Roles and permissions in Impact Hub determine what users can see and do after they sign in. They control access to dashboards, reporting tools, and administrative features, while keeping data visibility aligned with how your Apricot site is configured.
Each role requires a corresponding Impact Hub seat, and users must have an assigned seat to access the platform. Understanding these roles helps set expectations for users and ensures the right people have the right level of access.
Impact Hub roles at a glance
Impact Hub uses four role types. Each role affects how users interact with dashboards and reports.
Reader
Readers can:
View dashboards that have been shared with them
Interact with filters and saved views
Readers cannot create or edit reports.
Reader Pro
Reader Pro users have the same access as Readers, with additional advanced features enabled where available.
Author
Authors can:
Create and edit dashboards and analyses
Publish dashboards to groups they belong to
View dashboards shared with them
Author access is required to use report-building tools.
Author Pro
Author Pro users have all Author capabilities, plus additional advanced features enabled where available.
How roles affect what users see
A user’s role determines which areas of Impact Hub appear in the interface after they have been assigned a seat:
Readers typically see Dashboards and shared content.
Authors see Dashboards and Builder.
Administrative options, such as Data connections, are visible only to users who manage a connected Apricot site.
Roles control what users can do in Impact Hub, not which data is available. Which data is available for reporting depends on your connected Apricot site and published data standards, not the user’s role.
Seats and role availability
Each Impact Hub role requires a corresponding seat. The number and type of seats available depend on your Apricot tier (Enterprise, Pro, or Essentials).
Important things to know:
Users are assigned roles based on available seats.
Newly added users are assigned the Reader role by default.
Users with an Author role cannot currently be directly downgraded to Reader. They must be removed and re-invited.
Seat availability limits which roles administrators can assign.
Roles versus permissions
Login credentials are shared with Apricot, but permissions are managed separately through Impact Hub roles and seats.
Apricot permissions control what data exists and who can enter or edit it in Apricot.
Impact Hub roles control how users interact with dashboards and reports built from that data.
This separation allows organizations to manage reporting access without changing how staff work in Apricot day to day.
Sandbox connections
If your organization uses an Apricot Sandbox:
Users may appear with a Reader role in the Sandbox connection.
Users with an Author role in a production connection are automatically granted Author-level permissions in the associated Sandbox connection, regardless of the role shown.