Roles & Permissions
Tracevium uses role-based access control at the organisation level. Every member has exactly one role that determines what they can see and do.
The four roles
Full control over the organisation. Manages billing, changes plans, deletes the org, and can invite/remove any member. There is exactly one owner per organisation; ownership can be transferred.
Manages projects, endpoints, webhooks, notification channels, maintenance windows, and members (excluding the owner). Can invite new members and change roles up to but not including owner.
Creates and edits endpoints and webhook configurations. Can acknowledge incidents and add notes. Cannot delete endpoints, manage members, billing, or project-level settings.
Read-only access to all data: dashboards, check results, incidents, webhook events, notification channels, and status pages. Cannot make any changes.
Permissions matrix
Organisation
| Permission | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View dashboard & incidents | ✓ | ✓ | ✓ | ✓ |
| Invite members | ✓ | ✓ | — | — |
| Remove members | ✓ | ✓ | — | — |
| Change member roles | ✓ | ✓ | — | — |
| Manage billing & plan | ✓ | — | — | — |
| Delete organisation | ✓ | — | — | — |
| Transfer ownership | ✓ | — | — | — |
Projects
| Permission | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View projects | ✓ | ✓ | ✓ | ✓ |
| Create / delete projects | ✓ | ✓ | — | — |
| Edit project settings | ✓ | ✓ | — | — |
| View / rotate signing secret | ✓ | ✓ | — | — |
Endpoints & Checks
| Permission | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View endpoints & check history | ✓ | ✓ | ✓ | ✓ |
| Create / edit endpoints | ✓ | ✓ | ✓ | — |
| Delete endpoints | ✓ | ✓ | — | — |
| View uptime statistics | ✓ | ✓ | ✓ | ✓ |
Webhooks
| Permission | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View webhook events & payloads | ✓ | ✓ | ✓ | ✓ |
| Replay webhook events | ✓ | ✓ | ✓ | — |
Incidents
| Permission | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View incidents | ✓ | ✓ | ✓ | ✓ |
| Acknowledge incidents | ✓ | ✓ | ✓ | — |
| Add incident notes | ✓ | ✓ | ✓ | — |
Notification Channels
| Permission | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View assigned channels | ✓ | ✓ | ✓ | ✓ |
| Create / edit / delete channels | ✓ | ✓ | — | — |
| Assign channels to projects | ✓ | ✓ | — | — |
| Test a channel | ✓ | ✓ | — | — |
Maintenance Windows
| Permission | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View maintenance windows | ✓ | ✓ | ✓ | ✓ |
| Create / edit / delete windows | ✓ | ✓ | — | — |
Changing a member's role
Owners and admins can change the role of any member below their own level. An admin cannot promote someone to owner or change the owner's role. Role changes take effect immediately.
Removing a member
Owners and admins can remove any non-owner member. Removed members lose access immediately. Their historical contributions (incident notes, etc.) remain in the audit trail.
Inviting members
Invite new members by email from Members → Invite. Invite links expire after 7 days and can be resent from the Members page. The assigned role can be changed after the invite is accepted.