Managing User Access

Role-Based Access Control (RBAC)

Role-based access control is used to permit individual users to perform specific actions and get visibility to an access scope. Each user can be assigned to multiple groups, every one coming with its associated permissions. In addition a group sets the access scope and you can configure the visible areas for the group members.

Invite users

  1. On the sidebar, click Settings -> Team Settings -> Users -> Invite User.
  2. Enter the email address of the person you want to invite. By default, a new user is assigned the Default group.

The invited user receives an email to complete their account setup.

Create group

Groups and their members are managed on tenant level, the corresponding permissions and areas are maintained per unit.

  1. On the sidebar, click Settings -> Team Settings -> Groups. By default, there are two available groups:

    • Default: All permissions are disabled. Users created through SSO/LDAP authentication are automatically assigned this group.
    • Owner: All permissions are enabled, this group can not be restricted.
  2. To add a custom group, click Add Group.
  3. Enter a name for the group and select users, areas and permissions.

User restrictions

Limit access by group access scope. Select this option to enable role-based access control for the user. Otherwise, the user access is not limited.

Group permissions

Users inherit all permissions and areas from their groups. With an additive model, for example a member of the owner group will always have full visibility and all permissions.

Permission Description
Service & endpoint mapping Gives permission to configure services and endpoints.
Website monitoring configuration Gives permission to configure website monitoring.
Mobile app monitoring configuration Gives permission to configure mobile app monitoring.
User management Gives permission to invite, modify, and remove user accounts.
Access group configuration Gives permission to configure access groups and permissions for all users.
Agent download and agent key visibility Gives permission to access and configure the agent.
Access to license usage Gives permission to access license usage information.
Configuration of integrations Gives permission to create and configure alerting integrations.
Configuration of custom alerts Gives permission to create and configure custom alerts and associated integrations.
Configuration of API tokens Gives permission to create and configure API tokens.
Configuration of agent mode Gives permission to create an agent mode through the UI.
Access to audit log Gives permission to access the audit log for all users.
Configuration of agents Gives permission to configure all agents through the UI.
Configuration of authentication methods Gives permission to configure group authentication methods (e.g., 2FA/SSO).
Configuration of applications Gives permission to create and configure applications.
Configuration of log management Gives permission to configure log management.
Configuration of releases Gives permission to configure releases.
Configuration of global custom payload for alerts Gives permission to configure global custom payloads.
Configuration of service level indicators Gives permission to configure service level indicators.
Creation of public custom dashboards Gives permission to create public custom dashboards.
Access to token and session timeout settings Gives permission to access token and session timeout settings.
Access to account and billing information Gives permission to account and billing information.

Permissions are applied on unit level.

Assign users to groups

  1. On the sidebar, click Settings -> Team Settings -> Groups.
  2. Click on a group.
  3. Click Add user on the users list and select the users you want to assign.
  4. Save the group.

User to group assignments are on tenant level and shared between all corresponding units. In other words, a change of user assignments will be propagated through all units.

Add areas to a group

  1. On the sidebar, click Settings -> Team Settings -> Groups.
  2. Click on a group.
  3. Click on Add Areas on the areas list.
  4. Select from the following product areas:

    • Application Perspectives: User can view the Application Perspectives in the Applications list, the related services in the Services list, the monitored hosts on the Infrastructure Map, and has access to Analytics.
    • Kubernetes Clusters: User can view the Kubernetes Clusters in the Clusters list, on the Infrastructure Map, and has access to Analytics..
    • Kubernetes Namespaces: User can view the Kubernetes Namespaces in the Namespaces list, on the Infrastructure Map, and has access to Analytics.
    • Websites: User can view the website listed on the Websites page and has access to Analytics.
    • Mobile Apps: User can view the mobile applications on the Mobile Apps page and has access to Analytics.
    • Infra DFQ: User can view the entities matching the dynamic focus filter on the Infrastructure Map.
  5. Save the group.

Areas are applied on unit level.

Audit Logs

All user activity is logged to the audit log.