Managing user roles

Available roles

There are 3 different roles available for CARTO users:

  • Admin: Admins can do everything an editor can do, plus they can access the Organization Settings. This allows them to invite other users, modify their roles or check the organization quotas.

    • There can be more than one admin

    • Admin users count as "Editor" users for the quota calculations

  • Editor: Editors can create connections, applications, tokens, workflows, and maps. They can also edit and delete their creations, as well as collaborate on maps made by other editors. Editors can also share their creations with viewers.

  • Viewer: Viewers can only see and interact with maps, workflows, and applications previously shared with them.

Default role for new users

Across the "Users & Groups" tabs you'll find an option called Default role for new users. This lets you control which role new users will take when they first join CARTO through auto-join, request or SSO signup.

By default, new users will take the Viewer role and you will need to upgrade them to Editor/Admin manually, which tends to be the recommended option for security.

For a quicker setup (for example when starting your team trial) you can change this default role to Editor.

Changing the role of specific users

You can change the role of a specific user by clicking on the three dots menu, at the end of each user's row.

There are two scenarios to take into account:

  • You, as an Admin, can't change your own role. Only other Admins can change your role.

  • if you downgrade to Viewer an existing Editor/Admin, you will receive all their assets such as any maps, connections, workflows, or apps that were created by this user.

If you downgrade to Viewer or fully delete a user, all assets (maps, connections, workflows applications…) belonging to that user will be transferred to you, as the admin triggering the deletion.

Automatically managing roles via SSO group mapping

So far we've reviewed the possibilities of manually assigning roles to each user, but this can prove challenging when you're trying to onboard and manage dozens or hundreds of users.

If you want to manage roles programmatically, the recommended way is to leverage new or existing groups coming from your SSO integration, and then map each group to a role. Users in those groups will automatically get the role assigned to their group. Learn more about mapping groups to roles in CARTO.

Last updated