Skip to main content

Roles & Permissions (RBAC)

PingSLA uses role-based access control (RBAC) to restrict what workspace members can do.

Roles

RoleWho it's for
OwnerWorkspace creator. Full control including billing.
AdminTrusted team leads. Full control except billing and workspace deletion.
EditorEngineers. Can create and manage monitors, policies, and status pages.
ViewerStakeholders. Read-only access to dashboards and incident history.

Permission Matrix

ActionOwnerAdminEditorViewer
View monitors & incidents
Create / edit / delete monitors
Create / edit alert policies
Create / edit status pages
Acknowledge incidents
Manage notification channels
Manage API keys
Invite / remove team members
Change member roles
View billing
Manage billing / upgrade plan
Transfer workspace ownership
Delete workspace

Assigning Roles

Roles are set at invite time or can be changed at any time:

  1. Go to Settings → Team
  2. Click the role badge next to a member
  3. Select new role
  4. Confirm

Role changes take effect immediately.

API Key Permissions

API keys inherit the permissions of the workspace but are not scoped to a specific role. Any member with API key access has Editor-equivalent API access unless restricted by plan-specific key scoping (Enterprise).

tip

For CI/CD pipelines and integrations, create a dedicated API key and document which system it belongs to. This makes auditing and key rotation straightforward.

Enterprise Role Customization

On the Enterprise plan, you can define custom roles with granular permissions per resource type. Contact your account manager for access.