Understanding Permission Levels in PagerDuty Workflow Automation

Permissions are determined by a user’s Role and Individual Permission Settings

• Roles determine most day to day permissions, like deactivating a user or viewing confidential fields.
• Individual permission settings govern which users can edit or view any given Workflow, data table, or integration. These are separate from roles and are governed per-object, which means per-Workflow, per-Data Table, and for integrations, per-connection

Permission Roles

PagerDuty Workflow Automation has two default roles that determine permissions: Admin and Team member. The two default permission roles allow you to easily set common permissions for each user. The third role, Builder, is for a team member that has Workflow Editing permissions enabled.

A non-member is any user outside your team who is assigned a task or sent a web form.

See the following chart for an overview of basic default permissions.

Individual Permission Settings

Roles determine most permissions, but for Data Tables, Workflows, and Integration connections permissions are more granular and set per-object. These individual permission settings affect all users: admins and team members. A user must be explicitly given permission to view or edit a Workflow, data table, or integration object.

✅   Heads-up: The Team Owner is the only user that can view or edit any object.

• Individual Workflow Permissions
• Individual Data Table Permissions
• Individual Integration Permissions

Simplify permissions with groups

It’s easiest to manage Individual permission settings using groups. Create groups for different teams or functions, then grant permissions to those groups rather than granting permissions to individuals. See the Groups page for how to set up groups.

note

• Note: With the default configuration, Workflows and Data tables give edit permissions to all admins, and find permissions to all users. This can be changed in an object’s individual permission settings during setup or at any time.

Individual Workflow Permissions

Individual Workflow permissions overwrite any role level permissions. For example, an Admin without Find/Edit permissions on a Workflow cannot find or edit that Workflow.

The individual Workflow permissions are set per-Workflow. Use this diagram to understand what a user with No Permissions, a user with Find Permissions, or a user with Edit Permissions are each able to do. Individual permissions can look very different Workflow to Workflow.

You can change Individual Workflow permissions at any time, see How to change Workflow permissions.

Individual Data Table Permissions

Individual Data Table permissions overwrite any role level permissions. For example, an admin or team member without permissions to view a data table cannot view the table.

The individual data table permissions are set per-data table. Use this diagram to understand what a user with with Permissions, or a user without Permissions are each able to do. Individual permissions can look very different between data tables.

Individual data table permissions can be changed at any time, see Change data table permissions.

Individual Integration Permissions

An integration is a connection to an app or tool within PagerDuty Workflow Automation. Integrations can have multiple connections. Permissions can be set per-connection in PagerDuty Workflow Automation.

Individual integration permissions overwrite any role level permissions. For example, an admin or team member without permissions to use a connection cannot use the connection.

The individual integration permissions are set per-connection. Use this diagram to understand what the connection creator, a user with Permissions, or a user without Permissions are each able to do.

Individual integration permissions can be changed at any time, see How to change integration permissions.