When you’re managing incidents at scale, “everyone can do everything” quickly becomes unsustainable (and a bit nerve wracking). From safeguarding sensitive incident data to preventing accidental changes in critical configs, permissions matter.

We’ve always built FireHydrant so teams can move fast and stay secure. Now, with Custom Roles & Permissions, you can dial in access with the same precision you bring to your code. Whether you’re a five-person startup or a 5,000-person engineering org, you can define exactly who can do what — at both the organization and team level.

This release is a big one for us. We’re the only solution that pairs enterprise-grade security and compliance with the deep extensibility engineering teams need to fit into their workflows, no awkward workarounds required. Out of the box, it’s powerful. Tuned to your org, it’s a perfect reflection of how your operations actually run — complexity included, without the friction.

Enterprise-Grade Control Without the Complexity#enterprise-grade-control-without-the-complexity

Our new RBAC system is built to scale with your team, from startups getting their first on-call process in place to enterprises managing hundreds of services and teams across the globe.

• Platform Pro Plan: up to 3 custom roles.
• Enterprise Plan: unlimited custom roles.

Need a role just for security? Done. For compliance auditors? Easy. For SREs who can tweak alert routing but can’t touch runbooks? Absolutely.

You still have the four default roles (Owner, Member, Collaborative, Viewer), but now you can stack custom ones on top, tuned for your world.

Get Specific — Really Specific#get-specific-really-specific

Our RBAC system is built to handle whatever you throw at it:

• Lock sensitive incidents to security teams only
• Give service owners full control over their own Runbooks without touching anyone else’s
• Let on-call managers override On-Call Schedules in a pinch
• Keep API key creation in the hands of platform admins only
• And so so much more

Team-Level Permission Management#team-level-permission-management

Custom Roles don’t stop at the org level. You can now set team-level permissions so teams own their piece of incident management without having to tiptoe through org-wide settings. Within a team, decide exactly who can:

• Manage Alert Rules, Call Routes, Escalation Policies, and On-Call Schedules
• Adjust shifts on the fly
• Update Runbooks, Service Catalog entries, and Support Hours
• Add or manage Team Members

You give teams autonomy. They give you fewer “oops” moments.

Any Organization Owner or Team Member with permissions to manage Users will be able to adjust these. Head to Teams > Members > Actions > Manage Permissions.

Try It Now#try-it-now

If you’re an organization Owner, head to Settings > Roles and Permissions to start creating custom roles. Check out our documentation to learn more!

Or, if you want a walkthrough of real-world RBAC setups we’ve seen work, our team is happy to help.