Roles and permissions
Control who can do what across your Hyperping account and projects.
Hyperping uses role-based access control (RBAC) with five roles to give you fine-grained control over what each team member can do. Every resource in Hyperping lives inside a project, and team members only see the projects they belong to.
This page is useful when:
- You're onboarding new team members and need to explain what they can and can't do
- You need to decide how to structure projects for different teams or clients
- You're preparing for a security or compliance review
Roles
There is one Owner per account. All other team members can be assigned one of four roles: Admin, Member, Billing, or Viewer.
Owner
The Owner has unrestricted access to the entire account. This includes:
- Viewing and managing all projects, including those created by teammates
- Inviting and removing teammates from any project
- Transferring ownership to another teammate
- Managing billing, subscription, and payment details
- Configuring SSO policies and authentication settings
- Accessing audit logs
- Deleting on-call schedules
The Owner is the only role that can transfer account ownership. If the Owner transfers ownership, they become a regular Member.
Admin
Admins have the same capabilities as the Owner except they cannot transfer ownership. Admins can:
- Invite and remove teammates
- Create, edit, and delete monitors
- Manage status pages and publish incidents
- Create, update, and delete on-call schedules
- Configure escalation policies and integrations
- View all reporting data and outage history
Use the Admin role for team leads or managers who need to manage people and configuration but don't need billing access or ownership transfer.
Member
Members can manage monitors and respond to incidents within their assigned project. Members can:
- Create, edit, and delete monitors
- Create and update on-call schedules
- Create, acknowledge, resolve, and escalate outages
- Update outage severity, descriptions, and summaries
- Bulk-edit monitors
- View all reporting data and outage history
Members cannot invite or remove teammates, delete on-call schedules, or access billing. This is the default role for new invites.
Viewer
Viewers have read-only access to everything within their assigned project:
- View monitors, response time data, and SSL certificates
- View outage history and timelines
- View on-call schedules
- View all reporting data and exports
- View the teammates list
Viewers cannot make any changes. Use this role for stakeholders, executives, or external partners who need visibility without edit access.
Billing
The Billing role provides read-only access to project data plus the ability to manage the account's subscription and payment details. The Billing role can:
- Access billing, subscription, and payment settings
- View monitors, reports, outage history, and schedules
The Billing role cannot create or modify monitors, respond to outages, or manage teammates. Use this role for finance or operations staff who need to handle invoices and plan changes.
Permission comparison
| Action | Owner | Admin | Member | Viewer | Billing |
|---|---|---|---|---|---|
| View monitors, reports, and outages | Yes | Yes | Yes | Yes | Yes |
| View on-call schedules | Yes | Yes | Yes | Yes | Yes |
| View teammates list | Yes | Yes | Yes | Yes | Yes |
| Create, edit, and delete monitors | Yes | Yes | Yes | No | No |
| Bulk-edit monitors | Yes | Yes | Yes | No | No |
| Create and update on-call schedules | Yes | Yes | Yes | No | No |
| Delete on-call schedules | Yes | Yes | No | No | No |
| Create outages | Yes | Yes | Yes | No | No |
| Acknowledge and resolve outages | Yes | Yes | Yes | No | No |
| Escalate outages | Yes | Yes | Yes | No | No |
| Update outage severity and details | Yes | Yes | Yes | No | No |
| Write postmortems and AI summaries | Yes | Yes | Yes | No | No |
| Delete outages | Yes | Yes | Yes | No | No |
| Invite and remove teammates | Yes | Yes | No | No | No |
| Transfer account ownership | Yes | No | No | No | No |
| Manage billing and subscription | Yes | No | No | No | Yes |
| Configure SSO and authentication | Yes | No | No | No | No |
Project isolation
Projects act as boundaries. A team member invited to Project A cannot see monitors, status pages, or integrations in Project B. This makes projects a good way to separate:
- Different clients (each client gets their own project)
- Internal teams (engineering, infrastructure, support)
- Environments (production vs. staging)
The Owner is the exception. Owners see all projects and can move between them freely.
If you use SAML SSO, you can also restrict SSO users to specific projects through the SSO access scope setting in login methods. This is useful when contractors or external partners authenticate via your identity provider but should only access certain projects.
Choosing the right role
Here are some common scenarios to help you pick the right role:
- CTO or team lead who manages the team and configuration — Admin
- Engineer who sets up monitors and responds to incidents — Member
- Executive or stakeholder who wants a dashboard view — Viewer
- Finance or operations who handles invoices and plan changes — Billing
Account security
Two-factor authentication (2FA)
Add a second verification step to your login. Once enabled, you'll need both your password and a code from your authenticator app to sign in.
To enable 2FA, go to your account settings and follow the setup steps.
2FA is available to all users regardless of role or plan.
Audit logs
Audit logs record every change made within your Hyperping account: who did what, when, and in which project. Use them to:
- Track configuration changes to monitors and status pages
- Review teammate activity after an incident
- Provide evidence for compliance audits
Data protection
Hyperping encrypts data at rest with LUKS and in transit with SSL/HTTPS. All data is stored in the EU (DigitalOcean Frankfurt). Hyperping is GDPR-compliant and supports data deletion requests directly from the dashboard.
Troubleshooting
A teammate says they can't see a project.
Team members only see projects they were invited to. Check the Teammates page while inside the correct project to verify they were invited there.
A teammate needs to manage billing.
Assign them the Billing role, or the Owner can handle it directly. To change a teammate's role, go to the Teammates page.
An SSO user can't log in.
Check the provisioning policy in your SSO settings. If it's set to "Invite-only," the user needs to be invited before SSO login will work. See login methods for details.
