How to add a new user in Google Analytics, Google Search Console and Google Ads

Why add users instead of sharing credentials?

If you need to give account access to someone – a new team member, agency partner, or third-party supplier – it is much better to give them their own direct access than to share your login credentials. This approach provides numerous advantages for security, accountability, and management.

Benefits of proper user management

• Enhanced security: Each person has their own login credentials linked to their Google account
• Granular permissions: Control exactly what each user can see and do
• Audit trail: Track who made what changes and when
• Easy removal: Instantly revoke access when someone leaves or roles change
• Professional collaboration: Multiple team members can work simultaneously without conflicts
• Compliance: Meet data protection and business governance requirements

In this comprehensive guide, we'll walk you through the exact steps to add users to Google Analytics 4, Google Search Console, and Google Ads, including the latest interface updates and best practice recommendations.

Security and best practice considerations

Before diving into the technical steps, it's important to understand the security implications and best practices for user management across Google's platforms.

Essential security principles

• Principle of least privilege: Grant only the minimum access needed for each person's role
• Regular access reviews: Quarterly audits of who has access and whether it's still needed
• Email verification: All users must have valid Google accounts with verified email addresses
• Documentation: Maintain records of who has access and why
• Immediate revocation: Remove access immediately when team members leave

Common access management scenarios

• Internal team members: Full access appropriate to their role (marketing, analytics, management)
• External agencies: Limited access focused on their specific responsibilities
• Contractors and freelancers: Time-limited access with specific permissions
• Stakeholders and executives: View-only access to reports and dashboards
• Auditors and compliance: Read-only access with data restrictions as needed

Google account requirements

All users must have a valid Google account to access these platforms. This can be:

• Personal Gmail accounts (@gmail.com)
• Google Workspace accounts (custom domain)
• Google accounts created with non-Google email addresses

Important note: Email groups cannot be added as users – each person needs their own individual Google account.

Google Analytics 4 user management overview

Google Analytics 4 provides sophisticated user management capabilities with two levels of access control: account level and property level. Understanding these levels is crucial for proper access management.

Account vs property level access

Account level access is the highest level of permission in GA4. Users with account-level access can:

• Manage all properties within the account
• Create and delete properties
• Manage account-wide settings and data sharing
• Add, remove, and modify user permissions
• Link with Google Ads, Search Console, and other platforms

Property level access restricts users to specific GA4 properties. This allows users to:

• Configure property-specific settings
• Manage data streams for that property
• Create audiences and conversions
• View and analyse reports for that property only
• Set up goals and custom dimensions

When to use each access level

• Account level: Senior marketing managers, analytics directors, trusted agency partners managing multiple sites
• Property level: Project-specific team members, junior analysts, external consultants working on specific websites

GA4 user roles and permissions

GA4 offers five distinct user roles, each designed for different responsibilities and security requirements.

Administrator

Full control over GA4 functions and user management.

• Manage all account and property settings
• Add, remove, and modify user permissions
• Configure data sharing and privacy settings
• Link and unlink other Google products
• Access all reports and data
• Manage data streams and tracking configuration

Best for: Marketing directors, analytics managers, trusted agency leads

Editor

Broad permissions to manage settings and configure properties.

• Configure tracking and data collection
• Create and modify audiences, goals, and custom dimensions
• Access all reports and create custom reports
• Manage data streams and enhanced measurement
• Cannot manage users or high-level account settings

Best for: Marketing specialists, senior analysts, technical implementers

Analyst

Advanced analysis capabilities without configuration access.

• Create, modify, and share custom reports and explorations
• Access all standard and custom reports
• Create and share audiences (but not modify tracking)
• Export data and create dashboards
• Cannot modify account settings or tracking configuration

Best for: Data analysts, marketing researchers, report creators

Marketer

Marketing-focused access for campaign analysis and optimisation.

