Role-Based Access Controls

FireHydrant offers several default user roles to help you restrict access to parts of the platform, enableing you to create a secure and scalable incident management process. Here, we'll walk through configuring roles and what each roles covers including what any Slack user can do in your workspace.

Configuring Roles

Any user with an "Owner" role can navigate to the User settings page in FireHydrant and update another users' role.

User Role Options
User Role Options

Additionally, you can update user roles using our SCIM API and your IDP (Okta, Active Directory, etc.). Learn more about provisioning users and roles by reading our SCIM documentation.

Who can declare an incident?

Because we believe in helping teams build a cultures with open Incident Management processes, any users within your Slack workspace can declare a new incident inside of Slack by running the command:

/fh new

Additionally, any user in Slack can join an incident channel to keep tabs on an open incident.

User Roles and Definitions

For any users who need to respond to incidents or generally access the FireHydrant platform, you will want to create a user account for them and assign them a role. In general, we offer four default roles to help you build an access control system that works for your needs. The roles are:

  • Viewer: Read-only access to incidents in the FireHydrant web app.
  • Collaborator: Basic incident response access but cannot update incident management settings or runbooks.
  • Member: Full access to update incident management processes in runbooks, settings, teams and more.
  • Owner: Full access to update all aspects of the platform such as users, integrations, API Keys.

Privileges for users who have accounts in FireHydrant are dictated by their user roles. Users have Owner, Member or Collaborator access. Think of Owners as administrators in your FireHydrant account and Members and Collaborators as collaborators or individual contributors.

Action Owner Member Collaborator Viewer
Declare Incidents βœ… βœ… βœ… βœ…
View Analytics βœ… βœ… βœ… βœ…
Respond to Incidents βœ… βœ… βœ…
↳ Run all Slack Commands βœ… βœ… βœ…
↳ Update Incident in UI βœ… βœ… βœ…
↳ Assigned Incident Roles βœ… βœ… βœ…
↳ Participate in Retro βœ… βœ… βœ…
Manage Incident Response βœ… βœ…
Manage Runbooks βœ… βœ…
Manage Service Catalog βœ… βœ…
Manage Teams βœ… βœ…
Manage Integrations βœ…
Manage API Keys βœ…
Manage Users βœ…
Manage Organization βœ…

Commonly-asked questions

  • Can a non-licensed user access the retrospective? A non-responding user can only access a retrospective after the PDF is published and exported. The options to access a retrospective before completion also requires being a FireHydrant user with at least Viewer permissions.

  • Can a Viewer or non-licensed user β€œstar” events to be included in the starred incident timeline? This option is only currently available for users with at least Collaborator level permissions.

  • Can a Viewer or non-licensed user’s chat messages on Slack still be recorded within the incident timeline? Yes. Any Slack users are still able to join the channel and have their messages recorded within the incident timeline.

  • Can a Viewer or non-licensed user be assigned action-items? No. You must be a user with at least Collaborator level permissions in order to be assigned an action item.

  • Can a non-licensed user view the status page? Yes. You do not need to be a licensed user on FireHydrant in order to view a status page. However, if you have an authenticated status page, a Viewer license will be required.

Last updated on 2/9/2024