Menu
Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow Alerts and IRMbreadcrumb arrow IRMbreadcrumb arrow Usebreadcrumb arrow Incident managementbreadcrumb arrow Private Incidents
Grafana Cloud

Private incidents

Private incidents allow you to limit visibility and access to an incident, helping teams manage sensitive situations with confidentiality and control. Use private incidents when you need to restrict who can view and collaborate on the incident, both in the Grafana IRM UI and in your Slack workspace.

When to use a private incident

Private incidents are useful when investigating issues that require discretion or a hightened level of confidentiality. For example:

  • Security breaches: Limit exposure of vulnerability details while the team works on mitigation.
  • HR-related issues: Keep personnel matters private and secure during investigation and throughout the resolution process.
  • Legal matters: Ensure only authorized stakeholders can access incidents with potential legal impact.

Access control and visibility

Private incidents follow a straightforward access model designed to limit visibility so authorized stakeholders have a secure place to collaborate and communicate.

The following access control rules apply to private incidents:

  • Only the incident creator and users explicitly added to the incident can access it.
  • The Slack channel associated with a private incident is private by default.
  • Users can be added by inviting them to the incident’s Slack channel or from the Roles panel in the Grafana IRM UI. If you add a user from the Roles panel then you will also need to manually add them to the incident’s Slack channel (users will not be able to see the private Slack channel unless invited).
  • Private incidents are hidden from users who aren’t assigned a role or explicitly invited - only users with acccess can see the incident in the Grafana IRM UI.

Note

Slack workspace admins may still have access to private incident channels. Review the

Limitations and considerations section for more information.

Declare a private incident

You can declare a private incident from anywhere in Grafana Cloud that the Declare incident action is available. For additional information, refer to Declare an incident.

To declare an private incident from Grafana IRM:

  1. From the main menu of Grafana Cloud, click Alerts & IRM and select Incidents.
  2. Click Declare incident.
  3. Fill out the incident details: title, severity, labels, and more.
  4. Select the Private incident checkbox to restrict access.
  5. (Optional) Click More options to set additional preferences like the Slack channel prefix or initial status.
  6. Click Declare incident.

The incident will only be visible to users you add as responders, observers, or collaborators.

Grant access to private incidents

To give someone access to a private incident:

  • Invite them to the Slack channel associated with the incident. Once added, they are able to view the incident in the Grafana UI.
  • You can also assign them a role directly in the Roles panel of the incident in Grafana.

Limitations and considerations

  • Slack admin access: Slack workspace admins may have access to private channels in your workspace, even if not explicitly invited to the incident. Review and restrict admin permissions as needed to ensure confidentiality.
  • Access model: Only users who are explicitly added to a private incident or invited to the associated Slack channel can view or interact with it in the Grafana UI.
  • Paging: Manual paging of users is not available in private incidents. This ensures that only explicitly invited participants can join.
  • Slack channel access: Anyone with access to a configured default private Slack channel may be able to see private incident updates, so access to this channel should be tightly controlled.
  • Insights: Private incidents are not included in the Insights metrics.
  • Integrations: Integrations do not trigger actions on private incidents by default. Users have to explicitly enable an action to run on private incidents.