Roles & Permissions
Warden uses role-based access control (RBAC) with four roles arranged in a strict hierarchy. Each role inherits all permissions from the roles below it.
Role Hierarchy
Section titled “Role Hierarchy”| Role | Level | Description |
|---|---|---|
| Admin | 4 | Full access — user management, settings, API keys, and everything below |
| Editor | 3 | Can create and modify monitors, incidents, maintenance windows, and notifications |
| Viewer | 2 | Read-only access to the dashboard, monitors, incidents, and reports |
| Status Viewer | 1 | Can only view assigned status pages — no dashboard access |
Permission Matrix
Section titled “Permission Matrix”User & System Management
Section titled “User & System Management”| Action | Admin | Editor | Viewer | Status Viewer |
|---|---|---|---|---|
| Create users | ✓ | — | — | — |
| Delete users | ✓ | — | — | — |
| Change user roles | ✓ | — | — | — |
| Manage API keys | ✓ | — | — | — |
| Edit settings | ✓ | — | — | — |
| Configure SSO | ✓ | — | — | — |
| Manage status page visibility | ✓ | — | — | — |
Monitors
Section titled “Monitors”| Action | Admin | Editor | Viewer | Status Viewer |
|---|---|---|---|---|
| View monitors & uptime | ✓ | ✓ | ✓ | — |
| Create monitors | ✓ | ✓ | — | — |
| Edit monitors | ✓ | ✓ | — | — |
| Delete monitors | ✓ | ✓ | — | — |
| Pause / resume monitors | ✓ | ✓ | — | — |
Incidents & Maintenance
Section titled “Incidents & Maintenance”| Action | Admin | Editor | Viewer | Status Viewer |
|---|---|---|---|---|
| View incidents | ✓ | ✓ | ✓ | — |
| Create incidents | ✓ | ✓ | — | — |
| Update incidents | ✓ | ✓ | — | — |
| Delete incidents | ✓ | ✓ | — | — |
| Post incident updates | ✓ | ✓ | — | — |
| Toggle incident visibility | ✓ | ✓ | — | — |
| Create maintenance windows | ✓ | ✓ | — | — |
| View maintenance windows | ✓ | ✓ | ✓ | — |
Notifications
Section titled “Notifications”| Action | Admin | Editor | Viewer | Status Viewer |
|---|---|---|---|---|
| View notification channels | ✓ | ✓ | ✓ | — |
| Create notification channels | ✓ | ✓ | — | — |
| Edit notification channels | ✓ | ✓ | — | — |
| Delete notification channels | ✓ | ✓ | — | — |
| Test notification channels | ✓ | ✓ | — | — |
| Change notification settings | ✓ | — | — | — |
Incidents & Outages
Section titled “Incidents & Outages”| Action | Admin | Editor | Viewer | Status Viewer |
|---|---|---|---|---|
| Promote outages to incidents | ✓ | ✓ | — | — |
Status Pages & Dashboard
Section titled “Status Pages & Dashboard”| Action | Admin | Editor | Viewer | Status Viewer |
|---|---|---|---|---|
| Access dashboard | ✓ | ✓ | ✓ | — |
| View overview & stats | ✓ | ✓ | ✓ | — |
| View all status pages | ✓ | ✓ | ✓ | — |
| Configure status pages | ✓ | — | — | — |
| View assigned status pages | ✓ | ✓ | ✓ | ✓ |
| Assign status pages to users | ✓ | — | — | — |
| Edit own profile | ✓ | ✓ | ✓ | ✓ |
| View settings | ✓ | ✓ | ✓ | — |
| View system info | ✓ | — | — | — |
| Reset database | ✓ | — | — | — |
Role Details
Section titled “Role Details”Admins have unrestricted access to everything in Warden. They are the only role that can manage users, API keys, and system settings.
Safeguards:
- An admin cannot change their own role (prevents accidental self-demotion)
- The last admin cannot be demoted or deleted (ensures at least one admin always exists)
Editor
Section titled “Editor”Editors can create, modify, and delete monitors, incidents, maintenance windows, and notification channels. They cannot manage users, API keys, or system settings.
This is the ideal role for team members who actively manage your monitoring setup.
Viewer
Section titled “Viewer”Viewers have read-only access to the entire dashboard. They can see monitors, incidents, uptime data, latency charts, and reports, but cannot make any changes.
Use this role for stakeholders or team members who need visibility without the ability to modify anything.
Status Viewer
Section titled “Status Viewer”Status Viewers are the most restricted role. They cannot access the dashboard at all — they can only view the specific status pages assigned to them by an admin.
This role is useful for:
- External clients who need to see the status of their services
- Partners who should only see specific status pages
- Anyone who needs status page access without dashboard visibility
When a Status Viewer’s role is changed to a higher role, their status page assignments are automatically cleared since they now have access to all pages through the dashboard.