• View and analyse data for marketing campaigns
• Create audiences for advertising
• Access standard reports and some customisation
• Set up and modify conversion goals
• Cannot modify tracking settings or manage users

Best for: Digital marketers, campaign managers, advertising specialists

Viewer

Read-only access to reports and data.

• View all reports and dashboards
• Export data and create basic reports
• Cannot make any changes to settings or configuration
• Cannot create audiences or modify goals

Best for: Executives, stakeholders, junior team members, clients

How to add users to Google Analytics 4

Follow these step-by-step instructions to add users to your GA4 property with the appropriate permissions.

Step 1: Access the admin panel

1. Go to analytics.google.com and sign in with your Google account
2. Ensure you're in the correct GA4 property (check the property selector at the top)
3. Click the Admin gear icon in the bottom-left corner

Step 2: Navigate to access management

1. In the Admin panel, choose either:
   • Account Access Management (for account-level access)
   • Property Access Management (for property-level access)
2. You'll see a list of current users and their permissions

Step 3: Add a new user

1. Click the blue "+" (plus) button in the top-right corner
2. Select "Add users" from the dropdown menu
3. A sidebar will appear for user configuration

Step 4: Configure user details

1. Enter email address: Type the user's Google account email address
2. Enable notifications: Check "Notify new users by email" to send them an invitation
3. Select role: Choose from Administrator, Editor, Analyst, Marketer, or Viewer
4. Set data restrictions: Optionally restrict access to cost or revenue data

Step 5: Complete the addition

1. Review your selections carefully
2. Click "Add" to create the user
3. The user will appear in your user list
4. If notifications are enabled, they'll receive an email invitation

Verification and testing

After adding a user:

• Check that they appear in the user list with correct permissions
• Ask them to log in and verify they can access the appropriate sections
• Test that data restrictions are working if applied
• Document the access grant in your user management records

GA4 data restrictions and privacy controls

GA4's 2025 data restriction features allow you to control access to sensitive business information while maintaining collaboration capabilities.

Available data restrictions

• No cost metrics: Hides advertising spend, cost-per-click, and other cost-related data
• No revenue metrics: Conceals purchase revenue, average order value, and monetisation data
• Both restrictions: Removes access to both cost and revenue information

When to use data restrictions

• External agencies: Prevent competitors from seeing your advertising spend
• Junior team members: Focus on performance metrics rather than financial data
• Contractors: Limit access to sensitive business intelligence
• Stakeholders: Provide performance insights without financial details

Applying data restrictions

1. During user creation, scroll to the "Data restrictions" section
2. Select appropriate restrictions based on the user's role
3. Remember that restrictions can be added but not easily removed if inherited
4. Document restrictions in your user management procedures

Google Search Console user management overview

Google Search Console has evolved significantly in 2025, with enhanced user management features that provide better control over ownership and permissions.

Search Console access structure

Google Search Console organises access around properties (websites or domains) with different types of users:

• Owners: Full control over the property
• Users: Limited access based on permission level
• Associates: Indirect access through linked services

2023-2025 user management updates

Recent updates to Search Console include:

• Distinction between verified and delegated owners
• Easier removal of verified owners without token management
• Ability to change delegated owner permission levels
• Visibility of verification tokens for all users
• Ownership event history tracking

GSC user roles and permissions

Google Search Console provides a clear hierarchy of access levels designed for different use cases and security requirements.

Owner (verified)

Complete control over the Search Console property.

• Add and remove all other users
• Configure all property settings
• Submit and manage sitemaps
• Handle manual actions and security issues
• Access all data and reports
• Verify ownership through website tokens

Best for: Website owners, senior developers, primary administrators

Owner (delegated)

Owner-level access granted by a verified owner.

• Same permissions as verified owners
• Cannot grant ownership to others
• Can be removed by verified owners
• No website verification required

Best for: Senior team members, trusted agency partners, technical leads

Full user

Comprehensive access to data with some action capabilities.

