Managing User Access

Role-Based Access Control (RBAC)

Role-based access control is used to permit individual users to perform specific actions. Permissions are grouped into roles, and each user is assigned a unique role. By using permissions, you give the appropriate level of access to each user. Each user is assigned a single role, which comes with its associated permissions, and can be added to a specific team with predefined access scopes.

Invite users

  1. On the sidebar, click Settings -> Users -> Invite User.
  2. Enter the email address of the person you want to invite. By default, a new user is assigned the Default role.

    The invited user receives an email to complete their account setup.

Create roles

  1. On the sidebar, click Settings -> Roles.

    By default, there are two available roles:

    • Default: All permissions are disabled. Users created through SSO/LDAP authentication are automatically assigned this role.
    • Owner: All permissions are enabled.
  2. To add a custom role, click New Role.
  3. Enter a name for the role and select from the following restriction and permissions.

User restrictions

Limit access by team access scope. Select this option to enable role-based access control for the user. Otherwise, the user access is not limited.

User permissions

Permission Description
Service & Endpoint Mapping Gives permission to configure services and endpoints.
Website Monitoring Configuration Gives permission to configure website monitoring.
User management Gives permission to invite, modify, and remove user accounts.
Access role configuration Gives permission to configure access roles and permissions for all users.
Access team configuration Gives permission to configure access roles and permissions for all users.
Agent download and agent key visibility Gives permission to access and configure the agent.
Access to license usage Gives permission to access license usage information.
Configuration of integrations Gives permission to create and configure alerting integrations.
Configuration of custom alerts Gives permission to create and configure custom alerts and associated integrations.
Configuration of API tokens Gives permission to create and configure API tokens.
Configuration of agent mode Gives permission to create an agent mode through the UI.
Access to audit log Gives permission to access the audit log for all users.
Configuration of agents Gives permission to configure all agents through the UI.
Configuration of authentication methods Gives permission to configure team authentication methods (e.g., 2FA/SSO).
Configuration of applications Gives permission to create and configure applications.
Configuration of log management Gives permission to configure log management.
  1. Click Create.

Assign roles to users

  1. On the sidebar, click Settings -> Users.
  2. From the Role drop-down list, select the role you want to assign to the specific user.

Create access scopes

  1. On the sidebar, click Settings -> Access Scopes -> New Access Scope.
  2. Enter a name for the access scope and select from the following product areas:

    • Access Websites monitoring: Enable to access the website monitoring functionality from the sidebar.
    • Access Applications monitoring: Enable to access applications monitoring functionality from the sidebar.
    • Access Kubernetes monitoring: Enable to access the Kubernetes monitoring functionality from the sidebar.
  3. Add specific scopes that this user can have access to:

    • Application Perspectives: User can view the Application Perspectives in the Applications list, the related services in the Services list, the monitored hosts on the Infrastructure Map, and has access to Analytics.
    • Kubernetes Clusters: User can view the Kubernetes Clusters in the Clusters list, on the Infrastructure Map, and has access to Analytics..
    • Kubernetes Namespaces: User can view the Kubernetes Namespaces in the Namespaces list, on the Infrastructure Map, and has access to Analytics.
    • Websites: User can view the website listed on the Websites page and has access to Analytics.
  4. Click Create.

Create teams

  1. On the sidebar, click Settings -> Teams -> New Team.
  2. Enter a name for the team.
  3. Add a predefined access scope.
  4. Add previously added users.
  5. Click Create.

Audit Logs

All user activity is logged to the audit log.