Advanaced permissions allow more granular permissions to be set for users than do basic permissions. On top of account level permissions, they allow team level permissions and even component specific permissions to be set. Component level permissions can be set on routines, escalation policies and services. These narrowed down permissions allow user access to be controlled with more flexibility without changing their account level permissions.
The high degree of specificity of permissions makes the organization more secure. By restricting users from what they are able to view and what actions they can take, teams will be able to ensure that sensitive information remains private.
Advanaced permissions are only allowed on the Business and Digitial Operations plans.
Account User Roles
|Restricted access||Observer||Responder||Manager||Admin||Owner||Limited Stakeholder||Full Stakeholder|
|Access to the status dashboard and own user profile.||✓||✓||✓||✓||✓||✓||✓||✓|
|Subscribe to incidents||✓||✓||✓||✓||✓||✓||✓||✓|
|Respond to incidents assigned to them||✓||✓||✓||✓||✓||✓|
|Can be added on routines and escalation policies||✓||✓||✓||✓||✓||✓|
|View all public routines, escalation policies, services, team, analytics and postmortems across the entire account||✓||✓||✓||✓||✓||✓|
|View alerts on services they have access to (in the Alerts list)||✓||✓||✓||✓||✓||✓|
|Trigger and respond to any incident for the organization||✓||✓||✓||✓|
|Create/delete overrides on any routine||✓||✓||✓||✓|
|Add/edit/delete any: |
∙ Escalation Policies
∙ Response Sets
∙ Business Services
|View/edit/delete all private teams and their routines, escalation policies and servicecs.||✓||✓|
|Create/delete account level REST API keys||✓||✓|
|∙ Manage users |
∙ Add new users
∙ Delete users
∙ Edit users’ profiles
∙ Configure users' base roles, team roles, and object roles
|∙ Redact Incidents |
∙ Change the account owner
∙ Edit billing information
∙ Close the account
∙ Change subscription plans
All users are assigned a role at the account level. This is first set by the admin at the time a new user account is requested and can be updated afterwards. Some of the roles are not affected when team or component level permissions are set. These are the Admin, Owner, Limited Stakeholder and Full Stakeholder user roles. However, the remaining user roles are flexible. Their user rights can be increased or decreased from their account level permissions by setting team and component specific permissions.
|∙ Owner |
∙ Full Stakeholder
∙ Limited Stakeholder
|∙ Manager |
∙ Restricted Access
Every user in a team is assigned a team specific role that dictates the permissions they have on that team and its components. These roles can override the account level permissions of the user. The user can have one of the following roles on a team:
- Observer: Observers have access to view all team members, team components and incidents that are assigned to the team. They will not be able to respond to the incidents unless they are explicitly added to the incident as a responder.
- Responder: In addition to having all the rights of an Observer, a Responder can respond to any incident that belongs to the team.
- Manager: In addition to having all the rights of a responder, a Manager can add/edit/delete any team member roles and team components. Managers have full control over the team.
Component roles are the most granular permissions that can be set for a user. The permission is specific to the user on a specific components. These roles can be set on routines, escalation policies and services . These roles override not only the account level permissions but also any team level permissions that may have been set for the user.
|Routine||Can view||Can view and create overrides||Can edit routines and create/delete overrides.|
|Escalation Policy||Can view||Can view||Can edit escalation policies|
|Service||Can view||Can respond to and trigger incidents on the service||Can respond to and trigger incidents on the service in addition to being able to edit it|