Managing user roles

Available roles

There are 3 different roles available for CARTO users:

Admin: Admins can do everything an editor can do, plus they can access the Organization Settings. This allows them to invite other users, modify their roles, check the organization quotas and enable CARTO Support access, among other things.
- There can be more than one admin
- Admin users count as "Editor" users for the quota calculations
Editor: Editors can create connections, applications, tokens, workflows, and maps. They can also edit and delete their creations, as well as collaborate on maps made by other editors. Editors can also share their creations with viewers.
Viewer: Viewers can only see and interact with maps, workflows, and applications previously shared with them.

Default role for new users

Across the "Users & Groups" tabs you'll find an option called Default role for new users. This lets you control which role new users will take when they first join CARTO through auto-join, request or SSO signup.

By default, new users will take the Viewer role and you will need to upgrade them to Editor/Admin manually, which tends to be the recommended option for security.

For a quicker setup (for example when starting your team trial) you can change this default role to Editor.

Changing the role of specific users

You can change the role of a specific user by clicking the dropdown button next to their role:

Admins can't be downgraded to Viewers in a single operation. They need to be Editors first. The same is true when turning Viewers into Admins.
You, as an Admin, can't change your own role. Only other Admins can change your role.
If you downgrade an Editor or Admin to Viewer, you will have to select which user will inherit their assets (such as Maps, Workflows, Connections, CARTO Data Warehouse private files, apps, etc). Viewers can't own any assets in CARTO.

You must select a user that will inherit the assets of the user being downgraded. By default, the admin performing the action is selected.

Automatically managing roles via SSO group mapping

So far we've reviewed the possibilities of manually assigning roles to each user, but this can prove challenging when you're trying to onboard and manage dozens or hundreds of users.

If you want to manage roles programmatically, the recommended way is to leverage new or existing groups coming from your SSO integration, and then map each group to a role. Users in those groups will automatically get the role assigned to their group. Learn more about mapping groups to roles in CARTO.

PreviousInviting users to your organization NextDeleting users

Last updated 4 months ago

Available roles

There are 3 different roles available for CARTO users:

Admin: Admins can do everything an editor can do, plus they can access the Organization Settings. This allows them to invite other users, modify their roles, check the organization quotas and enable CARTO Support access, among other things.

There can be more than one admin
Admin users count as "Editor" users for the quota calculations

Editor: Editors can create connections, applications, tokens, workflows, and maps. They can also edit and delete their creations, as well as collaborate on maps made by other editors. Editors can also share their creations with viewers.

Viewer: Viewers can only see and interact with maps, workflows, and applications previously shared with them.