User Roles
The permissions of users in Opsgenie are defined by User Roles. In other words, what a user can or cannot do in Opsgenie is decided according to the role of the user.
Default User Roles
Opsgenie provides 5 default roles that can be assigned to users:
- Owner
- Admin
- Default User
- Stakeholder
- Observer
Observer role is only available for old plan customers who subscribed to Opsgenie before November 2, 2018.
The limit to the number of owners, admins and default users is defined according to the subscription plan and these roles are available to all accounts. On the other hand, stakeholder role is available only if the account is granted with Service-Aware Incident Management Overview and observer role is available only if the account is granted with Mass Notification.
| User Right | Owner | Admin | Default User | Stakeholder | Observer |
|---|---|---|---|---|---|
| Manage Subscription | ✔ | ||||
| Manage Roles | ✔ | ✔ | |||
| Manage All Users(1) | ✔ | ✔ | |||
| Access/Create/Edit/Delete All Configurations(2) | ✔ | ✔ | |||
| Display All On-Call Users | ✔ | ✔ | |||
| Access All Alerts | ✔ | ✔ | |||
| Delete Alerts | ✔ | ✔ | |||
| Manage Account Settings(3) | ✔ | ✔ | |||
| Access Reporting | ✔ | ✔ | |||
| Access Account Logs | ✔ | ✔ | |||
| Create Alerts | ✔ | ✔ | ✔ | ||
| Perform Alert Actions | ✔ | ✔ | ✔ | ||
| Manage Own Notification Rules | ✔ | ✔ | ✔ | ||
| Manage Own Quiet Hours and Mute | ✔ | ✔ | ✔ | ||
| Receive Alert Notifications | ✔ | ✔ | ✔ | ||
| Update Service Status Page Entries | ✔ | ✔ | ✔ | ||
| View Service Status Pages | ✔ | ✔ | ✔ | ✔ | ✔ |
| Receive Stakeholder Notifications | ✔ | ✔ | ✔ | ✔ | |
| Receive Mass Notifications | ✔ | ✔ | ✔ | ✔ | ✔ |
| Manage Own Profile Settings | ✔ | ✔ | ✔ | ✔ | ✔ |
| Manage Own Contacts | ✔ | ✔ | ✔ | ✔ | ✔ |
(1) Including notification preferences, contacts, quiet hours and mute state
(2) Teams, Escalation, Schedules, Integrations, Policies, Maintenance, Heartbeats, Central Notification Templates
(3) Account Time Zone, Account Locale, Security Settings, Single Sign-On
Owner
Owners are the users that have the account ownership. Each account should have at least 1 owner and can have multiple owners. Owners are able to manage the account subscription settings and billing. Furthermore, Opsgenie sends subscription and payment related update e-mails to account owners.
Opsgenie assigns account ownership to the user that signs up for an Opsgenie account automatically. After then, only owners can manage assigning the owner role.
Admin
Admins are able to manage any kind of account setting, configuration, and users (except owners). However, admins can not manage account subscription settings. There is no limit to the number of admins that an account can have.
Default User
Default users can only access the configurations that they're part of, and they can only access the alerts that they're granted with visibility. In other words, default users can manage the settings that will only affect themselves.
Stakeholder
Stakeholders are only able to manage their own profile settings and contacts, and view the Service Status Pages. Stakeholders can be considered as read-only users and they can only receive stakeholder notifications for the incidents, and notifications for the mass notification events if the Mass Notification feature is enabled. Because they can't receive alert notifications, a stakeholder user cannot be a part of a team, an escalation or a schedule.
Observer
Observer role is only available for old plan customers who subscribed to Opsgenie before November 2, 2018.
Observers are only able to manage their own profile settings and contacts. Observers can be considered as read-only users and they can receive notifications only for the mass notification events. Because they can't receive alert notifications, an observer user can not be a part of a team, an escalation or a schedule. To learn more about the pricing and the limitations of observers, please contact us.
Custom User Roles
You can customize the capabilities of the users in Opsgenie by granting or disgranting the user rights of your choice using Custom User Roles. Please note: that custom user roles are only available for Enterprise Plan.
