Skip to main content

Overview

Roles are the foundation of access control in EasyAlert. Each role contains a set of permissions that determine what actions users can perform. You can use built-in system roles or create custom roles tailored to your organization’s needs.

System Roles

Pre-defined roles with standard permission sets that cannot be modified

Custom Roles

Create your own roles with specific permission combinations

Understanding Roles

Role Types

System roles are pre-configured by EasyAlert and provide standard access patterns.Characteristics:
  • Cannot be modified or deleted
  • Always available in every organization
  • Marked with a “System” badge
  • Cover common use cases
Available System Roles:
RoleDescription
AdministratorFull access to all features and settings
Incident AdminFull control over incidents including deletion
Incident EditorCreate, update, and manage incidents
Incident ViewerRead-only access to incidents
IAM AdminManage users, roles, and groups
IAM EditorAdd and modify users and groups
IAM ViewerView users, roles, and group information

Role Scope

Tenant Scope

Permissions apply within your organization only. Most roles use this scope.

Platform Scope

Platform-wide permissions for EasyAlert administrators. Rarely used.

Viewing Roles

The Roles page displays all available roles with key information:
ColumnDescription
RoleRole name and unique key identifier
DescriptionBrief explanation of the role’s purpose
ScopeWhether the role is tenant or platform scoped
TypeSystem (locked) or Custom (editable)
ActionsView permissions, edit, or delete

Viewing Role Permissions

To see what permissions a role grants:
  1. Find the role in the list
  2. Click the three-dot menu (⋮)
  3. Select View Permissions
The dialog shows all permissions organized by category, making it easy to understand what access the role provides.
Wildcard permissions (like incidents:*:*) are highlighted with an amber indicator, showing they grant broad access to an entire category.

Creating Custom Roles

1

Open Create Dialog

Click the Create Role button in the top right corner
2

Define Role Identity

Enter the role details: - Role Key — Unique identifier (lowercase, underscores allowed, e.g., support_lead) - Role Name — Display name (e.g., “Support Team Lead”) - Description — Explain the role’s purpose
3

Select Permissions

Choose the permissions this role should have: - Use the search bar to filter permissions - Permissions are grouped by category - Check the boxes next to desired permissions - The badge shows how many permissions are selected
4

Save the Role

Click Create to save your new role
The Role Key cannot be changed after creation. Choose a meaningful, permanent identifier.

Understanding Permissions

Permissions control specific actions within the platform. They follow a structured format: 
service:resource:action

Permission Categories

Control access to incident management features.
PermissionDescription
incident:readView incidents and their details
incident:writeCreate and update incidents
incident:deleteDelete incidents
incident:acknowledgeAcknowledge incident alerts
incident:resolveMark incidents as resolved
Control access to user and access management.
PermissionDescription
user:readView user information
user:writeAdd and edit users
user:deleteRemove users
role:readView roles and permissions
role:writeCreate and edit custom roles
role:deleteDelete custom roles
group:readView groups and members
group:writeManage groups and membership
group:deleteDelete groups
Control access to scheduling features.
PermissionDescription
schedule:readView on-call schedules
schedule:writeCreate and modify schedules
schedule:deleteDelete schedules
Control access to third-party integrations.
PermissionDescription
integration:readView configured integrations
integration:writeAdd and configure integrations
integration:deleteRemove integrations

Wildcard Permissions

Wildcards allow granting broad access without selecting individual permissions:
PatternMeaning
incident:*All incident permissions
*:readRead access to everything
*:*Full access to everything
Use wildcards carefully. They grant extensive access and should only be assigned to trusted roles.

Editing Custom Roles

To modify an existing custom role:
1

Find the Role

Locate the custom role in the list (look for the “Custom” badge)
2

Open Edit Dialog

Click the three-dot menu (⋮) and select Edit
3

Make Changes

Update the role name, description, or permissions as needed
4

Save Changes

Click Save Changes to apply your modifications
System roles cannot be edited. If you need different permissions, create a custom role instead.

Deleting Custom Roles

Before deleting a role, ensure no users or groups are using it.
1

Check Usage

Review which users and groups have this role assigned
2

Remove Assignments

Reassign users and groups to different roles if needed
3

Delete the Role

Click the three-dot menu (⋮) and select Delete
4

Confirm Deletion

Click Delete in the confirmation dialog
If the role is still assigned to users or groups, you’ll see an error message listing the assignments that need to be removed first.

Assigning Roles

Roles can be assigned in two ways:

Direct Assignment

Assign roles directly to individual users:
  1. Go to SettingsUsers
  2. Edit the user’s profile
  3. Select the roles in the Roles section
  4. Save changes

Group Assignment

Assign roles to groups for bulk access control:
  1. Go to SettingsGroups
  2. Edit the group or create a new one
  3. Select the roles to assign
  4. All group members automatically inherit these roles
Group-based role assignment is recommended for teams. When someone joins the group, they automatically get the right permissions.

How Permissions Work Together

When a user has multiple roles (directly or through groups), their effective permissions are the union of all role permissions.
User: SarahDirect Roles:
  • Incident Viewer (incident:read)
Group Membership:
  • Engineering Team → Incident Editor (incident:read, incident:write)
Effective Permissions:
  • incident:read
  • incident:write
Sarah can both view AND edit incidents because her permissions combine.

Best Practices

Give users only the permissions they need. Start with minimal access and add permissions as required rather than starting with full access and restricting.
Instead of assigning roles to each user individually, create groups for teams and assign roles to the group. This makes onboarding and offboarding much easier.
Use descriptive names that indicate the role’s purpose, like “Support Team Lead” rather than “Role 1”. Include the team or function in the name.
Use the description field to explain why the role was created and what it’s intended for. This helps future administrators understand the access model.
Audit your custom roles regularly. Remove unused roles and verify that permission assignments still match your organization’s needs.
Wildcard permissions are convenient but can grant more access than intended. Use specific permissions when possible.

Troubleshooting

  1. Check if the user has the correct role assigned 2. Verify the role includes the necessary permission 3. Check if the user is in a group with the role 4. Ensure the user’s account is active
System roles cannot be modified. Look for the “System” badge next to the role. If you need different permissions, create a new custom role.
The role is still assigned to users or groups. Remove all assignments first, then try deleting again. The error message will list which users/groups need to be updated.
Users may need to refresh their session. Ask them to log out and back in to pick up the new permissions.