Skip to content

Feature Request: Role-based access control for session replay viewing #44154

New issue
New issue
Open
Open
Feature Request: Role-based access control for session replay viewing#44154
Labels
enhancementNew feature or requestteam/session-replay
@HaynesPostHog

Description

@HaynesPostHog
HaynesPostHog
opened on Dec 31, 2025

Feature request

Is your feature request related to a problem?

Currently, all users with access to session replay in a PostHog project can view all recordings. There's no way to restrict viewing based on:

  • User roles within the organization
  • Sensitivity of the pages being recorded
  • Customer attributes or segments

This creates privacy challenges for organizations handling sensitive customer data (e.g., fintech customers) or sensitive application areas (e.g., billing settings, payment pages).

While PostHog offers privacy controls for what gets recorded (masking, stopping/starting recordings programmatically), there are no controls for who can view recordings once they're captured.

Describe the solution you'd like

Implement role-based access control (RBAC) for session replay viewing with the ability to:

  • Restrict replay access by page/URL patterns: Allow admins to configure which team members can view recordings containing specific pages (e.g., only billing team members can view recordings that include /billing pages)

  • Restrict replay access by customer attributes: Allow filtering of viewable recordings based on person properties (e.g., only specific team members can view recordings for customers tagged as customer_type: fintech)

  • Project-level replay permissions: Add granular permissions beyond the current all-or-nothing access, such as:

      - Can view all recordings
  - Can view recordings (excluding sensitive pages)
  - Can view recordings (specific customer segments only)
  - Cannot view recordings (but can access other PostHog features)

Describe alternatives you've considered

Additional context

From: https://posthoghelp.zendesk.com/agent/tickets/46095

Debug info

Kind: support

Target area: session_replay

Report event: http://go/ticketByUUID/b71b9c43-2996-4072-8d2b-008745405631

Session: https://us.posthog.com/project/sTMFPsFhdP1Ssg/replay/019b7506-c3ce-75d1-9182-74604a03a554?t=1223

Exceptions: https://us.posthog.com/project/2/error_tracking?filterGroup=%7B%22type%22%3A%22AND%22%2C%22values%22%3A%5B%7B%22type%22%3A%22AND%22%2C%22values%22%3A%5B%7B%22key%22%3A%22%24session_id%22%2C%22value%22%3A%5B%22019b7506-c3ce-75d1-9182-74604a03a554%22%5D%2C%22operator%22%3A%22exact%22%2C%22type%22%3A%22event%22%7D%5D%7D%5D%7D

Location: https://us.posthog.com/organization/billing/spend?date_from=-90d&interval=month

Persons-on-events mode for project: person_id_override_properties_on_events

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestteam/session-replay

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions