Skip to content
Overwatch Logo Overwatch Documentation

User Management

User Management

Section titled “User Management”

Overwatch provides robust Role-Based Access Control (RBAC) to ensure that users have the appropriate level of access to your organization’s resources.

User Roles

Section titled “User Roles”

Overwatch supports the following user roles, each with a specific set of permissions:

RoleDescriptionKey Permissions
OwnerThe creator of the organization. Has full access to everything.Manage Billing, Delete Organization, Manage All Users
AdminAdministrative access for day-to-day operations.Manage Users, Configure Integrations, View Analytics
ManagerTeam leadership role.Create/Edit Procedures, View Analytics, Manage Incidents
EngineerStandard user role for DevOps/SREs.Resolve Incidents, Execute Procedures, Read-Only Settings
ViewerRead-only access for stakeholders.View Incidents, View Dashboards

User Status

Section titled “User Status”

Users can be in one of the following states:

  • Pending: The user has been invited but has not yet verified their email or logged in.
  • Active: The user has a valid, active account.
  • Inactive: The user has been deactivated but not deleted. They cannot log in.
  • Suspended: The user has been temporarily suspended, often due to security reasons.
  • Deleted: The user has been permanently removed.

Managing Users

Section titled “Managing Users”

Inviting Users

Section titled “Inviting Users”
  1. Navigate to Settings > Users.
  2. Click the Invite User button.
  3. Enter the user’s Email Address.
  4. Select the appropriate Role.
  5. Click Send Invitation.

The user will receive an email with a link to set up their account.

Changing User Roles

Section titled “Changing User Roles”
  1. Navigate to Settings > Users.
  2. Find the user in the list.
  3. Click the Edit (pencil) icon.
  4. Select the new Role from the dropdown.
  5. Click Save Changes.

Deactivating Users

Section titled “Deactivating Users”

To revoke access for a user without deleting their historical data:

  1. Navigate to Settings > Users.
  2. Find the user.
  3. Select Deactivate or Suspend from the actions menu.

Security

Section titled “Security”

Account Lockout

Section titled “Account Lockout”

For security, user accounts are automatically locked after 5 failed login attempts. The lockout period lasts for 30 minutes. Administrators can manually unlock an account if needed.

Session Management

Section titled “Session Management”
  • Access Tokens: Valid for 1 hour.
  • Refresh Tokens: Valid for 7 days.
  • SSO: If your organization uses SSO (Google, Microsoft, Okta, SAML), session policies are managed by your identity provider.