Managing user roles
Last updated
Was this helpful?
Last updated
Was this helpful?
Available roles
There are four different roles available for CARTO users:
Superadmin: Superadmins have all Admin capabilities plus the ability to view, delete, and transfer ownership of any asset within the organization. For more information, see our section on the Superadmin role.
Admin: Admins can do everything an editor can do, plus they can access the Organization Settings. This allows them to , modify their roles, check the and enable , among other things.
There can be more than one admin
Admin users count as "Editor" users for the quota calculations
Editor: Editors can create , , tokens, , and . They can also edit and delete their creations, as well as collaborate on maps made by other editors. Editors can also share their creations with viewers.
Viewer: Viewers can only see and interact with maps, workflows, and applications previously shared with them.
Across the "Users & Groups" tabs you'll find an option called Default role for new users. This lets you control which role new users will take when they first join CARTO through auto-join, request or signup.
By default, new users will take the Viewer role and you will need to upgrade them to Editor/Admin manually, which tends to be the recommended option for security.
For a quicker setup (for example when starting your team trial) you can change this default role to Editor.
You can change the role of a specific user by clicking the dropdown button next to their role:
Admins can't be downgraded to Viewers in a single operation. They need to be Editors first. The same is true when turning Viewers into Admins.
You, as an Admin, can't change your own role. Only other Admins can change your role.
If you downgrade an Editor or Admin to Viewer, you will have to select which user will inherit their assets (such as Maps, Workflows, Connections, CARTO Data Warehouse private files, apps, etc). Viewers can't own any assets in CARTO.
You must select a user that will inherit the assets of the user being downgraded. By default, the admin performing the action is selected.
Superadmins have all Admin privileges plus access to the Asset Management table in the Settings. This centralized table displays all Maps, Connections, and Workflows that exist in the organization, regardless of ownership or discoverability settings.
From the Asset Management table, Superadmins can:
Delete any asset in the organization
Transfer ownership of any asset to any user, including themselves
Select multiple items for bulk deletion or ownership transfer
Filter assets by their owner
When transferring assets, be aware that dependent assets may break if their required resources are unavailable after the transfer. For example, if you transfer a map that relies on a private connection, the recipient won't be able to view it because they lack access to that connection.
Unlike other user roles, Superadmin access requires special provisioning. The first Superadmin must be manually assigned by the CARTO team. Once established, this initial Superadmin can then designate additional Superadmins within the organization.
Superadmins can leverage the CARTO API to manage assets programatically, along with a few additional capabilities:
Get all Maps, Workflows and Connections in your organization.
View detailed asset relationships, such as the Connection that a Map is using or the Workflows created with a specific Connection.
Execute batch deletion or transfer of assets.
So far we've reviewed the possibilities of manually assigning roles to each user, but this can prove challenging when you're trying to onboard and manage dozens or hundreds of users.
For more information, please check the .
If you want to manage roles programmatically, the recommended way is to leverage new or existing groups coming from your SSO integration, and then map each group to a role. Users in those groups will automatically get the role assigned to their group. .