• View all reports and data
• Submit URLs for indexing
• Request crawling of updated pages
• View and submit sitemaps (but not add new ones)
• Cannot manage other users
• Cannot modify major settings

Best for: SEO specialists, content managers, marketing team members

Restricted user

View-only access to most data and reports.

• View performance reports
• Access coverage and enhancement data
• Cannot submit URLs or sitemaps
• Cannot take any actions in the account
• Limited access to some sensitive data

Best for: Stakeholders, clients, junior team members, content writers

How to add users to Google Search Console

Adding users to Google Search Console requires owner-level access and follows a straightforward process.

Prerequisites

• You must be a verified or delegated owner of the property
• The user must have a valid Google account
• You need to know the exact email address associated with their Google account

Step 1: Access your property

1. Go to search.google.com/search-console
2. Sign in with your Google account
3. Select the property you want to add users to from the property selector

Step 2: Navigate to user settings

1. Click "Settings" in the left sidebar (bottom of the menu)
2. Click "Users and permissions" in the settings panel
3. You'll see a list of current users and their permission levels

Step 3: Add new user

1. Click the blue "Add user" button in the top-right corner
2. A popup window will appear for user configuration

Step 4: Configure user permissions

1. Enter email address: Type the user's Google account email
2. Select permission level: Choose from:
   • Owner (delegated)
   • Full user
   • Restricted user
3. Review your selection carefully

Step 5: Complete the addition

1. Click "Add" to create the user
2. The user will immediately appear in your user list
3. They will automatically have access when they log into Search Console
4. No email notification is sent (unlike GA4)

User access verification

After adding a user:

• The property will appear in their Search Console account when they log in
• Verify they can access appropriate reports based on their permission level
• Test that restricted users cannot access sensitive functions
• Document the access grant in your records

Understanding ownership vs user access

Google Search Console's ownership model is unique among Google's platforms and requires special understanding for proper management.

Verified ownership

Verified ownership requires proving control of the website through:

• HTML file upload: Uploading a verification file to your website
• HTML tag: Adding a meta tag to your site's homepage
• DNS record: Adding a TXT record to your domain's DNS
• Google Analytics: Using existing GA tracking code
• Google Tag Manager: Using existing GTM container

Delegated ownership

Delegated ownership is granted by verified owners without requiring website access. This is ideal for:

• Team members who need full control but don't manage the website code
• Agency partners who require comprehensive access
• Technical consultants working on SEO projects

Important ownership considerations

• Minimum requirement: Every property must have at least one verified owner
• Token management: Removing verification tokens revokes verified ownership
• Access inheritance: If the only verified owner leaves, the property becomes inaccessible
• Security risk: Multiple verification methods can create multiple entry points

Google Ads user management overview

Google Ads provides comprehensive user management with five distinct access levels designed for different roles and security requirements.

Google Ads access philosophy

Google Ads user management is built around:

• Account-level permissions: All access is granted at the account level
• Invitation-based system: Users receive email invitations to join
• Flexible access control: Permissions can be easily modified or revoked
• Time-limited access: Optional expiration dates for temporary access
• Manager account integration: Supports agency and multi-account management

Integration with other Google services

Google Ads user management integrates with:

• Google Analytics for conversion tracking
• Google Search Console for keyword data
• Google My Business for local campaigns
• Manager accounts (MCC) for agency management
• Google Workspace for enterprise billing

Google Ads access levels

Google Ads offers five access levels, each tailored for specific roles and responsibilities within advertising management.

Admin access

Complete control over all account features and user management.

• Create, edit, and manage all campaigns
• Access all reports and billing information
• Add, remove, and modify user permissions
• Link and unlink manager accounts
• Configure account settings and preferences
• Manage payment methods and billing details

Best for: Account owners, senior marketing managers, trusted agency leads

Standard access

Comprehensive campaign management without user administration.

