Private incidents

In some instances, you may need to manage an incident privately. For example, if a large-scale incident occurs and you need to coordinate information among incident commanders—but not among the other members of your team—opening a private incident (and a private Slack channel for the incident) is your best option.

When you create a private incident, the Slack channel for the incident will also be private. Only users with permission to view the incident can view the corresponding Slack channel.

Private incident : sometimes referred to as a restricted incident, is an incident that is not publicly available to the organization and can only be managed by a select group of users.

Access control for private incidents was inspired by security standards for incident handling developed by the National Institute of Standards and Technology. Private incident access control focuses on:

  • Securely containing incident information
  • Enabling collaboration to resolve and learn from incidents

Note: This feature is in a beta phase! If you have feedback about this feature, please reach out to your Customer Success Manager or submit a ticket on our contact form.

Access Controls


  • "Public" Access Control

    • Users that are assigned "Public" under Access controls do not have the necessary permission for creating, managing, and viewing private incidents.
    • This is the default assignment for all users in your organization.
    • To help differentiate permissions, in our documentation below we also refer to these users as "standard users".
  • "Private" Access Control

    • Users that have the permission to declare, view, and manage both private and public incidents
    • These users can also add ad hoc users to a private incident.
    • To help differentiate permissions, in our documentation below we also refer to these users as "permissioned users".
  • Owners

    • Owners always have access to all public and private incidents.
    • Owners can grant permission to members that allows them to view private incidents.

Ad hoc user:

  • This permission is not explicitly called out under the Access controls in your Organization. This is because ad hoc users are only able to view information on the specific incident and are not granted permission to view other private incidents.
  • After they have been added, ad hoc users have full access to the incident, including the ability to attach Runbooks and make updates; however, they cannot add other users to a private incident.
  • Details on how to add an ad hoc user

Granting user access to private incidents

To grant a user access to private incidents:

  1. From your list of users, assign privileges for to manage and create private incidents. You can set up users who can create and manage private incidents. (For an overview on adding users to your team, see this article.)
  2. After a user is added to the organization, owners can give them permission to create and manage private incidents.
  3. To give permission, select Organization > Users. From here, you can view access controls across all users.

Access control settings for users

  • Public: Users are only able to access incidents that are not flagged as private
  • Private: Users have permission to access both private and public incidents

To modify a user’s permissions, click that user’s name. Select the appropriate access control and save changes.

Declaring a private incident

In FireHydrant, only owners and permissioned users have the ability to declare a private incident.

From the FireHyrant web UI

  1. On the FireHydrant home page, click Declare an incident.
  2. Provide an incident name and select Restrict access to this incident.
  3. Fill in additional incident details as necessary. When you’re done, click Declare incident. In the FireHydrant UI, the incident will be displayed as a private (restricted) incident.


From Slack

Users with the designated permission in your Slack org have the ability to create a private incident from Slack. To do this, follow these steps:

  1. Run /fh new
  2. Provide an incident name and select Restrict access to this incident.


For an overview on declaring incidents, see this article.

Runbook setup for private incidents

  • To set up a private incident channel via a runbook step:
    • Go to Runbooks
    • Go to Slack → Select Create Incident Channel
    • Under the Create Incident Channel step, select Private as the Channel visibility
    • RECOMMENDATION: Configure runbook to be Manually attached so it doesn’t attach to non-private incidents.


Behavior on runbooks for private incidents

    • All users in an account have the ability to view and edit any runbook in the org. As a workaround, runbooks for private incidents _ must be manually attached. _
    • Because they are being manually attached, any rules about their attachment do not apply. However, conditions on individual steps still apply. For example, if someone has a runbook that only attaches for, say, SEV1 incidents, you can manually attach that to any incident. It will not matter what Severity it is.
    • However, if any runbook has a step with a condition of "Milestone is Acknowledged," that rule WILL apply.
    • For additional information, check out An introduction to Runbooks – FireHydrant

Managing private incidents

How can I add an ad hoc user or group to a private incident?

  1. During an active private incident, scroll to the Assign roles section.
  2. See how to assign roles for reference.
  3. If you select a user or group of users that do not have private access control, then you will see a message informing you that they will have access to this incident. You can continue with giving them access to that specific incident.


How can I un-assign a user?

  1. Go to the incident command center page for the incident
  2. Scroll to Assignees section. Select Unassign.
  3. If this user is in a private slack channel for an incident, they will need to leave or a Slack admin will need to remove them. In the FireHydrant UI, they will see a 404 for the incident.

What if a public incident becomes private?

You cannot "switch" an incident status from public to private. If a public incident needs to be redefined as private, you must create a new private incident containing the relevant incident details.

Known constraints

  • Slack mentions - if someone is mentioned and then added to a private incident channel, they could be added but still would not be able to see the incident details in the UI. We can't control that happening b/c that is a Slack capability outside of our control to manage.
  • Bot users - That implies that anybody who can create a Bot Token can, in effect, create an authorized user. Currently, bot tokens are taken to mean the same permissions as “Owner.” Moreover, they are only visible and available to be created by owners.
  • API automation - Pagination number results may not match the actual length of returned collections. Automation should rely on the returned collection for item counts in lieu of deepening on pagination totals. Pagination cursoring should continue to function as expected.

Note: This feature is in a beta phase! If you have feedback about this feature, please reach out to your Customer Success Manager or submit a ticket on our contact form.

e %}

Last updated on 3/28/2023