[Privacy] Users Able to View all Sites in Google Account!

  • Resolved marv2

    (@marv2)


    1 year, 5 months ago

    I noticed that when we connect a site to a Google account that has multiple websites set up in Google Analytics, the admin of the website is able to later click “edit” button (e.g. by the Analytics section in the plugin Settings) and then click the “account dropdown box” and view all the other sites connected to that Google account.

    This is a big privacy issue, and is especially prevalent to agencies with multiple sites per account.

    Not only is this a privacy issue, but if a user is able to connect to a different site, they can mess up the analytics for that other site.

    When a website is connected to an account, can you please disable editing the account, so nothing can be viewed? If anything with the connection has to be changed, you should require the user to re-login.

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support James Osborne

    (@jamesosborne)

    1 year, 5 months ago

    Hi @marv2,

    Thanks for getting in touch. When connecting Google Analytics, or indeed even setting up Site Kit, the plugin uses one Google account per WordPress administrator. For that reason, when connecting Analytics, it’s normal that a WordPress administrator can edit and select their preferred Google Analytics account and property, in order for the plugin to insert and display data from that account and property.

    What I suspect may be happening in your case is you may be using a shared WordPress administrator account. If so, rather than using a shared WordPress administrator account, you may wish to perform one of the following:

    1. Create a separate WordPress administrator account for each user. After doing so, grant them access to the Google Analytics property that you already have connected, from analytics.google.com. You’ll need to know their Google associated email to grant them access. After they login and connect their own Google account with Site Kit, they’ll be able to view the Site Kit dashboard and also Analytics data. If they try to edit the Analytics settings within Site Kit they won’t be able to view any Google Analytics account or property which is associated with your own Google account, other than the one you provided them with access to.
    2. Create a separate WordPress administrator account for each user. After doing so, ask them to set up Site Kit and connect the Google Analytics module. As long as they’re using their own Google account, they won’t be able to view your own Google Analytics accounts or properties. You’ll need to ask them to grant you access to the Google Analytics property that they connected. Once you login to your site, then you’ll be able to view Site Kit data as normal, with data shown from the newly connect Google Analytics property

    Let me know if that answers your question, or ask if you have any further queries on the above.

    Note also that we are hoping to release a dashboard sharing feature soon. This will allow administrators who set up Site Kit to share a view only version of the Site Kit dashboard with other users. Once released you can create non-administrator roles for your users. They’ll then be able to view Site Kit data without being able to edit.

    Plugin Support James Osborne

    (@jamesosborne)

    1 year, 4 months ago

    As we didn’t receive a response I’ll mark this as resolved. Feel free to open a new support topic if you continue to encounter issues, or reopen this topic and we’d be happy to assist.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Privacy] Users Able to View all Sites in Google Account!’ is closed to new replies.