Report sharing and permissions
Access to reports is governed by roles: GA4 grants property-level roles (Viewer, Analyst, Editor, Administrator) plus data restrictions for cost/revenue, while Looker Studio shares per report with view/edit and link options. The pitfall is data-source credentials — a shared report can expose data the viewer couldn't query themselves.
What this means
GA4 controls access at the account and property level through roles — Viewer, Analyst, Editor, Administrator — and can additionally restrict who sees Cost and Revenue metrics. Looker Studio shares each report separately with viewer or editor access and optional link sharing.
Where credentials surprise you
In Looker Studio a data source can use owner's credentials (anyone with report access sees the data) or viewer's credentials (each viewer must have their own access). Owner-credential sources can therefore expose data a viewer couldn't query directly — a frequent over-sharing mistake. Combine GA4 roles, data restrictions, and the right credential mode so the report shows each person only what they should see.
- GA4 roles: Viewer, Analyst, Editor, Administrator
- Cost/Revenue can be separately restricted
- Looker Studio: owner vs viewer credentials
How it appears in analytics and logs
If someone can or can't see a report or metric, trace it to their role, data restrictions, and (in Looker Studio) whether the data source uses owner vs viewer credentials.
Diagnostic use case
Give stakeholders the right level of access — view-only for clients, edit for analysts — while controlling who can see sensitive cost and revenue metrics.
What WebmasterID can help detect
WebmasterID supports role-scoped access to first-party reporting, so teams share owned data without over-exposing it.
Common mistakes
- Sharing an owner-credential report wider than intended.
- Granting Editor when Viewer would do.
- Forgetting to restrict Cost and Revenue metrics.
Privacy and accuracy notes
Permissions limit who sees aggregated reports; they are not a substitute for minimizing personal data. Review link sharing so reports aren't exposed beyond intended recipients.
Related pages
- Scheduled email reports
Scheduled email delivery sends a Looker Studio report as a PDF to chosen recipients on a recurring schedule. It is the simplest way to push reporting to stakeholders who won't log in. The caveat: the PDF is a snapshot rendered at send time, with the filters and freshness state then — not a live link.
- Custom reports and collections
Through the Library, editors can create custom detail and overview reports, then bundle them into collections that appear in the left navigation. Changes are staged until published, and only users with the right role can edit — so reporting structure is governed, not ad-hoc.
- The GA4 Data API
The Google Analytics Data API (Data API v1) returns GA4 report data programmatically — you specify dimensions, metrics, date ranges, and filters and receive rows. It powers custom dashboards and pipelines, but it shares the UI's quotas, sampling for some requests, and cardinality limits, which must be designed around.
- Agency analytics
Role-scoped client reporting access.
Sources and verification notes
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.