Skip to content
Appwarden Documentation

Manage organization roles and permissions

Overview

Appwarden uses a granular role-based access control (RBAC) system to help you manage what team members can see and do in your organization. Each member can be assigned a predefined role or a custom set of permissions that control their access to monitoring dashboards, domain settings, integrations, and administrative functions.

This guide explains how to assign roles and permissions when inviting team members or editing existing memberships through the Appwarden dashboard.

Organization owners automatically have full access to all features and cannot have their permissions modified. To transfer ownership, contact Appwarden support.

Understanding Roles

Appwarden provides three predefined roles that cover common access patterns:

Viewer

Viewers have read-only access across your organization. This role is ideal for stakeholders who need visibility into your security posture without making changes.

Viewer permissions include:

  • View monitoring status and history
  • View domain configurations and status
  • View organization settings
  • View incident reports and history
  • View integration configurations
  • View organization members

Editor

Editors can view and manage most organization resources. This role is suitable for team members who actively work with Appwarden to configure monitoring and respond to incidents.

Editor permissions include:

  • All Viewer permissions
  • Manage monitor-related settings in the dashboard
  • Manage domain-related settings in the dashboard
  • Modify organization settings
  • Create, edit, and resolve incidents
  • Configure and modify integrations
  • Invite and modify user permissions

Monitor and domain configurations are managed via your GitHub repository and consumed when you push to the default branch. Editor permissions control what users can see and do in the Appwarden dashboard, not whether they can modify configuration files in Git.

Admin

Admins have full administrative access to all Appwarden features. This role is appropriate for senior team members who need unrestricted access to manage your organization.

Admin permissions include:

  • All Editor permissions
  • Full administrative access to monitoring features
  • Full administrative access to domain-related features
  • Full administrative access to settings
  • Full administrative access to incident management
  • Full administrative access to user management
  • Full administrative access to billing
  • Full administrative access to integrations

Assigning Roles

You can assign roles when inviting new members or when editing existing team members.

Inviting a team member with a role

  1. Navigate to Settings > Team in the Appwarden dashboard
  2. Click Invite User
  3. Enter the user’s email address
  4. In the Role Selection section, select a role from the dropdown:
    • Viewer — Read-only access
    • Editor — Can manage dashboard settings
    • Admin — Full administrative access
    • Custom — Select individual permissions
  5. Click Send Invitation

Editing an existing member’s role

  1. Navigate to Settings > Team in the dashboard
  2. Find the team member you want to edit
  3. Click the edit icon in the Actions column
  4. Select a new role from the dropdown or choose Custom to select individual permissions
  5. Click Save Changes

Custom Permissions

If the predefined roles don’t match your needs, you can select Custom from the role dropdown to choose individual permissions for a team member.

Selecting custom permissions

  1. When inviting or editing a user, select Custom from the role dropdown
  2. The Permissions card appears with permissions organized by category:
    • Monitoring — Monitor-related features
    • Domains — Domain-related features
    • Incidents — Incident management
    • Settings — Organization settings
    • Users — Team member management
    • Billing — Billing and subscription
    • Integrations — External integrations
  3. Check the permissions you want to grant
  4. Click Send Invitation or Save Changes

Permission levels

Each category offers three permission levels:

  • View — Read-only access to view status and configurations
  • Manage — Can modify settings and configurations in the dashboard
  • Administer — Full administrative access to the category

Permission levels follow an inheritance model: Administer includes Manage and View, while Manage includes View.

Permission Categories

Monitoring

Controls access to monitoring dashboards, status, and history.

  • View Monitors — Can view monitoring status and history
  • Manage Monitors — Can manage monitor-related settings in the dashboard; monitor definitions are configured in your GitHub repository
  • Administer Monitors — Full administrative access to monitoring features

Domains

Controls access to domain configurations and status.

  • View Domains — Can view domain configurations and status
  • Manage Domains — Can manage domain-related settings in the dashboard; domain configurations are defined in your GitHub repository
  • Administer Domains — Full administrative access to domain-related features

Incidents

Controls access to incident management and response.

  • View Incidents — Can view incident reports and history
  • Manage Incidents — Can create, edit, and resolve incidents
  • Administer Incidents — Full administrative access to incident management

Settings

Controls access to organization-level settings.

  • View Settings — Can view organization settings
  • Manage Settings — Can modify organization settings
  • Administer Settings — Full administrative access to organization settings

Users

Controls access to team member management.

  • View Users — Can view organization members
  • Manage Users — Can invite and modify user permissions
  • Administer Users — Full administrative access to user management

Billing

Controls access to billing and subscription management.

  • View Billing — Can view billing information and invoices
  • Manage Billing — Can modify billing settings and payment methods
  • Administer Billing — Full administrative access to billing management

Integrations

Controls access to external integrations like Discord and PagerDuty.

  • View Integrations — Can view integration configurations
  • Manage Integrations — Can configure and modify integrations
  • Administer Integrations — Full administrative access to integrations

Permission Validation and Suggestions

When selecting custom permissions, Appwarden automatically validates your selection and provides helpful suggestions.

Role suggestions

If your custom permission selection closely matches a predefined role, Appwarden suggests using that role instead. This helps maintain consistency and simplifies future permission management.

For example, if you select all the permissions included in the Viewer role, you’ll see a suggestion to use the Viewer role instead.

Permission inheritance warnings

Appwarden warns you when a selected permission includes other permissions due to inheritance. For instance, selecting Administer Monitors automatically grants Manage Monitors and View Monitors.

Discord Command Permissions

In addition to dashboard permissions, you can control who can run Appwarden Discord commands in your server.

By default, only Server Administrators can interact with Appwarden. To grant access to additional members:

  1. Open Discord Server Settings
  2. Navigate to Integrations > Appwarden
  3. Under Commands, select a command (e.g., /incident, /quarantine)
  4. Configure user and role access for that command
  5. Repeat for each command you want to configure

We recommend creating a dedicated role (e.g., @security) and assigning it to Appwarden commands. Learn more in the organization onboarding guide.

Required dashboard permissions for Discord commands

While Discord’s native command permissions control who can see and run commands in your server, Appwarden also requires users to have the appropriate dashboard permissions in their organization membership to successfully execute most commands.

When a user runs a Discord command, Appwarden checks:

  1. Discord-level permissions — Does the user have permission to run this command in Discord?
  2. Organization membership — Is the user a member of the organization linked to this Discord server?
  3. Dashboard permissions — Does the user have the required Appwarden permission for this command?

If any of these checks fail, the command will not execute and the user will receive an error message.

Quarantine commands (/quarantine)

  • /quarantine lock — Requires Manage Domains or Administer Domains
  • /quarantine unlock — Requires Manage Domains or Administer Domains
  • /quarantine test — Requires View Domains or higher (Manage/Administer Domains)

Incident commands (/incident)

  • /incident declare — Requires Manage Incidents or Administer Incidents
  • /incident resolve — Requires Manage Incidents or Administer Incidents
  • /incident page — Requires Manage Incidents or Administer Incidents
  • /incident list — Requires View Incidents or higher (Manage/Administer Incidents)
  • /incident find — Requires View Incidents or higher (Manage/Administer Incidents)
  • /incident test — Requires View Incidents or higher (Manage/Administer Incidents)

Settings commands (/settings)

  • /settings setup — Requires Manage Settings or Administer Settings

Public commands

These commands do not require any dashboard permissions and can be run by any Discord user who has permission to see the commands:

  • /help — No permissions required
  • /invite — No permissions required

If you have any feedback or need additional roles, please don’t hesitate to reach out to us on Discord.