How user policies workAn organization’s user administrator can create a user policy specifying what users are allowed or disallowed to do within their organization’s Google Analytics accounts. For example:
- A domain may be entered to allow any users with email addresses on that domain
- A single user email may be entered to explicitly allow that user
- A single user email may be entered to explicitly disallow that user
Click image for full-sized version
Auditing policy violatorsAny user who violates the policy will be highlighted on the Suite Admin User’s report. We check both primary and secondary Google User Account email addresses when considering if a user passes a policy; if any email on the Google User Account account passes a policy rule, that user is considered to be allowed.
Policy Auditing - note the red (!) icons next to policy violators
Adding Users that Violate Policy
At this time, we do not block the addition of policy violating users to suite products. Product account administrators may still add a user that violates the user policy, and that user will appear in the Audit report seen above with a red (!) icon. At a future time, we will allow policy administrators to choose to block violating users from being added.