Manage Alert Permissions
Access to alerts is controlled through the Data Observability & Alerts permissions model. This model determines who can view alerts, update resolutions, and configure notification settings.
The same permissions model applies to both alerts and pipeline monitoring. For information about pipeline monitoring permissions, see Manage Data Observability Permissions.
How permissions work
Permissions use Relationship-Based Access Control. Each permission is defined as a relationship between a user and an observability domain.
An observability domain is a group of Data Observability assets that share access controls and serve as a boundary for alerting and root cause analysis. Currently, there is one observability domain per tenant.
Permission levels
Three permission levels are available, each building on the previous:
| Permission | Capabilities | Includes |
|---|---|---|
Viewer |
View alerts, pipeline monitoring, job history, orchestrator connections, and notifications. |
— |
Editor |
Resolve and escalate alerts, and edit notifications. |
Viewer capabilities |
Admin |
Manage users and permissions, notifications, orchestrator connections, and API keys. |
Editor and Viewer capabilities |
Permissions are hierarchical. A user with Admin permission automatically has Editor and Viewer capabilities.
What each permission level allows
Viewer
Users with Viewer permission can:
-
View the alerts feed and alert details
-
View pipeline monitoring and job execution history
-
View orchestrator connection settings (but not API key values)
-
View notification policies and audiences
Viewers cannot modify alerts, connections, or settings.
Platform administrators
Platform administrators have access to alerts and data observability by default. This access is intended for users who need full administrative capabilities across the platform.
Users with the dataobservability-admin identity provider role automatically have Admin permission to all observability domains in the tenant.
For more information about identity provider roles, see Identity Provider Roles.
Grant permissions
Users with Admin permission can grant access to other users.
To grant permissions:
-
In the left navigation, go to User management > Alerts & data observability.
-
Select Grant permissions.
-
In the Search users field, search for and select the users you want to add.
-
For each user, select the permission level dropdown and choose Viewer, Editor, or Admin.
-
Select Save.
A confirmation message appears indicating that permissions were granted.
Edit or remove permissions
You can edit or remove permissions for a single user or multiple users at once.
Single user
-
In the left navigation, go to User management > Alerts & data observability.
-
Find the user in the list.
-
Select the three dots menu for that user.
-
Select Edit permission level or Remove access.
-
If editing, choose the new permission level.
-
Confirm or save your changes.
Multiple users
-
In the left navigation, go to User management > Alerts & data observability.
-
Select the checkbox next to each user you want to update.
-
In the action bar that appears at the bottom, select Set permission level or Remove access.
-
If editing, choose the permission level to apply to all selected users.
-
Confirm or save your changes.
View user details
To view detailed information about a user, select their name in the user list. A sidebar opens displaying the user’s general information, group assignments, and assigned roles.
Common scenarios
The following examples illustrate which permission level is appropriate for different roles:
-
A data engineer needs to set up pipeline monitoring for their team’s Airflow instance → Admin
-
An analyst needs to view pipeline alerts but should not modify connections or resolutions → Viewer
-
A data steward needs to triage and resolve alerts but should not manage connections → Editor
-
A platform administrator needs full access to configure observability across the organization → Platform administrator (automatic access)
Was this page useful?