Update LogRocket User Access | OpsBlu Docs

Update LogRocket User Access

How to modify user roles, permissions, and access levels in Logrocket. Covers role changes, app access management, API key rotation, and common access.

Update collaborator access when project scope changes, responsibilities shift, or new apps are added to LogRocket.

When to Update Access

Common scenarios requiring access updates:

  • Project phase changes (implementation → maintenance → support)
  • Scope expansion (add new apps or environments)
  • Role changes (promote to Admin for configuration work, demote to Viewer after completion)
  • Temporary elevated access (troubleshooting, urgent fixes)
  • New LogRocket apps created (add collaborator to new app)
  • Security review requires access reduction

Prerequisites

  • Verify current access level in Settings → Organization → Team
  • Determine new role requirements (organization and app-level)
  • Confirm change request is approved and documented
  • Check for SSO/SCIM overrides that might conflict with manual changes
  • Ensure you have Organization Admin or Owner rights

Update Organization Role

  1. Log into LogRocket and navigate to Settings → Organization → Team.
  2. Find the collaborator in the team list.
  3. Click the Role dropdown next to their name.
  4. Select the new organization role:
    • Owner: Full control (use sparingly, typically client-only)
    • Admin: Manage team, apps, integrations
    • Member: Access assigned apps only
  5. Confirm the change.
  6. Document the change in your IAM tracker with date, reason, and approver.

Update App-Level Permissions

  1. Navigate to Settings → Organization → Team.
  2. Find the collaborator in the team list.
  3. Click the Apps column to view current app access.
  4. For each app requiring changes:
    • To add to new app: Click Add to App, select app, choose role (Admin, Member, Viewer).
    • To change role on existing app: Click the role dropdown, select new role.
    • To remove from app: Click the X or Remove button next to the app.
  5. Save changes.
  6. Update your access log with the modifications.

Common Update Patterns

Pattern 1: Implementation → Maintenance

Scenario: Collaborator completed LogRocket implementation, transitioning to ongoing maintenance.

Changes:

  • Organization Role: Admin → Member
  • App Access:
    • Production: Admin → Member (no longer needs configuration changes)
    • Staging: Admin → Viewer or Remove (implementation complete)

Pattern 2: Support Escalation

Scenario: Collaborator needs temporary elevated access to troubleshoot production issue.

Changes:

  • Organization Role: Member → Admin (temporary)
  • App Access:
    • Production: Member → Admin (temporary)
  • Set reminder: Downgrade after issue resolved (e.g., 48 hours)

Pattern 3: Scope Expansion

Scenario: Adding new LogRocket app for mobile web, collaborator needs access.

Changes:

  • Organization Role: No change (Member)
  • App Access:
    • Add to Mobile Web App: Member or Admin (depending on responsibilities)

Pattern 4: Offboarding Preparation

Scenario: Contract ending soon, reducing access before full removal.

Changes:

  • Organization Role: Admin → Member
  • App Access:
    • Production: Admin → Viewer (read-only during knowledge transfer)
    • Staging: Remove
    • Development: Remove

API Key Management During Updates

If access changes affect API key usage:

  1. Navigate to Settings → API Keys.
  2. Review keys created by or for the collaborator.
  3. Take action based on new role:
    • Elevated access: Create new keys with expanded permissions.
    • Reduced access: Rotate or delete keys that are no longer needed.
    • Temporary access: Document expiration date and set reminder to revoke.
  4. Update API key documentation in IAM tracker.

SSO/SCIM Considerations

If your organization uses SSO or SCIM provisioning:

  1. Check for conflicts: Manual role changes may be overridden by SSO group mappings.
  2. Update IdP first: Change user's groups in your identity provider (Okta, Azure AD, etc.).
  3. Trigger sync: Force SCIM sync if available, or wait for automatic sync.
  4. Verify in LogRocket: Confirm role change took effect after IdP update.
  5. Document both: Record both IdP group change and LogRocket role verification.

After Updating Access

  • Notify the collaborator of access changes via email or ticket comment.
  • Verify the collaborator can (or cannot) access expected apps and features.
  • Document the change in your IAM tracker:
    • Date of change
    • Old role → New role
    • Reason for change
    • Approver
    • Next review date
  • Export Activity Log from Settings → Activity for audit trail.
  • Take screenshot of Settings → Organization → Team showing updated roles.

Troubleshooting

  • Changes not taking effect: Check for SSO/SCIM overrides. Update identity provider mappings if enabled.
  • Collaborator still has access they shouldn't: Verify app-level permissions, not just organization role. Remove from specific apps if needed.
  • API keys still working after downgrade: API keys persist independently of user roles. Rotate or delete keys explicitly.
  • Temporary access not reverted: Set calendar reminders or automated alerts to revert temporary access changes on schedule.

Temporary Access Workflow

For time-limited elevated access:

  1. Grant access: Update role as needed (document start date and reason).
  2. Set reminder: Create calendar event or ticket for access review (e.g., 48 hours, 1 week).
  3. Document expiration: Note in IAM tracker when access should be reverted.
  4. Revert access: Downgrade role or remove app access at scheduled time.
  5. Confirm reversion: Verify access change took effect and notify collaborator.

Example:

Access Update Log:
- User: jane@collaborator.com
- Change: Member → Admin (Production App)
- Reason: Urgent privacy configuration fix
- Granted: 2024-01-15 14:30 UTC
- Expires: 2024-01-17 14:30 UTC (48 hours)
- Reverted: 2024-01-17 14:45 UTC
- Verified: Access downgraded to Member

Validation Checklist

  • Access change documented in IAM tracker
  • Organization role updated if needed
  • App-level permissions adjusted for each app
  • API keys updated, rotated, or deleted as appropriate
  • Collaborator notified of access change
  • Activity Log exported for audit trail
  • Screenshot of updated team permissions saved
  • Calendar reminder set for next access review
  • Temporary access has documented expiration date (if applicable)
  • SSO/SCIM mappings updated if enabled

Example Update Log

Change Request: #5678

User: jane@collaborator.com

Date: 2024-03-10

Requested By: Product Manager

Approved By: Security Lead

Change Details:

  • Organization Role: Member → Admin (scope expanded to manage integrations)
  • Production App: Member → Admin (needs to configure Sentry integration)
  • Staging App: Member (no change)
  • API Keys: Created new API key for integration configuration (read/write)

Next Review: 2024-09-10 (6 months)

Documentation: Screenshots filed in ticket #5678, Activity Log exported

Nach oben