Skip to main content

Overview

Groups allow you to organize users into logical collections and manage their access collectively. When you assign roles to a group, all members automatically inherit those permissions. This makes it easy to onboard new team members and ensure consistent access across your organization.

Team Organization

Group users by team, department, or function for easier management

Inherited Permissions

Members automatically receive all roles assigned to their groups

Why Use Groups?

When a new team member joins:Without Groups:
  1. Create user account
  2. Identify all needed roles
  3. Assign each role individually
  4. Hope you didn’t miss anything
With Groups:
  1. Create user account
  2. Add to appropriate group(s)
  3. Done — they inherit all necessary permissions

Viewing Groups

The Groups page shows all groups in your organization:
ColumnDescription
GroupGroup name and unique key identifier
DescriptionBrief explanation of the group’s purpose
MembersNumber of users in the group
RolesRoles assigned to this group
CreatedWhen the group was created
ActionsManage members, edit, or delete

Quick Actions

From the three-dot menu (⋮) on any group:
  • Manage Members — Add or remove users
  • Edit — Update group details and roles
  • Delete — Remove the group

Creating Groups

1

Open Create Dialog

Click the Create Group button in the top right corner
2

Define Group Identity

Enter the group details:
  • Group Key — Unique identifier (lowercase, e.g., engineering)
  • Group Name — Display name (e.g., “Engineering Team”)
  • Description — Explain the group’s purpose
3

Assign Roles

Select roles that all group members should have:
  • Use the search bar to filter roles
  • Check the boxes next to desired roles
  • Both system and custom roles are available
4

Save the Group

Click Create to save your new group
The Group Key cannot be changed after creation. Choose a meaningful, permanent identifier.

Managing Group Members

Viewing Members

To see who’s in a group:
  1. Find the group in the list
  2. Click the three-dot menu (⋮)
  3. Select Manage Members
The dialog shows two panels:
  • Left panel — Current members with option to remove
  • Right panel — Available users to add

Adding Members

1

Open Manage Members

Click the three-dot menu and select Manage Members
2

Search for Users

Use the search bar in the right panel to find users by name or email
3

Add Users

Click the + button next to each user you want to add
4

Verify Addition

The user moves to the left panel and immediately gains group permissions
Users already in the group won’t appear in the search results, preventing duplicate additions.

Removing Members

1

Open Manage Members

Click the three-dot menu and select Manage Members
2

Find the Member

Locate the user in the left panel (current members)
3

Remove User

Click the remove button next to their name
4

Confirm Removal

The user is removed and immediately loses group-inherited permissions
Removing someone from a group only revokes permissions inherited from that group. Any directly assigned roles remain intact.

Editing Groups

To modify an existing group:
1

Find the Group

Locate the group in the list
2

Open Edit Dialog

Click the three-dot menu (⋮) and select Edit
3

Make Changes

Update any of the following:
  • Group Name — Change the display name
  • Description — Update the purpose description
  • Assigned Roles — Add or remove roles
4

Save Changes

Click Save Changes to apply modifications
When you change a group’s roles, all members are affected immediately. Their permissions update in real-time.

Deleting Groups

1

Consider the Impact

Deleting a group removes all members’ inherited permissions from this group
2

Open Delete Dialog

Click the three-dot menu (⋮) and select Delete
3

Confirm Deletion

Read the warning and click Delete to confirm
Deleting a group cannot be undone. All members will lose the permissions they inherited from this group.

How Group Permissions Work

Permission Inheritance

When a user is added to a group, they automatically inherit all roles assigned to that group. 
User joins "Engineering Team" group

Group has roles: "Incident Editor", "Schedule Viewer"

User receives: incident:read, incident:write, schedule:read

Multiple Group Membership

Users can belong to multiple groups. Their effective permissions are the union of:
  • Directly assigned roles
  • All roles from all groups they belong to
User: AlexDirect Roles:
  • None
Group Memberships:
  • Engineering Team → Incident Editor
  • On-Call Responders → Incident Admin, Schedule Editor
Effective Permissions:
  • All Incident Editor permissions ✓
  • All Incident Admin permissions ✓
  • All Schedule Editor permissions ✓
Alex has the combined permissions of both groups.

Permission Resolution

Permissions are additive — you can only gain more access through groups, never less.
ScenarioResult
User has role A, group adds role BUser has A + B
User is in two groups with same roleNo change (role counted once)
User removed from groupLoses only that group’s roles

Common Use Cases

Create groups for each team in your organization:
  • Engineering — Incident Editor, Integration Viewer
  • Support — Incident Viewer, User Viewer
  • Management — Full Viewer access
  • DevOps — Incident Admin, Schedule Admin
New hires just need to be added to their team’s group.
Create an “On-Call” group with elevated incident permissions:
  • Add whoever is currently on-call
  • Remove them when their rotation ends
  • Permissions automatically adjust
Create temporary groups for project work:
  • Project Alpha Team — Specific permissions for the project
  • Add cross-functional team members
  • Delete the group when the project ends
Create a limited-access group for contractors:
  • Contractors — Read-only access to specific areas
  • Easy to audit who has external access
  • Quickly revoke all contractor access if needed

Best Practices

Use clear, descriptive names that indicate the group’s purpose:Good: “Engineering Team”, “On-Call Responders”, “Support Tier 1”Avoid: “Group 1”, “Admins”, “Users”
Use the description field to explain:
  • What the group is for
  • What permissions members get
  • Who should be added
Assign roles to groups rather than individual users when possible. This makes access management much easier as your team grows.
Each group should have a clear purpose. If a group needs very different permissions for different members, consider splitting it into multiple groups.
Periodically audit group membership:
  • Remove people who’ve left or changed roles
  • Verify new team members are in the right groups
  • Check for users in groups they shouldn’t be in
The group key is permanent, so choose wisely:
  • Use lowercase letters and underscores
  • Make it descriptive but concise
  • Examples: engineering, support_tier_1, on_call

Groups vs. Direct Role Assignment

FactorGroupsDirect Roles
Best forTeams, consistent accessIndividual exceptions
OnboardingAdd to group(s)Assign each role
OffboardingRemove from group(s)Remove each role
ChangesUpdate once, affects allUpdate each user
AuditingEasy to see who’s in what teamMust check each user
FlexibilitySame permissions for all membersIndividual customization
Use groups for standard team access and direct roles for individual exceptions or elevated permissions.

Troubleshooting

  1. Verify the user is in the correct group(s)
  2. Check that the group has the expected roles assigned
  3. Confirm the roles include the needed permissions
  4. Ensure the user’s account is active
  1. Verify the user exists in your organization
  2. Check if they’re already in the group (they won’t appear in search)
  3. Ensure you have permission to manage groups
  1. Check if they have the same role assigned directly
  2. Check if they’re in another group with the same role
  3. Ask them to log out and back in to refresh their session
Members may need to refresh their session. Changes are immediate but cached sessions may show old permissions until refreshed.