Honeycomb uses a tiered system of access control to provide granular access to its endpoints.
Honeycomb’s mission is to empower engineering teams to debug production systems. Many defaults are chosen to enable and support the ambient broadcasting and sharing of knowledge.
Our permissions philosophy centers around minimizing behaviors that may be destructive or disruptive to fellow team members’ query activity.
| Owner | Member | Read-Only | |
|---|---|---|---|
| Promote other team owners | ✔ | ||
| Make team SSO-only | ✔ | ||
| Upgrade and adjust pricing | ✔ | ||
| Invite new users / accept join requests | ✔ | ||
| Create new teams | ✔ | ✔ | ✔ |
| Create, edit, and disable API keys | ✔ | ||
| Delete ingest API keys | ✔ | ||
| Redact API keys | ✔ | ✔ | |
| View redacted API keys | ✔ | ||
| View non-redacted API keys | ✔ | ✔ |
Environments can only be created by a team owner.
| Owner | Member | Read-Only | |
|---|---|---|---|
| Create environment | ✔ | ||
| Edit environment display For example, environment descriptions. |
✔ | ✔ | |
| Download the Activity Log Available as part of the Honeycomb Enterprise plan. |
✔ |
Datasets may be queried on by any member of the team and query history is visible to all members of the team.
| Owner | Member | Read-Only | |
|---|---|---|---|
| Run queries | ✔ | ✔ | ✔ |
| Annotate queries | ✔ | ✔ | |
| Delete a dataset | ✔ | ||
| Toggle deletion protection | ✔ | ||
| Edit dataset ingest settings For example, nested JSON. |
✔ | ||
| Edit dataset schema settings For example, field types, field max lengths. |
✔ | ✔ | |
| Edit dataset display For example, field descriptions, dataset descriptions, aliases. |
✔ | ✔ |
Boards can be created by team members and team owners and default to being public. Any public boards will be viewable to everyone in your team and will be modifiable by team members and team owners.
Boards marked as *Restricted (Collaborators and owners only) are visible only by the creator and any team owners. The board owner may take the board public at any time. Other members will not be able to add or edit queries to a limited access board unless explicitly added as a collaborator by the owner.
| Owner | Member | Read-Only | |
|---|---|---|---|
| Create public boards | ✔ | ✔ | |
| View public boards | ✔ | ✔ | ✔ |
| Create limited access boards | ✔ | ✔ | |
| Make limited access boards public | ✔ | ✔ | |
| Add collaborators to a limited access board | ✔ | ✔ | |
| Add queries and metadata to boards | ✔ | ✔ | |
| Edit queries and metadata on boards | ✔ | ✔ | |
| View anybody’s limited access board | ✔ | ||
| Delete public boards | ✔ | ✔ | |
| Delete anybody’s limited access board | ✔ |
Triggers are viewable by all members in a team. Triggers are creatable and editable for team members but not for read-ony users. Clear attribution on triggers communicate which user created or last edited a particular trigger.
| Owner | Member | Read-Only | |
|---|---|---|---|
| Create triggers | ✔ | ✔ | |
| View triggers | ✔ | ✔ | ✔ |
| Edit/delete triggers | ✔ | ✔ |
Calculated fields, otherwise known as Derived Columns, may be created on a Dataset or an Environment by team members and team owners. As with boards, calculated fields may only be deleted by the creator or a team owner. Everyone in the team can view calculated fields.
Read more about Calculated Fields.
| Owner | Member | Read-Only | |
|---|---|---|---|
| Create calculated fields | ✔ | ✔ | |
| Edit calculated fields | ✔ | ✔ | |
| Delete own calculated field | ✔ | ✔ | |
| Delete any calculated field | ✔ | ||
| View calculated fields in schema | ✔ | ✔ | ✔ |
