product area. You can pick any combination of permissions that you need for your new role. Multiple roles, custom or default, can be assigned simultaneously during user setup. You have flexibility to provision users in the way that's most convenient for you. For example, you can create roles by team to provision a single role to team members or control level of access to a product area and apply multiple roles to a user to give them only the access they need.

RPSelectCustomPermissions.png

Permissions are available for Guidance, NPS, Resource Center, Tagging & Product Setup. All users have Viewer access to Dashboard, Product, People, Behavior, and Guides, which allows them to create reports and view analytics in the subscription.

 

4. Click Save Custom Role to add the new role to your custom roles, which can be assigned when applying roles in User Permissions.

SaveCustomRole.png

 

Custom Roles Permissions List

Custom Roles can use any combination of these permissions. Giving a user multiple roles gives that user any additional permissions assigned to that role. A permission that is assigned in one role but not unassigned in another is assigned to the user if both roles are applied.

R_PCustomRolesList.png

 

Frequently Asked Questions

I'm an admin. Can I edit my own permissions?

Admins cannot edit their own permissions. Another admin in the subscription must assist. This is a best practice for role provisioning and prevents the only admin in a subscription from accidentally unassigning their own admin role.