Roles and permissions in Impact Hub determine what users can see and do after they sign in. They control access to dashboards, reporting tools, and administrative features, while keeping data visibility aligned with how your Apricot site is configured.
Each role requires a corresponding Impact Hub seat, and users must have an assigned seat to access the platform. Understanding these roles helps set expectations for users and ensures the right people have the right level of access.
Impact Hub roles at a glance
Impact Hub uses four role types. Each role affects how users interact with dashboards and reports.
Reader
Readers can:
View dashboards that have been shared with them
Interact with filters and saved views
Readers cannot create or edit reports.
Reader Pro
Reader Pro users have the same access as Readers, with additional advanced features enabled where available.
Author
Authors can:
Create and edit dashboards and analyses
Publish dashboards to groups they belong to
View dashboards shared with them
Author access is required to use report-building tools.
Author Pro
Author Pro users have all Author capabilities, plus additional advanced features enabled where available.
How roles affect what users see
A user’s role determines which areas of Impact Hub appear in the interface after they have been assigned a seat:
Readers typically see Dashboards and shared content.
Authors see Dashboards and Builder.
Administrative options, such as Data connections, are visible only to users who manage a connected Apricot site.
Roles control what users can do in Impact Hub, not which data is available. Which data is available for reporting depends on your connected Apricot site and published data standards, not the user’s role.
Seats and role availability
Each Impact Hub role uses a corresponding seat. The number and type of seats available depend on your Apricot tier (Enterprise, Pro, or Essentials). Seat availability determines which roles administrators can assign within a connection. To view available seats by role type, go to the Data connections space in Impact Hub. To purchase additional seats, contact your Account Manager.
Important things to know:
All new users added to a connection are assigned the Reader role by default. To upgrade a user to Author, use the Manage users workflow after the seat has been accepted.
Users with an Author role cannot currently be directly downgraded to Reader. They must be removed and re-invited.
Production connections: Apricot Administrators who connect their production Apricot site are assigned an Author seat by default (Apricot Pro and Enterprise).
Sandbox connections: Apricot Administrators who connect their sandbox will see the Reader role shown for that connection. Users with an Author role in a production connection are automatically granted Author-level permissions in any associated sandbox connection, regardless of the role shown for the sandbox.
Roles versus permissions
Login credentials are shared with Apricot, but permissions are managed separately through Impact Hub roles and seats.
Apricot permissions control what data exists and who can enter or edit it in Apricot.
Impact Hub roles control how users interact with dashboards and reports built from that data.
This separation allows organizations to manage reporting access without changing how staff work in Apricot day to day.
Sandbox connections
If your organization uses an Apricot Sandbox:
Users may appear with a Reader role in the Sandbox connection.
Users with an Author role in a production connection are automatically granted Author-level permissions in the associated Sandbox connection, regardless of the role shown.