Mackerel blog #mackerelio

The Official Blog of Mackerel

Regarding the policy for adding new user permissions

I’m id:daiksy, the director of Mackerel. Thank you for choosing Mackerel.

This is an announcement regarding Mackerel user permissions and our plans to add new permissions within the next few days.

Regarding the addition of user permissions

Up until now there have been three user permissions; “Owner”, “Editor”, and “Viewer”. We will be adding a new user permission to these existing three. Accordingly, each permission name can be used more conveniently as “Owner”, “Manager”, “Collaborator”, and “Viewer”. Continue reading below for a summarized explanation of the changes for permissions before and after refinement.

Permission changes before and after refinement

In Mackerel, there have been three configurable permissions in order of strength; “Owner”, “Editor”, and “Viewer”. By allowing only the necessary permissions to the user, this feature offers the ability to prevent misoperations etc. However, because the “Editor” permission also has the ability to create and edit the API key, we’ve received numerous requests asking for one more weaker permission that also has the ability to edit monitoring configurations, notification channels, etc.

Therefore, we’ve changed the three user authorities from “Owner”, “Editor” and “Viewer” to “Owner”, “Manager”, “Collaborator” and “Viewer”. This gives the user the ability to configure permissions in more detail. The names of each user authority before and after the change are listed below.

Before change After change
Owner Owner
Editor Manager
Collaborator
Viewer Viewer

“Editor” will be renamed “Manager” and the permissions granted are mentioned below. “Collaborator” is the newly established user authority. There has been no change to “Owner” and “Viewer”.

There is only one “Owner” per organization. However, multiple names can be registered for other permissions.

Regarding the new permissions granted with “Manager”

Currently, deletion of an API key can only be done by the “Owner”. The “Editor” does not have the authority to delete the API key. Taking use cases into consideration, having more than one person with deletion authority could allow for a quicker response, say if the API key were to be leaked etc. For this reason, both “Owner” and “Manager” permissions will have API key deletion authority.

In the event that an API key is deleted, information detailing who deleted which key will be sent via mail to anyone with Manager authority or higher

Regarding the extent of authority for “Collaborator”

Collaborators are users who are not authorized to view the API key or add members. For more details, please refer to the post-release help page.

Regarding the transition to managing new permissions

There are no required operations in particular regarding the management of new permissions. Editors up until this point will automatically be changed to Managers. As for the newly established “Collaborator”, please perform the appropriate changes after the release.