Owner account
The first user created during initial setup is automatically designated as the owner. The owner account has two permanent constraints enforced at the database and controller level:- The owner is always assigned the
adminrole and cannot be removed from it. - The owner account cannot be deactivated.
Built-in roles
Kener ships with three readonly built-in roles. Their names, IDs, and permission sets are fixed and cannot be edited or deleted.| Role ID | Display name | Description |
|---|---|---|
admin | Admin | Full access to all features |
editor | Editor | Create and update content; no user or role management |
member | Member | Read-only access across the dashboard |
Built-in roles cannot be renamed, deactivated, or deleted. You can, however, create custom roles and clone permissions from a built-in role as a starting point.
Custom roles
You can create custom roles with any combination of permissions. Role ID rules: lowercase letters, numbers, underscores, and hyphens only (e.g.viewer, ops_team). The IDs admin, editor, and member are reserved.
Creating a role
Fill in the details
Enter a Role ID (e.g.
viewer) and a Role Name (e.g. Viewer). Choose whether to pick permissions after creation or clone them from an existing active role.Editing a role
Click the pencil icon next to any custom role to change its name or toggle its status betweenACTIVE and INACTIVE. Inactive roles cannot be assigned to users.
Deleting a role
Click the trash icon next to a custom role. You will be asked what to do with users currently assigned to that role:- Remove assignments — the users lose this role but keep any other roles they have.
- Migrate to another role — all users in the deleted role are moved to the target role you select. The target role must be active.
Permissions reference
Each permission controls a specific set of API actions. Use the accordions below to see what each permission grants.Monitors
Monitors
| Permission ID | What it grants |
|---|---|
monitors.read | View monitors and monitoring data |
monitors.write | Create, update, delete, and clone monitors |
Incidents
Incidents
| Permission ID | What it grants |
|---|---|
incidents.read | View incidents and comments |
incidents.write | Create, update, and delete incidents and comments |
Maintenances
Maintenances
| Permission ID | What it grants |
|---|---|
maintenances.read | View maintenances and events |
maintenances.write | Create, update, and delete maintenances and events |
Pages
Pages
| Permission ID | What it grants |
|---|---|
pages.read | View pages |
pages.write | Create, update, and delete pages |
Triggers
Triggers
| Permission ID | What it grants |
|---|---|
triggers.read | View triggers |
triggers.write | Create, update, delete, and test triggers |
Alerts
Alerts
| Permission ID | What it grants |
|---|---|
alerts.read | View alert configurations and alert history |
alerts.write | Create, update, and delete alert configurations |
API Keys
API Keys
| Permission ID | What it grants |
|---|---|
api_keys.read | View API keys |
api_keys.write | Create and update API keys |
api_keys.delete | Delete API keys |
Users
Users
| Permission ID | What it grants |
|---|---|
users.read | View users |
users.write | Manage users, invitations, and verification |
Roles
Roles
| Permission ID | What it grants |
|---|---|
roles.read | View roles, permissions, and user assignments |
roles.write | Create, update, and delete roles |
roles.assign_permissions | Add and remove permissions from roles |
roles.assign_users | Add and remove users to and from roles |
Settings
Settings
| Permission ID | What it grants |
|---|---|
settings.read | View site settings and subscriptions config |
settings.write | Update site settings and subscriptions config |
Subscribers
Subscribers
| Permission ID | What it grants |
|---|---|
subscribers.read | View subscribers |
subscribers.write | Manage subscribers and subscriptions |
Email Templates
Email Templates
| Permission ID | What it grants |
|---|---|
email_templates.read | View email templates |
email_templates.write | Update email templates |
Images
Images
| Permission ID | What it grants |
|---|---|
images.write | Upload and delete images |
Assigning permissions to a role
Toggle permissions
Permissions are grouped by domain. Click any permission row to toggle it on or off. The badge on each group header shows how many permissions in that group are currently granted.
Readonly built-in roles display their permissions but the checkboxes are disabled. You need the
roles.assign_permissions permission to modify permissions on any custom role.Inviting users
User invitations require a configured email service. If email is not set up, the Add User button is disabled and a warning is shown. See the email setup guide for details.
Enter user details
Provide the invitee’s Name (2–100 characters) and Email address. Select at least one active role to assign.
Managing existing users
Users are listed in the Manage → Users table with columns for Name, Email, Verified status, Role(s), and Active status. You can filter between Active and Inactive users using the toggle at the top of the page. Click the gear icon on any user (other than yourself) to open the settings panel. You need theusers.write permission to see this button.
Update roles
Check or uncheck roles in the panel and click Update Roles. The owner must always retain the
admin role.Deactivate / activate
Deactivating a user prevents login and invalidates their current session immediately. The owner account cannot be deactivated.
Resend invitation
If a user has not yet set their password, the panel shows a Resend Invitation button that sends a fresh 7-day link.
Email verification
Users can verify their own email from the table. Admins can also trigger a verification email from the user’s settings panel.
Assigning users to roles from the Roles page
You can also manage the membership of a specific role from Manage → Roles by clicking the Users button on the role row. The panel shows all current members and lets you add or remove users, provided you have theroles.assign_users permission.