K
Project setup Roles and permissions Invite teammates Notification channels Login methods MCP Integration
Docs homeRoles and permissions

Roles & permissions

Updated April 15, 2026

Control who can do what across your Hyperping account and projects. Five roles give you fine-grained control, with every resource scoped inside a project, and team members only seeing the projects they belong to.

📘Useful when
  • You're onboarding new team members and need to explain what they can and can't do.
  • You need to decide how to structure projects for different teams or clients.
  • You're preparing for a security or compliance review.

At a glance

Model
Role-based access control
Roles
4 tiers: Owner, Admin, Member, Billing
Scope
Project-level isolation
Default
Member

The four roles

One Owner per account. All other team members are assigned one of three roles: Admin, Member, or Billing.

OwnerUnrestricted
The Owner has full access to the entire account. Exactly one Owner per account.
  • View and manage every project, including those created by teammates
  • Invite and remove teammates from any project
  • Transfer ownership to another teammate
  • Manage billing, subscription, and payment details
  • Configure SSO policies and authentication settings
  • Access audit logs and delete on-call schedules
Typical person: founder, account holder, or whoever set up Hyperping. If ownership is transferred, the previous Owner becomes a regular Member.
AdminManages people + config
Same capabilities as the Owner except billing and ownership transfer.
  • Invite and remove teammates
  • Create, edit, and delete monitors
  • Manage status pages and publish incidents
  • Create, update, and delete on-call schedules
  • Configure escalation policies and integrations
  • View all reporting data and outage history
Typical person: team lead or manager responsible for keeping the monitoring setup healthy.
MemberDefault role
Can manage monitors and respond to incidents within their assigned project.
  • Create, edit, and delete monitors
  • Create and update on-call schedules
  • Acknowledge, resolve, and escalate outages
  • Update outage severity, descriptions, and summaries
  • Bulk-edit monitors
  • View all reporting data and outage history
Typical person: engineer who sets up monitors and handles incidents. Cannot invite teammates, delete on-call schedules, or access billing.
BillingRead + billing
Read-only access to project data plus the ability to manage subscription and payment details.
  • Access billing, subscription, and payment settings
  • View monitors, reports, outage history, and schedules
Typical person: finance or operations contact who handles invoices and plan changes.

Permission matrix

Quick reference for every capability. means allowed, means blocked.

ActionOwnerAdminMemberBilling
View monitors, reports, and outages
View on-call schedules
View teammates list
Create, edit, and delete monitors
Bulk-edit monitors
Create and update on-call schedules
Delete on-call schedules
Create outages
Acknowledge and resolve outages
Escalate outages
Update outage severity and details
Write postmortems and AI summaries
Delete outages
Invite and remove teammates
Transfer account ownership
Manage billing and subscription
Configure SSO and authentication

Project isolation

Projects act as boundaries. A teammate invited to Project A cannot see monitors, status pages, or integrations in Project B. Only the Owner sees every project.

Project A
acme.com
Production monitors, public status page, on-call rotation.
J Jane Owner
M Marcus Admin
P Priya Member
Project B
staging.acme.com
Priya cannot see this project. Jane, as Owner, can.
J Jane Owner
S Sasha Member
R Ren Admin

Common ways to split work across projects:

  • Clients. Each client gets their own project.
  • Internal teams. Engineering, infrastructure, support.
  • Environments. Production vs staging.

If you use SAML SSO, you can also restrict SSO users to specific projects through the SSO access scope setting. See login methods for the full flow.

Pick a role

Common mappings from job title to recommended role:

CTO or team lead
Manages the team and configuration
Admin
Engineer
Sets up monitors and responds to incidents
Member
Finance or operations
Handles invoices and plan changes
Billing

Account security

Auth
Two-factor authentication

Add a second verification step to login. Once enabled, you need your password plus a code from your authenticator app.

Enable it in your account settings. Available to all users on every plan.

Traceability
Audit logs

Every change is recorded: who did what, when, and in which project.

Useful for tracking config changes, reviewing teammate activity after an incident, and providing evidence for compliance audits.

Storage
Data protection

Encrypted at rest with LUKS, in transit with SSL/HTTPS.

All data stored in the EU (DigitalOcean Frankfurt). GDPR-compliant with self-serve data deletion.

Troubleshooting

A teammate says they can't see a project.
Team members only see projects they were invited to. Check the Teammates page while inside the correct project to verify they were invited there.
A teammate needs to manage billing.
Assign them the Billing role, or let the Owner handle it directly. Change roles on the Teammates page.
An SSO user can't log in.
Check the provisioning policy in your SSO settings. If it's set to "Invite-only," the user needs to be invited before SSO login will work. See login methods for details.

Next steps

Invite
Invite teammates
Add people to your project and assign them a role.
SSO
Login methods
SAML SSO, Google, email. Scope SSO users to specific projects.
Structure
Project setup
How to organize your workspace into projects before inviting the team.
Alerts
Notification channels
Configure how roles get notified during incidents.
← Project setupInvite teammates →

Hyperping for free
Try Hyperping for free
Get real-time uptime monitoring, instant alerts, and beautiful status pages