Roles and Permissions
We provide the ability for you to manage your Hipchat group and users. Hipchat offers the following roles:
- delegated administrator
There is an administrative user at the operating system level (the “admin” at the Console/SSH) on the instance of Hipchat Server. This administrator can use the command line interface to perform server maintenance tasks like upgrading Hipchat Server, changing the SSL certs, and resetting the owner.
Principle of Max Privilege
The roles in Hipchat are structured on the principle of maximum privilege.
- Owners can modify anyone.
- Administrators and delegated administrators can modify anyone who is at the same level or below themselves.
- Users are unable to modify anyone.
- Nobody can modify someone in a higher permissions level.
Hipchat offers these roles to support your IT access security needs, allowing you to assign certain permissions to certain users. The roles below are listed from the highest level of permissions (owner) to the lowest level of permissions (user).
A Hipchat group has an owner. This is typically the person who set up the group. Think about the owner as the account holder responsible for billing. While the owner has chat and admin capability, we strongly encourage using the owner role for account management only. (Create another user for chatting purposes.)
There can be only one owner for a Hipchat group, so be sure to transfer ownership if your current owner is leaving your Hipchat group.
People with the administrator role can use the Hipchat apps to chat and also have access to the group and server administration features in Hipchat. They can administer Hipchat in the following ways:
- Add and delete users
- Change peoples' roles (for example, from user to admin or delegated admin)
- Force a user to reset their password on next login
- Set up user directory integration
- Require new users to have an email address from a specific domain
- Perform group admin tasks
- Enable and disable features (only allow Admins to create rooms, disable file uploads, etc.)
- Add, remove, or override emoticons
- Create APIv1 tokens
Note: They can't change the Hipchat Server group's name or owner.
- Perform server admin tasks, such as configuring the network connection
- View the history of messages and files shared for all rooms (both open and private)
- Manage all rooms, such as delete a message with a file, change the room administrator, or allow or disallow delegated administration of rooms)
You might have IT policies that restrict who can have administrator privileges, but what if you still need help managing rooms and users? A delegated administrator gives you a role with a limited set of administrator privileges.
The delegated administrator can manage some users and rooms. Delegated administrators can manage in the following ways:
- Manage other delegated administrators and users
- Add and delete other delegated administrators and users
- Change peoples’ roles, for example, from user to delegated administrator
- Edit users’ details, such as @mention names or email addresses
- If enabled by an administrator, as a default for all rooms or on a per-room override basis:
- Manage rooms, such as delete a message with a file or change the room administrator
- View the history of messages and files shared for all rooms (both open and private rooms)
By default, people with the user role can do the following:
- Download, install, and use the Hipchat apps
- Chat in open chat rooms (and be invited to chat in private rooms)
- Read and send messages
- Download files
- Search the history of all open rooms and any private rooms they are members of
- Create an API v2 personal token
- Manage how they receive notifications
As long as the administrator hasn't disabled these features, they can also do the following:
- Participate in private 1-1 chats
- Invite other users to join
- Create chat rooms
- Update their own user profile
- Delete their own messages
- Chat over video
The owner, administrators, and delegated administrators can assign roles to people. They can only assign roles that are at the same level or lower than their roles. For example, a delegated administrator can assign the delegated administrator and user roles to people.
- Log in to Hipchat in your browser, go to Group admin > Users.
- Find the person you want to assign a role to.
- In the Role menu, choose the role for the person you selected.
Delegating administration of rooms
By default, delegated administrators can manage all rooms. Owners and administrators can change this default for all rooms or specific rooms.
To change whether delegated administrators can manage all rooms, go to Group admin > Preferences.
To change whether delegated administrators can manage specific rooms, do the following:
- Go to Group admin > Rooms.
- Choose the room > Permissions.
Editing profile information
Users are able to edit their own profile information, such as name and email, by default. A user will not be able to edit their own profile if:
- a Hipchat administrator has disabled the ability for users to edit their own profile information in Group Admin > Preferences, or
- Hipchat is connected to an external LDAP directory.
Other roles in Hipchat
Hipchat also has room administrator and guest roles.These roles are different from the others in that administrators can't assign them to people and they don't appear in the Roles menu. The following sections explain how people become room administrators and guests.
People become room administrators in two ways:
- They create a room in Hipchat
- A room administrator assigns them as room administrators
Rooms can have multiple room administrators. They can manage a room in the following ways:
- Rename the room
- Delete the room
- Archive or Unarchive the room
- Set the room to private or public
- Enable a guest access URL (unless this has been disabled by an administrator)
- Invite or remove users (if the room is private)
- Assign other users as room administrators of that room
- Install, configure, or remove room-specific integrations (unless this has been disabled by an administrator)
Room administrators are unable to modify anyone Hipchat, but they can assign other people as room administrators of their rooms (including private rooms).
Log in to Hipchat in your browser.
You can't add or remove administrators from the Hipchat mobile or desktop clients. You must use the web UI.
- Go to Rooms > My Rooms
- Choose the room > Permissions.
- Click Edit next to Room admins.
- Click in the Room admins field.
- Start typing the name of the person you want to add.
You can select their name from the dropdown and press Enter, then continue typing more names.
You can turn on guest access on a per-room basis.
A guest can do the following in the Hipchat web app:
- Read and send messages in rooms to which they have been invited.
Guests are unable to modify anyone in Hipchat.