Link

Role Based Access Control

Role Based Access Control is a feature set available for enterprise users providing fine-grained access management of Zenduty. Zenduty RBAC allows you segregate duties and access within your team and grant only the permissions to users that they need to perform their responsbilities. If RBAC is not enabled, Zenduty’s default role structure follows with the pre-defined roles of Owner, Admin, Team Manager and User.

What can I do with RBAC?

  • Create custom account roles with specific permissions and assign it to groups of users with similar responsibilities and use cases. For eg: customized roles for Engineering Managers could have view permissions for all teams, allowing for visibility into the entire organization.
  • Change a team’s settings to grant all users certain specific permissions. For eg: the Database team’s incidents can be configured to be viewable by all dependant users allowing them to correlate Database issues with other incidents.
  • Enable incident responders to pull in other associated team’s on-call users, allowing for more effective collaborative triaging and a decrease in fire-fighting friction.

An organisation can implement RBAC via 2 mediums:

  • Team Level Permissions i.e. making some data associated to a team to be visible to non-team members across your Zenduty account
  • Account Level Permissions i.e. making custom roles and assigning to users granting them certain chosen permissions only

Team Level Permissions

By default, only the members of a team can view the incidents, escalation policies, schedules, services and other associated information. However, enterprise users have the ability to tinker with the privacy permissions of a team and make some or all data attached to the team visible to all non-team members of your Zenduty account. This allows for the operational status of teams that are centerpieces of an organisation’s engineering structure be accessible to all dependant members.

The final permission set of a user is a union of their account level permissions and a particular team’s permissions, implying that even if a user with a custom role is denied permission to view incidents in general, they’ll be able to access incidents of a particular team that has configured their incidents to be visible to all members in their team level permissions.

Modifying Team Level Permissions

Only the Account Owner, Account Admins and Team Manager can modify team level permissions.

1) Click on the team whose permissions you’d like to edit from the ‘Teams’ section, navigate to the ‘Settings’ tab on the very bottom.

2) Switch the Access Level setting from ‘Private’ to ‘Restricted’.

3) Select the restricted permissions that you’d like to provide to non-team members and click on ‘Update’.

List of Team Level Permissions

Note: Selecting some permissions would automatically select others that the chosen permission requires.

PermissionEffect
View AnalyticsAllows all account members to view team’s analytics and download reports
View IncidentsAllows all account members to view incidents generated in a team
View IntegrationsAllows all account members to view the integrations created within a team’s services
View PostmortemsAllows all account members to view the postmortems created within a team
View SchedulesAllows all account members to view the schedules created within a team
View Stakeholder TemplateAllows all account members to view stakeholder templates created within a team
View TeamsAllows all account members to view the team and its members
Attach Escalation PoliciesAllows all account members to use a team’s escalation policies in their incidents
Edit IncidentsAllows all account members to acknowledge, resolve and edit all parameters of an incident generated in a team
View Team MaintenanceAllows all account members to view a team’s maintenance windows
View PrioritiesAllows all account members to view the priority levels created within a team
View ServicesAllows all account members to view the services belonging to a team
View Team TagsAllows all account members to view the tags created within a team
View Escalation PoliciesAllows all account members to view the escalation policies in place within a team
View Incident RolesAllows all account members to view the incident roles created within a team
View MembersAllows all account members to view the members of a team
Attach SchedulesAllows all account members to add a team’s scheduled on-call responder to their incidents
View SLAsAllows all account members to view the SLA policies created within a team
View Task TemplatesAllows all account members to view the task templates created within a team

Account Level Permissions

Enterprise users can create custom roles and assign to users to grant them specific access to Zenduty resources. This allows organisations to grant special privileges to certain power users and owners, thus lowering dependencies on other responders in dire situations and smoothening the incident resolution process.

Modifying Account Level Permissions

Only the Account Owner and Account Admins can create custom roles and assign them to users.

1) Click on your profile bubble on the top-right corner and then on ‘Account’.

2) Navigate to the ‘Custom Roles’ section, and click on the ‘Add New Role’ button.

3) Fill in the Name and Description fields, select the permissions as desired. For eg: we create a custom role for Engineering Managers that can view all teams and associated data. Click on ‘Create’. 4) Now go to the ‘Users’ tab from the sidebar on the left.

5) Find the user you want to assign the newly created role and simply select the role from the dropdown menu.

List of Account Level Permissions

Note: Selecting some permissions would automatically select others that the chosen permission requires.

PermissionEffect
View AnalyticsAllows the member to view the analytics and reports of all teams
View IncidentsAllows the member to view incidents of all teams
Edit IncidentsAllows the member to acknowledge, resolve and edit all incidents created within all teams
View Incident RolesAllows the member to view the incident roles created within all teams
Edit Incident RolesAllows the member to edit incident roles created within all teams
View Team MaintenanceAllows the member to view the maintenance windows of all teams
Edit Team MaintenanceAllows the member to edit the maintenance windows of all teams
View MembersAllows the member to view the members belonging to all teams
Edit MembersAllows the member to edit the members belonging to all teams
View TeamsAllows the member to view all teams created under the account
View PrioritiesAllows the member to view the priority levels created within all teams
Edit PrioritiesAllows the member to edit the priority levels created within all teams
View SchedulesAllows the member to view the on-call schedules created within all teams
Edit SchedulesAllows the member to edit the on-call schedules created within all teams
View SLAsAllows the member to view the SLA policies created within all teams
Edit SLAsAllows the member to edit the SLA policies created within all teams
View Stakeholder TemplateAllows the member to view the Stakeholder Templates created within all teams
Edit Stakeholder TemplateAllows the member to edit the Stakeholder Templates created within all teams
View Task TemplateAllows the member to view the task templates created within all teams
Edit Task TemplatesAllows the member to edit the task templates created within all teams
View Escalation PoliciesAllows the member to view the escalation policies created within all teams
Edit Escalation PoliciesAllows the member to edit the escalation policies created within all teams
View IntegrationsAllows the member to view the integrations created within all team’s services
Edit IntegrationsAllows the member to edit the integrations associated within services for all teams
View PostmortemsAllows the member to view the postmortems created within all teams
Edit PostmortemsAllows the member to edit the postmortems created within all teams
View ServicesAllows the member to view the services associated with all teams
Edit ServicesAllows the member to edit the services associated with all teams
View Team TagsAllows the member to view the tags created within all teams
Edit Team TagsAllows the member to edit the tags created within all teams

Copyright Zenduty 2020. Product of YellowAnt