Matomo User Management
Matomo offers granular control over super users, administrators, and site-level permissions. Use this hub to organize how the collaborator gains, changes, and loses access.
Access Requests at a Glance
- Add User Access walks through inviting the service account and assigning site permissions.
- Update Access & Roles outlines how to adjust site access, segments, or token_auth privileges.
- Remove User Access covers deprovisioning and audit evidence.
Roles to Maintain
- Super Users: Full platform control. Restrict to core client admins; grant to the collaborator only when the collaborator manages the instance.
- Site Administrators: Manage specific site settings, goals, and integrations. Typical role for the collaborator on implementation engagements.
- View Users: Read-only analytics. Use for reporting-only or compliance-friendly access.
Governance Checklist
- Record which Matomo sites and segments the collaborator can access, including staging vs. production.
- Archive Matomo’s System → Audit Log after access changes for compliance.
- Store token_auth values or API keys in a secure vault and rotate them as required.
- Confirm SSO plugins (if enabled) map the collaborator to the correct Matomo roles.