• Create and manage campaigns, ad groups, and ads
• View detailed performance reports
• Access and modify bidding strategies
• Manage keywords and targeting options
• Cannot manage users or billing information
• Cannot link manager accounts

Best for: Campaign managers, PPC specialists, marketing team members

Read-only access

View-only access to campaigns and performance data.

• View all campaigns and performance reports
• Access account settings (view only)
• Cannot make any changes to campaigns
• Cannot access billing information
• Can export data and create reports

Best for: Analysts, stakeholders, clients, junior team members

Billing access

Specialised access for financial and billing management.

• View and edit billing information
• Manage payment methods and settings
• Access billing reports and invoices
• Cannot create or modify campaigns
• Limited access to performance data

Best for: Finance team members, accounting departments, billing administrators

Email-only access

Receive notifications and reports without account access.

• Receive automated email reports
• Get account notifications and alerts
• Cannot log into the Google Ads account
• No direct access to campaigns or data

Best for: Executives, external stakeholders, report recipients

How to add users to Google Ads

Adding users to Google Ads requires admin-level access and follows a structured invitation process.

Step 1: Access account administration

1. Go to ads.google.com and sign in to your Google Ads account
2. Click the "Admin" icon in the bottom of the left navigation menu
3. Select "Access and security" from the admin menu

Step 2: Navigate to user management

1. Ensure you're on the "Users" tab
2. You'll see a list of current users with their access levels
3. Review existing permissions before adding new users

Step 3: Initiate user addition

1. Click the blue "+" (plus) button above the user list
2. A user configuration panel will appear

Step 4: Configure user details

1. Enter email address: Type the user's Google account email
2. Set access expiration (optional): Choose an expiry date or select "Never" for permanent access
3. Select access level: Choose from Admin, Standard, Read-only, Billing, or Email-only
4. Review permissions: Ensure the access level matches their role requirements

Step 5: Send invitation

1. Click "Send invitation" to create the user
2. The user will appear under "Pending invitations" until they accept
3. They'll receive an email invitation with acceptance instructions
4. You'll be notified when they accept the invitation

Invitation management

After sending invitations:

• Track pending invitations: Monitor who hasn't accepted yet
• Revoke if needed: Cancel invitations before acceptance
• Resend invitations: If the original email is lost
• Set reminders: Follow up on outstanding invitations

Access verification

Once users accept invitations:

• Verify they can log in successfully
• Test that their access level provides appropriate permissions
• Confirm they can access required reports and functions
• Document the access grant in your user management records

Managing and removing users across platforms

Proper user lifecycle management includes not just adding users, but also modifying permissions and removing access when needed.

Editing user permissions

Google Analytics 4

1. Go to Admin > Access Management
2. Find the user in the list
3. Click on their current role to modify permissions
4. Select new role or adjust data restrictions
5. Save changes

Google Search Console

1. Navigate to Settings > Users and permissions
2. Use the dropdown in the "Permission" column
3. Select new permission level
4. Changes take effect immediately

Google Ads

1. Go to Admin > Access and security
2. Hover over the user's current access level
3. Click the dropdown arrow that appears
4. Select new access level
5. Confirm the change

Removing user access

When to remove access

• Employee termination or role change
• End of contractor or agency relationships
• Project completion
• Security concerns or policy violations
• Regular access review findings

Google Analytics 4 removal

1. Access Admin > Access Management
2. Find the user in the list
3. Check the box next to their name
4. Click "Remove" button
5. Confirm removal in the popup

Google Search Console removal

1. Go to Settings > Users and permissions
2. Click the three-dot menu next to the user
3. Select "Remove access"
4. Click "Remove user" in the confirmation popup
5. Check for any leftover verification tokens if removing an owner

Google Ads removal

1. Navigate to Admin > Access and security
2. Find the user in the "Actions" column
3. Click "Remove access"
4. Confirm the removal

Bulk user management

For organisations with many users:

• Google Analytics 4: Supports selecting multiple users for bulk operations
• Google Search Console: Individual user management only
• Google Ads: Individual management, but Manager accounts can streamline agency access

Access audit procedures

Implement regular access reviews:

1. Monthly: Review new additions and recent changes
2. Quarterly: Comprehensive audit of all users and permissions
3. Annually: Complete access governance review
4. Event-driven: Immediate review after organisational changes

Best practices and security tips

Implement these advanced user management practices to maintain security and efficiency across all Google platforms.

