GA4 Audits
Back to Help Center

Security & Privacy

Can GA4 Audits modify my property?

No. GA4 Audits cannot modify your GA4 property. This isn't just a policy decision — it's technically enforced by the OAuth scopes we request and Google's API design.

How OAuth scopes enforce read-only access

When you connect your Google account to GA4 Audits, you grant specific OAuth scopes. GA4 Audits requests only analytics.readonly. This scope is defined by Google as permitting read-only access to Analytics data. Google's API servers reject any write operations (create, update, delete) attempted with a token that only carries the readonly scope — with an HTTP 403 Forbidden response.

Modifying GA4 configuration requires the analytics.edit or analytics.manage.users scopes. GA4 Audits has never requested these scopes, and Google's OAuth consent screen shows you exactly which scopes were requested when you authorised the connection.

What analytics.readonly can and cannot do

The analytics.readonly scope permits:

  • Reading property settings via the Admin API (GET requests only).
  • Querying aggregated reporting data via the Data API (run reports).
  • Listing accounts, properties, and data streams.

It explicitly does not permit:

  • Creating or deleting custom dimensions, metrics, or audiences.
  • Changing property settings (timezone, currency, retention, etc.).
  • Creating or modifying data streams or measurement IDs.
  • Adding or removing user access to the property.
  • Configuring conversion events or linked services.

The audit is entirely observational

GA4 Audits reads your property configuration, analyses your data, and presents findings with recommendations. Acting on those recommendations — changing a data retention setting, updating a referral exclusion, enabling a feature — is always done by you, in the GA4 Admin UI, under your own account. GA4 Audits identifies what to change and tells you how; it cannot make those changes on your behalf.

Verifying for yourself

You can verify the exact scopes GA4 Audits was granted at any time by visiting myaccount.google.com/permissions, clicking on "GA4 Audits," and reviewing the listed permissions. You'll see "View your Google Analytics data" — which corresponds to the readonly scope — and nothing else.

Still need help?

Contact our support team — we typically respond within 1 business day.

Contact Support