Comment on page
Managing user roles
There are 3 different roles available for CARTO users:
- Viewer: Viewers can only see and interact with maps, workflows, and applications previously shared with them.
Across the "Users & Groups" tabs you'll find an option called Default role for new users. This lets you control which role new users will take when they first join CARTO through auto-join, request or SSO signup.
By default, new users will take the Viewer role and you will need to upgrade them to Editor/Admin manually, which tends to be the recommended option for security.
For a quicker setup (for example when starting your team trial) you can change this default role to Editor.
You can change the role of a specific user by clicking on the three dots menu, at the end of each user's row.
In this case we're selecting a Viewer user, so we will get options for the other two roles
There are two scenarios to take into account:
- You, as an Admin, can't change your own role. Only other Admins can change your role.
- if you downgrade to Viewer an existing Editor/Admin, you will receive all their assets such as any maps, connections, workflows, or apps that were created by this user.
If you downgrade to Viewer or fully delete a user, all assets (maps, connections, workflows applications…) belonging to that user will be transferred to you, as the admin triggering the deletion.
So far we've reviewed the possibilities of manually assigning roles to each user, but this can prove challenging when you're trying to onboard and manage dozens or hundreds of users.
If you want to manage roles programmatically, the recommended way is to leverage new or existing groups coming from your SSO integration, and then map each group to a role. Users in those groups will automatically get the role assigned to their group. Learn more about mapping groups to roles in CARTO.