Roles & Permissions (RBAC)
PingSLA uses role-based access control (RBAC) to restrict what workspace members can do.
Roles
| Role | Who it's for |
|---|---|
| Owner | Workspace creator. Full control including billing. |
| Admin | Trusted team leads. Full control except billing and workspace deletion. |
| Editor | Engineers. Can create and manage monitors, policies, and status pages. |
| Viewer | Stakeholders. Read-only access to dashboards and incident history. |
Permission Matrix
| Action | Owner | Admin | Editor | Viewer |
|---|---|---|---|---|
| View monitors & incidents | ✅ | ✅ | ✅ | ✅ |
| Create / edit / delete monitors | ✅ | ✅ | ✅ | ❌ |
| Create / edit alert policies | ✅ | ✅ | ✅ | ❌ |
| Create / edit status pages | ✅ | ✅ | ✅ | ❌ |
| Acknowledge incidents | ✅ | ✅ | ✅ | ❌ |
| Manage notification channels | ✅ | ✅ | ✅ | ❌ |
| Manage API keys | ✅ | ✅ | ❌ | ❌ |
| Invite / remove team members | ✅ | ✅ | ❌ | ❌ |
| Change member roles | ✅ | ✅ | ❌ | ❌ |
| View billing | ✅ | ✅ | ❌ | ❌ |
| Manage billing / upgrade plan | ✅ | ❌ | ❌ | ❌ |
| Transfer workspace ownership | ✅ | ❌ | ❌ | ❌ |
| Delete workspace | ✅ | ❌ | ❌ | ❌ |
Assigning Roles
Roles are set at invite time or can be changed at any time:
- Go to Settings → Team
- Click the role badge next to a member
- Select new role
- Confirm
Role changes take effect immediately.
API Key Permissions
API keys inherit the permissions of the workspace but are not scoped to a specific role. Any member with API key access has Editor-equivalent API access unless restricted by plan-specific key scoping (Enterprise).
tip
For CI/CD pipelines and integrations, create a dedicated API key and document which system it belongs to. This makes auditing and key rotation straightforward.
Enterprise Role Customization
On the Enterprise plan, you can define custom roles with granular permissions per resource type. Contact your account manager for access.