Who can use this feature?
- Requires an Enterprise plan.
- Requires an Admin role to configure Fine-Grained Access Controls (FGAC).
- FGAC is currently in Early Access and becomes generally available for
all Enterprise customers on July 29, 2026.
Groups let you organize users into reusable sets that you can grant permissions to at once, instead of managing access one person at a time. A group can include any number of users, and each user can belong to multiple groups.
Groups are the shared building block behind Fine-Grained Access Controls (FGAC) at Fullstory. Fine-Grained Access Controls for Spaces is the first feature to use groups to control access, with more FGAC features planned to build on the same groups going forward.
Planning ahead
Before you start creating groups, map out your access model. A quick spreadsheet goes a long way.
- Identify your groups: Think about which teams need distinct access levels. Common patterns include by department, by region or brand, by function (a central analytics team versus consumers of dashboards), or by sensitivity (security, fraud).
- Map spaces to groups: For each space, decide who gets Can view, Can edit, or No access, and what the org-wide default should be. For example, a "Product analytics" space might default to No access, while the analytics team and product team both get Can edit.
Create and configure a group
The group creation wizard walks you through setup in a few steps. Groups are managed from the Groups table, which lists your existing groups along with their members and the spaces they can access.
- Navigate to Settings > Account Management > Groups.
- Click Create Group in the upper right.
- On the "Create Group" step, enter a name for the group (for example, "EMEA Analytics" or "Security Team") and an optional description.
- Click Create group.
- On the "Add people to..." step, search for users by name or email and add them as members.
- Click Save, or Skip to add members later.
- On the "Space Access..." step, search for spaces by name and choose a permission level (Can edit or Can view) for each one.
- Click Save, or Skip to configure access later.
A user can belong to multiple groups. See Fine-Grained Access Controls for Spaces for how space permissions behave. Once created, the group appears in the Groups table.
Edit a group
You can edit a group's name, description, members, and space access at any time from the group row or its overflow menu (⋮) in the Groups table.
SCIM-managed groups
If your organization uses SCIM, you can sync group membership directly from your identity provider instead of managing it manually in Fullstory. SCIM-managed groups display a badge in the Groups table, and their membership can't be edited directly in Fullstory—changes must be made in your identity provider.
See Configuring SCIM for Automated User Provisioning in Fullstory for setup instructions.
Frequently Asked Questions
How do I automate group management?
Fullstory supports SCIM for automating user and group lifecycle management. With SCIM, changes to groups in your identity provider are automatically reflected in Fullstory. See Configuring SCIM for Automated User Provisioning in Fullstory for details.
What if a user belongs to multiple groups with different permissions?
The user gets the highest permission across all of their groups. For example, if one group grants Can view on a space and another grants Can edit, a user who belongs to both groups gets Can edit.