Role-Based Access Control

Overview

Customers can now define custom roles within their LogRocket accounts to limit access to potentially sensitive information, as well as restrict access on a per-project basis. Please note that this feature is only available on the Professional plan.

To access these controls and define new roles, Admin users only will see a 'Team Roles' page within Settings.

Roles that are defined on this page can then be assigned to individual team members on the Team Members page. Each team member can only be assigned one role.

Built-In Roles

LogRocket provides three built-in roles that are always available for you to use and cannot be modified or deleted. These built-in roles automatically have access to all projects. If project-restricted functionality is needed, you should create Custom Roles.

Admin
Admin users have access to all functionality within LogRocket, including project controls, role creation and assignment, and billing functionality. This is also the only role with access to specific product features, such as Audit Logging and GDPR/CCPA deletion.

Developer
Developer users can access all Dashboard (including Errors and Metrics) and session playback features, as well as most Settings. They cannot perform billing-related tasks or interact with Admin-only features.

Guest
Guest users only have the ability to view session playback when a specific link is provided to them. They cannot access the Dashboard or search for sessions.

Note that this is the only type of user that does not count against your seat count, but all Guests must still be invited and listed within your application for security purposes.

Custom Roles

You can create Custom Roles using the 'Add Role' button to reveal the Role Creation pane.

You can select whether the role has access to all projects or only limited access to selected projects.

🚧

Permissions across projects

Please note that the selected set of permissions will apply across all projects the role has access to. A user cannot be a Guest on one project and a Developer on another.

You have the ability to choose highly granular permissions to ensure that your employees only have access to exactly what they need.

Permissions Options

  • Session Playback: the ability to view session playback only.

    • Developer Pane: the ability to view the developer pane (performance tabs and logging only) within the session replay. If this is selected then please note that session playback is automatically selected as a permission

      • Network Pane: the ability to view the network pane as part of the session playback, not including the content of the request/response bodies

        • Request Bodies: the ability to view full request/response bodies as part of a network request. If this is selected then all permissions above are automatically applied
  • Dashboard Features: the ability to view the Latest and Sessions tabs, as well as use the search bar to locate and filter sessions

    • Metrics: the ability to view the Metrics tab and all personal/team dashboards, as well as create and edit charts

    • Errors: the ability to view the Errors tab and ignore/resolve errors

Setting a Default Role

You can choose any custom or built-in role to serve as the default role for any new users joining your organization. You can select this role from the Team Roles page by selecting the three dots in the top right corner of the role definition, or select it from a dropdown on the Team Members page.