Private incidents

In some instances, you may need to manage an incident privately. For example, if a large-scale incident occurs and you need to coordinate information among incident commanders—but not among the other members of your team—opening a private incident (and a private Slack channel for the incident) is your best option.

When you create a private incident, the Slack channel for the incident will also be private. Only users with permission to view the incident can view the corresponding Slack channel.

Private incident : sometimes referred to as a restricted incident, is an incident that is not publicly available to the organization and can only be managed by a select group of users.

Access control for private incidents was inspired by security standards for incident handling developed by the National Institute of Standards and Technology. Private incident access control focuses on:

  • Securely containing incident information
  • Enabling collaboration to resolve and learn from incidents

Access Controls

User Table with Access Controls
User Table with Access Controls
  • "Public" Access Control
    • Users that are assigned "Public" under Access controls do not have the necessary permission for creating, managing, and viewing private incidents.
    • This is the default assignment for all users in your organization.
    • To help differentiate permissions, in our documentation below we also refer to these users as "standard users".
  • "Private" Access Control
    • Users who have member or collaborator role and also have the "Private" access control will have the permission to declare, view, and manage both private and public incidents
    • These users can also add ad hoc users to a private incident.
    • To help differentiate permissions, in our documentation below we also refer to these users as "permissioned users".
  • Owners
    • Owners always have access to all public and private incidents.
    • Owners can grant permission to members that allows them to view private incidents.

Ad hoc user:

  • This permission is not explicitly called out under the Access controls in your Organization. This is because ad hoc users are only able to view information on the specific incident and are not granted permission to view other private incidents.
  • After they have been added, ad hoc users have full access to the incident, including the ability to attach Runbooks and make updates; however, they cannot add other users to a private incident.
  • Details on how to add an ad hoc user

Granting user access to private incidents

To grant a user access to private incidents, select Organization > Users. From here, you can view and edit access controls across all users. Click into a specific user's page to enable or disable private access.

Each user can be granted specific access controls
Each user can be granted specific access controls

Note: You will need Owner access to modify access levels for users.

Access control settings for users

  • Public: Users are only able to access incidents that are not flagged as private
  • Private: Users have permission to access both private and public incidents

To modify a user’s permissions, click that user’s name. Select the appropriate access control and save changes.

Declaring a private incident

In FireHydrant, only owners and permissioned users have the ability to declare a private incident. Any incident that is opened publicly by non-permissioned users can be converted to a private incident by permissioned users. If you need all users to be able to open new private incidents, reach out to our support team for special access.

From the FireHyrant web UI

  1. On the FireHydrant home page, click Declare an incident.
  2. Provide an incident name and select Private Incident.
  3. Fill in additional incident details as necessary. When you’re done, click Declare incident. In the FireHydrant UI, the incident will be displayed as a private (restricted) incident.
Easily declare private incidents
Easily declare private incidents

From Slack

Users with the designated permission in your Slack org have the ability to create a private incident from Slack. To do this, follow these steps:

  1. Run /fh new
  2. Provide an incident name and select Private Incident.

this-incident-is-private.gif

For an overview on declaring incidents, see this article.

Private Runbooks

When creating a runbook, any permissioned user with edit access for Runbooks can mark a runbook as "Use in private incidents". Marking a runbook as "private" will:

  • Restrict editing to Owners and private-permissioned Members (Collaborators cannot edit any runbooks).
  • Only evaluate the attachment rules (automatic, conditional, etc.) if the incident is private
  • Restrict manual attachment to private incidents (an incident must be private or be in the process of converting to private to have a Private runbook attached).

Note: We elected to make Private Runbooks as secure as possible. We only allow entire runbooks to evaluate for Private Incidents to keep the permissions model as simple as possible. Having some steps evaluate against private introduces several security concerns on editing runbooks and runbook steps.

Converting Public Incidents to Private

Any incident that has been declared as a public incident can be converted to a private incident by a permissioned user.

When converting an incident from public to private:

  • All runbooks will stop running (any repeating or unstarted steps will be canceled)
  • All user roles will be revoked
  • If the incident channel is still public, a private channel will be created and all FireHydrant activity will happen in that new channel.
    • We create a new channel because converting a channel from public to private is a highly restricted permission in Slack and only available in Enterprise Grid accounts.
  • When converting, users will have an option to manually attach a new runbook and add new users and teams to the incident. [Conversion Screenshot]

From the FireHyrant web UI

  1. Navigate to the public incident
  2. Open the Settings menu in the top right corner
  3. Click "Convert to Private Incident"
  4. Select any runbooks you want to attach to the private incident
  5. Assign any users or teams to the incident
  6. Click "Convert"

From Slack

  1. Navigate to the incident channel
  2. Run /fh private
  3. Select any runbooks you want to attach to the private incident
  4. Assign any users or teams to the incident
  5. Click "Restrict"

Managing private incidents

How can I add an ad hoc user or group to a private incident?

  1. During an active private incident, scroll to the Assign roles section.
  2. See how to assign roles for reference.
  3. If you select a user or group of users that do not have private access control, then you will see a message informing you that they will have access to this incident. You can continue with giving them access to that specific incident.
Add ad-hoc users to a private incident
Add ad-hoc users to a private incident

How can I un-assign a user?

  1. Go to the incident command center page for the incident
  2. Scroll to Assignees section. Select Unassign.
  3. If this user is in a private slack channel for an incident, they will need to leave or a Slack admin will need to remove them. In the FireHydrant UI, they will see a 404 for the incident.

Known constraints

Slack Mentions

If someone is mentioned and then added to a private incident channel, they could be added but still would not be able to see the incident details in the UI. We can't control that happening b/c that is a Slack capability outside of our control to manage.

We recommend training and enabling your responders to ensure they're always using the /fh assign role or /fh assign team functions instead of directly @ing the user.

Bot users

Currently, bot tokens have Owner privileges. This means, in effect, anyone with access to a Bot Token also has access over user permissions.

We recommend restricting applications and usage of the Bot Token to avoid unauthorized privilege escalation.

When the collection exceeds a certain size, pagination numbers may not match the actual length of returned collections. If you're using a script to fetch incidents via API, the script should rely on total item counts in lieu of pagination totals. Pagination cursoring should continue to function as expected.

Last updated on 9/15/2023