Role-Based Access Controls
FireHydrant offers several default user roles to help you restrict access to parts of the platform, enableing you to create a secure and scalable incident management process. Here, we'll walk through configuring roles and what each roles covers including what any Slack user can do in your workspace.
Configuring Roles
Any user with an "Owner" role can navigate to the User settings page in FireHydrant and update another users' role.
Additionally, you can update user roles using our SCIM API and your IDP (Okta, Active Directory, etc.). Learn more about provisioning users and roles by reading our SCIM documentation.
Who can declare an incident?
Because we believe in helping teams build a cultures with open Incident Management processes, any users within your Slack workspace can declare a new incident inside of Slack by running the command:
/fh new
Additionally, any user in Slack can join an incident channel to keep tabs on an open incident.
User Roles and Definitions
For any users who need to respond to incidents or generally access the FireHydrant platform, you will want to create a user account for them and assign them a role. In general, we offer four default roles to help you build an access control system that works for your needs. The roles are:
- Viewer: Read-only access to incidents in the FireHydrant web app.
- Collaborator: Basic incident response access but cannot update incident management settings or runbooks.
- Member: Full access to update incident management processes in runbooks, settings, teams and more.
- Owner: Full access to update all aspects of the platform such as users, integrations, API Keys.
Privileges for users who have accounts in FireHydrant are dictated by their user roles. Users have Owner, Member or Collaborator access. Think of Owners as administrators in your FireHydrant account and Members and Collaborators as collaborators or individual contributors.
| Action | Owner | Member | Collaborator | Viewer |
|---|---|---|---|---|
| Declare Incidents | β | β | β | β |
| View Analytics | β | β | β | β |
| Respond to Incidents | β | β | β | |
| β³ Run all Slack Commands | β | β | β | |
| β³ Update Incident in UI | β | β | β | |
| β³ Assigned Incident Roles | β | β | β | |
| β³ Participate in Retro | β | β | β | |
| Manage Incident Response | β | β | ||
| Manage Runbooks | β | β | ||
| Manage Service Catalog | β | β | ||
| Manage Teams | β | β | ||
| Manage Integrations | β | |||
| Manage API Keys | β | |||
| Manage Users | β | |||
| Manage Organization | β |
Commonly-asked questions
-
Can a non-licensed user access the retrospective? A non-responding user can only access a retrospective after the PDF is published and exported. The options to access a retrospective before completion also requires being a FireHydrant user with at least Viewer permissions.
-
Can a Viewer or non-licensed user βstarβ events to be included in the starred incident timeline? This option is only currently available for users with at least Collaborator level permissions.
-
Can a Viewer or non-licensed userβs chat messages on Slack still be recorded within the incident timeline? Yes. Any Slack users are still able to join the channel and have their messages recorded within the incident timeline.
-
Can a Viewer or non-licensed user be assigned action-items? No. You must be a user with at least Collaborator level permissions in order to be assigned an action item.
-
Can a non-licensed user view the status page? Yes. You do not need to be a licensed user on FireHydrant in order to view a status page. However, if you have an authenticated status page, a Viewer license will be required.