ga4audits

GA4 property configuration checks

Key Takeaway

Property configuration is the foundation of GA4 data quality. Data retention, enhanced measurement, Google Signals, data streams, and key event definitions must all be validated before trusting any report.
Data Quality6 min readBeginner

A strong GA4 property audit covers more than tagging. Access control, linked services, filters, retention settings, and reporting options all drift over time. Access review is one of the most important recurring checks, but it should sit inside a broader property-configuration review rather than stand alone.

GA4 access levels explained

  • Administrator: Full control over the property, including creating and deleting data streams, modifying all settings, managing user access, and linking or unlinking products. Reserve for 1 to 3 people maximum: the analytics lead and a backup. Do not grant Administrator at the Account level to anyone who only needs access to specific properties.
  • Editor: Can modify all property settings and configurations: create data filters, change attribution settings, modify custom definitions, edit conversion definitions. This is the access level where configuration mistakes happen. Grant Editor only to those who specifically need to make configuration changes.
  • Marketer: Can create audiences and modify some configurations. Cannot change property-level settings. Appropriate for campaign managers who need to build audiences for Google Ads but do not need to touch property configuration. Editor access also covers high-impact toggles likeGoogle Signalsand Reporting Identity, so it should be granted carefully.
  • Analyst: Can create and view Explorations, custom reports, and dashboards. Cannot make any configuration changes. Appropriate for analysts, data scientists, and anyone who needs to work with the data without changing the setup.
  • Viewer: Read-only access to standard reports. Cannot access Explorations. Appropriate for executives who check specific standard reports periodically.

Account-level vs property-level access

Access granted at the Account level applies to all properties within that account. Access granted at the Property level applies only to that specific property. Almost nobody should have account-level access unless they specifically need to manage multiple properties simultaneously.

A common access management mistake: granting account-level Admin to a developer who only needs to add the GA4 tag to one website. They now have full access to every property in the account. Always grant access at the lowest scope that meets the actual need. The same principle applies when reviewingdata stream configurationandenhanced measurement settings— narrow scope reduces the chance of accidental drift.

Want to check your property configuration automatically?

Review audit findings

Systematic property configuration audit

A thorough configuration audit covers more than just user access. Work through each layer of the property systematically to catch settings that were correct at launch but have drifted over time.

1

Check property settings

Verify property name, time zone, and currency match your business. Confirm industry category is set correctly, it affects benchmarking data. Check that data collection settings (signals, modelling) are appropriate for your consent requirements.

2

Audit data streams

Confirm every active website and app has a corresponding data stream. Remove streams for properties or apps that no longer exist. Verify enhanced measurement settings are appropriate, automatic event collection can fire unintended events.

3

Review data filters

Check that internal traffic filters are set to Active (not Testing). Confirm the IP ranges in developer traffic filters cover your current office and remote working IPs. Filters in Testing mode silently allow internal traffic to inflate your data.

4

Review admin users

Open Account User Management and Property User Management. Identify every user with access. Confirm they still work with the organisation and still need that specific access level. Flag any accounts you do not recognise for immediate removal.

5

Check linked services

Review linked Google Ads accounts, BigQuery exports, Search Console links, and Display & Video 360 connections. Remove links for platforms you no longer use. Outdated links can cause attribution confusion and unnecessary data sharing.

6

Confirm retention settings

Go to Admin > Data collection and modification > Data retention. Confirm the event data retention period is set to the maximum available for your plan (14 months). Shorter retention silently limits your ability to run year-over-year comparisons in Explorations.

Protecting against accidental configuration changes

Even with correct access levels, configuration changes happen. Protect against the most damaging ones:

  • Change history monitoring: In Admin > Account Change History, you can see all configuration changes made to the property. Review this regularly to catch unintended changes.
  • Data filter testing mode: Data Filters have a Testing state that allows you to see their effect without permanently excluding data. Use Testing mode before activating filters, and require senior review before any filter moves to Active.
  • Key event changes: Marking or unmarking key events is an Editor-level action. Changes are not retroactive, unmarking a key event does not recover historical conversion data. Require documentation of why a key event is being changed before making the change.
  • Retention drift: ConfirmGA4 data retentionis set to the maximum your plan allows; the default 2-month setting silently caps the historical window available in Explorations.

Property configuration audit action plan

Configuration drift is slow and invisible. These checks surface settings that looked right at launch but have degraded over time.

Validate

  • Open Account Change History and review changes from the past 90 days for unintended modifications
  • Check each data filter status, confirm internal traffic filter is Active, not Testing
  • List all users with Editor or Administrator access and verify each is still active in the organisation
  • Confirm data retention is set to 14 months in Admin > Data collection and modification > Data retention
  • Review linked Google Ads accounts and remove any that are no longer active

Fix

  • Activate data filters stuck in Testing mode that should be filtering internal traffic
  • Remove access for any former employees, contractors, or agencies
  • Downgrade Editor access to Analyst for users who do not need to make configuration changes
  • Remove stale linked service connections for platforms no longer in use
  • Update developer traffic IP filters to cover current office and remote working IPs

Watch for

  • Data filters that were set to Active but have since reverted, this can happen after certain admin operations
  • New users appearing in access lists you did not add, may indicate account sharing
  • Linked Google Ads accounts whose attribution window settings differ from your GA4 attribution model
  • Enhanced measurement events being collected for interactions your site no longer supports

Property configuration checklist

  • Administrator access limited to a maximum of 3 people at property level
  • Account-level access granted only to those managing multiple properties
  • Editor access granted only to those who specifically need to modify property configuration
  • Most analysts have Analyst access, not Editor
  • Quarterly access review scheduled and documented
  • Former employee and former agency access revoked within 24 hours of relationship ending
  • Account Change History reviewed monthly for unexpected configuration changes
  • Data filters confirmed Active, not stuck in Testing mode
  • Data retention set to 14 months
  • Stale linked service connections removed

Automate your quarterly GA4 configuration audit

GA4 Audits helps review access levels, data filters, linked services, and retention settings in one property-level audit workflow.

Review audit findings

Audit findings should be reviewed by a qualified analyst before they are used for major reporting, media, or implementation decisions. Review your findings

GA4 Audits Team

GA4 Audits Team

Analytics Engineering

Specialising in GA4 architecture, consent mode implementation, and multi-layer audit frameworks.

Share

Keep reading

More guides in Data Quality

Internal links should help the reader move deeper into the topic, not just pad the page. These are the next three most relevant reads from the library.

Data QualityBigQuery Cost Optimisation for GA4 Exports: 9 SQL PatternsThe biggest cost wins come from nine SQL patterns: (1) partition pruning via _TABLE_SUFFIX BETWEEN (10 to 50x cost difference vs derived filters), (2) clustering on source/medium/event_name (30 to 60% reduction on top of partitioning), (3) explicit column selection (never SELECT *).12 min readData QualityHow to Stitch GA4 BigQuery Sessions ManuallyGA4 doesn't store sessions as records in BigQuery exports, only individual events with session identifiers. To reconstruct sessions: join on user_pseudo_id + (SELECT value.int_value FROM UNNEST(event_params) WHERE key='ga_session_id') as the unique session key.11 min readData QualityGA4 BigQuery Schema Cheat Sheet: Every Field, What It DoesThe GA4 BigQuery export contains 30+ top-level fields per event row, organised into seven groups: identity (user_pseudo_id, user_id), timing (event_timestamp, event_date), event metadata (event_name, event_params), traffic source (traffic_source.*, session_traffic_source_last_click.* added 2024).11 min read