The following table shows the user rights that can be customized via custom roles:
| User Right | Description |
|---|---|
| Read Only Admin Right | Read-only access to all configurations and settings that an Admin can access. |
| Edit Configuration | Ability to access and edit all configurations and settings that Admins are capable of (except maintenance and managing roles). |
| Delete Configuration | Ability to delete all configurations and settings (except custom user roles and maintenance). |
| Access to Logs Page | Ability to access account logs via Logs Page. |
| Access to Reports | Ability to access Reports page. |
| Access to Service Status Page | Ability to access Service Status Pages (if Service-Aware Incident Management is available). |
| Create Incident | Ability to create a new incident (if Service-Aware Incident Management is available). |
| Create Mass Notification | Ability to create a new mass notification (if Mass Notification is available). |
| Edit Contacts | Ability to add, edit and delete own contacts. |
| Edit Custom Profile Details and Tags | Ability to edit profile tags and custom properties. |
| Edit Notification Rules | Ability to add, edit and delete own notification rules. |
| Edit Profile | Ability to edit own time zone, locale, username, etc. |
| Edit Quiet Hours | Ability to edit quiet hours settings. |
| Manage Billing | Ability to manage subscription settings of the account. |
| See All Alerts | Ability to see all alerts, even if the user were not notified or granted with visibility. |
| Update Maintenance | Ability to update the already created/planned Maintenance Policies |
| Who Is On-Call - Show All | Ability to display on-call users of all schedules, even if the user is not a part of them. |
| Create Alert | Ability to create a new alert. |
| Acknowledge Alert | Ability to acknowledge an alert that is visible to the user. |
| Close Alert | Ability to close an alert that is visible to the user. |
| Add Note to Alert | Ability to add note to an alert that is visible to the user. |
| Delete Alert | Ability to delete an alert that is visible to the user. |
| Attach to Alert | Ability to add a file as an attachment to an alert that is visible to the user. |
| Delete Attachment from Alert | Ability to delete an attachment from an alert that is visible to the user. |
| UnAcknowledge Alert | Ability to unacknowledge an alert that is visible to the user. |
| Snooze | Ability to snooze an alert that is visible to the user. |
| Escalate to Next | Ability to escalate an alert that is visible to the user to next level. |
| Take Ownership | Ability to take ownership of an alert that is visible to the user. |
| Assign | Ability to assign an alert that is visible to the user to another user. |
| Add Recipient | Ability to add a new recipient to an alert that is visible to the user. |
| Add Team | Ability to add a new team to an alert that is visible to the user. |
| Edit Tags | Ability to add a new tag to or to remove an existing tag from an alert that is visible to the user. |
| Edit Details | Ability to add a new detail to or remove an existing detail from an alert that is visible to the user. |
| Execute Custom Actions | Ability to execute custom actions on an alert that is visible to the user. |
| Acknowledge All | Ability to execute Acknowledge All action on the alerts that are visible to the user. |
| Close All | Ability to execute Close All action on the alerts that are visible to the user. |
| Add Stakeholder | Ability to add stakeholders when creating an incident (if Service-Aware Incident Management is available). |
| Add Responder | Ability to add responders when creating an incident (if IService-Aware Incident Management is available) |
| Resolve | Ability to resolve an incident that is visible to the user (if Service-Aware Incident Management is available). |
| Reopen | Ability to reopen an incident that is visible to the user (if Service-Aware Incident Management is available). |
Creating New Custom User Roles
When you switch to the Roles segment in the Users page, existing custom roles will be listed. To create a new custom role:
- Click the Add Role button in the top middle of the page.
- If Stakeholder and/or Observer roles are available to your account, select a default role as the base role to extend. If not, the base role will automatically be assigned as Default User role.
- Write a name for the custom role into the Role name field.
- Tick the user rights that you want to grant the users with this role, and un-tick the user rights that you want to prevent the users with this role.
- Click the Add button to save the custom role.
If you select Stakeholder role as the base role, only Access to Service Status Page, Edit Contacts and Edit Profile user rights will be available to customize.
If you select Observer role as the base role, only Edit Contacts and Edit Profile user rights will be available to customize.
Editing or Deleting User Roles
When you mouse-over an existing custom role in the list, Delete and Edit actions will be available.
Team Specific Roles
In addition to the user roles that are applied all across the account, there are also team specific roles that are applied only across the team that the user is assigned for. Team specific roles can grant a user with additional team-related user rights. There are two team specific roles:
- Team Admin
- Team Member
| Team Related Right | Team Admin | Team Member |
|---|---|---|
| Add / Remove Team Members | ✔ | |
| Access and Manage All Team Members' Profiles | ✔ | |
| Create/Edit/Delete Routing Rules of the Team | ✔ | |
| Create/Edit/Delete Escalations for the Team | ✔ | |
| Create/Edit/Delete Schedules for the Team | ✔ | |
| Create/Edit/Delete Integrations for the Team | ✔ | |
| Access Team's Dashboard | ✔ | ✔ |
| Access Escalations, Schedules and Integrations of the Team | ✔ | ✔ |
| Access All Alerts of the Team | ✔ | ✔ |
When a team admin without global Edit Configuration user right creates a new escalation, schedule or integration, created configuration will automatically be assigned to the team that the user is admin for. You can refer to the Teams and Team Segmentation for further information about the teams and their configurations.
Updated about 5 years ago