Access governance framework

Role-based access control (RBAC)

• Define standard roles: Create consistent role definitions across platforms
• Document permissions: Maintain clear documentation of what each role can access
• Regular reviews: Quarterly access certification by managers
• Principle of least privilege: Grant minimum necessary access

User lifecycle management

• Onboarding checklist: Standardised process for new user setup
• Change management: Procedures for role changes and transfers
• Offboarding procedures: Immediate access revocation upon departure
• Emergency procedures: Rapid access removal for security incidents

Security best practices

Account security measures

• Two-factor authentication: Require 2FA for all admin-level users
• Google Workspace integration: Use organisational accounts where possible
• Regular password policies: Enforce strong password requirements
• Login monitoring: Review account access logs regularly

Data protection strategies

• Data restrictions: Use GA4 data restrictions for sensitive financial information
• Audit trails: Monitor user actions and changes across platforms
• Backup ownership: Ensure multiple verified owners for critical properties
• Access documentation: Maintain records of who has access and why

Cross-platform consistency

Unified access strategy

• Consistent email addresses: Use the same Google account across platforms
• Aligned permissions: Match access levels to user roles consistently
• Synchronized reviews: Audit access across all platforms simultaneously
• Coordinated changes: Update permissions across platforms together

Integration considerations

• Linked accounts: Understand how platform linking affects permissions
• Data sharing: Consider how user access affects cross-platform data flow
• Reporting access: Ensure users can access integrated reports appropriately

Compliance and governance

Regulatory compliance

• GDPR considerations: Ensure user access aligns with data protection requirements
• SOX compliance: Maintain appropriate segregation of duties for financial data
• Industry standards: Follow sector-specific access control requirements
• Audit preparation: Maintain documentation for compliance audits

Change management

• Approval workflows: Require approval for high-privilege access
• Change logs: Document all access modifications with reasons
• Review schedules: Establish regular access review cycles
• Exception handling: Procedures for emergency access grants

Automation and efficiency

Streamlined processes

• Standardised templates: Use consistent access request forms
• Automated notifications: Set up alerts for access changes
• Bulk operations: Use bulk management features where available
• Integration tools: Consider third-party user management solutions

Monitoring and alerting

• Access monitoring: Track unusual login patterns or access attempts
• Change alerts: Notification systems for permission modifications
• Regular reporting: Monthly access reports for management review
• Automated reviews: System-generated access certification reminders

Common pitfalls to avoid

• Over-privileging: Granting more access than needed
• Orphaned accounts: Users remaining active after leaving organisation
• Shared credentials: Multiple people using the same account
• Inconsistent permissions: Different access levels across related platforms
• Lack of documentation: No records of access grants or reasons
• Infrequent reviews: Allowing access to accumulate without oversight

Emergency procedures

Establish procedures for access-related emergencies:

• Immediate revocation: Process for urgent access removal
• Backup access: Emergency admin accounts for critical situations
• Recovery procedures: Steps to regain access if primary admins are unavailable
• Incident response: Security procedures for suspected account compromise

Remember: Effective user management is an ongoing process, not a one-time setup. Regular reviews, consistent procedures, and proactive security measures ensure your Google platform access remains secure and efficient as your organisation evolves.

About the author

Lorna has been working in digital marketing for more than 20 years now, both running campaigns for her own businesses as well as working on behalf of clients. She particularly enjoys helping clients learn how to take control of different aspects of their digital marketing themselves, making the best use of the tools that are available to them and getting them out from under reliance on developers and agencies to do things for them, empowering them to do these things themselves.