Skip to main content
Role restrictions let you control who’s eligible to be assigned specific roles during an incident. For example you may want only members of your Security team to be the Incident Lead for Security incidents. Restrictions are configured per incident type, so you can tailor role eligibility to match the needs of different incident types.

Setting up role restrictions

To configure role restrictions, head to Settings → Types and select the incident type you want to configure. Scroll to the Roles section.
Roles section with no restrictions
Click the three-dot menu on any role and select Edit restrictions to open the restriction drawer.
Role restrictions drawer with no restrictions

Building restrictions

Restrictions are built using the expression builder. Select a user attribute to restrict on, choose an operator, and pick the values to match against.
Filter picker showing available restriction variables
Common examples include restricting a role to a specific list of users, or to members of a particular team. You can also restrict based on any user attribute or custom catalog type connected to users. You can combine multiple conditions:
  • Conditions within the same group use AND logic - all conditions must be met
  • Separate groups use OR logic - any group can match
Role restrictions drawer with restrictions applied
Once saved, restrictions are displayed beneath each role in the Roles section so you know which roles have restrictions set.
Roles section with restrictions applied

Where restrictions apply

Once configured, role restrictions are enforced wherever incident roles are assigned:
  • Slack - when assigning roles via /inc role or the channel announcement buttons
  • Microsoft Teams - when assigning roles via channel announcement buttons
  • Dashboard - when picking roles during incident declaration or while managing an active incident
  • Workflows - any steps that assign roles to ineligible users will cause the workflow to fail
Users who don’t meet a role’s restrictions will appear disabled in role assignment dropdowns. If someone attempts to assign a restricted user directly, an error message explains why the assignment can’t be made.

Workflows

If you have workflows that assign incident roles, adding restrictions may cause those workflow steps to fail. A workflow step will fail if the user it tries to assign doesn’t meet the role’s restrictions.
When you have active workflows that assign roles, you’ll see a warning banner in the Roles section of your incident type settings reminding you of this. Review your workflows after adding role restrictions to make sure the users being assigned still meet the new requirements.

FAQs

No - role restrictions are configured per incident type. You’ll need to set up restrictions individually for each type where you want them.
The role dropdown will show all users as disabled. Consider broadening your restrictions if this happens.