Managing User Access

Role-Based Access Control (RBAC)

Role-based access control is used to permit individual users to perform specific actions and get visibility to an access scope. Permissions are grouped into roles, and each user is assigned a unique role. By using permissions, you give the appropriate level of access to each user. Each user is assigned a single role, which comes with its associated permissions, and can be added to a specific group. This group sets the access scope and you can configure the visible areas for the group members.

Invite users

  1. On the sidebar, click Settings -> Users -> Invite User.
  2. Enter the email address of the person you want to invite. By default, a new user is assigned the Default role.

    The invited user receives an email to complete their account setup.

Create roles

  1. On the sidebar, click Settings -> Roles.

    By default, there are two available roles:

    • Default: All permissions are disabled. Users created through SSO/LDAP authentication are automatically assigned this role.
    • Owner: All permissions are enabled.
  2. To add a custom role, click New Role.
  3. Enter a name for the role and select from the following restriction and permissions.

User restrictions

Limit access by group access scope. Select this option to enable role-based access control for the user. Otherwise, the user access is not limited.

User permissions

Permission Description
Service & Endpoint Mapping Gives permission to configure services and endpoints.
Website Monitoring Configuration Gives permission to configure website monitoring.
User management Gives permission to invite, modify, and remove user accounts.
Access role configuration Gives permission to configure access roles and permissions for all users.
Access group configuration Gives permission to configure access roles and permissions for all users.
Agent download and agent key visibility Gives permission to access and configure the agent.
Access to license usage Gives permission to access license usage information.
Configuration of integrations Gives permission to create and configure alerting integrations.
Configuration of custom alerts Gives permission to create and configure custom alerts and associated integrations.
Configuration of API tokens Gives permission to create and configure API tokens.
Configuration of agent mode Gives permission to create an agent mode through the UI.
Access to audit log Gives permission to access the audit log for all users.
Configuration of agents Gives permission to configure all agents through the UI.
Configuration of authentication methods Gives permission to configure group authentication methods (e.g., 2FA/SSO).
Configuration of applications Gives permission to create and configure applications.
Configuration of log management Gives permission to configure log management.
  1. Click Create.

Assign roles to users

  1. On the sidebar, click Settings -> Users.
  2. Click on a user.
  3. From the Role drop-down list, select the role you want to assign to the specific user.
  4. Save the user.

Create groups

  1. On the sidebar, click Settings -> Groups -> New Group.
  2. Enter a name for the group.
  3. Add previously added users.
  4. Click Create.

Add areas to a group

  1. On the sidebar, click Settings -> Groups.
  2. Click on a group.
  3. Click on Add Areas on the areas list.
  4. Select from the following product areas:

    • Applications: Enable access to application perspectives from the list.
    • Kubernetes Clusters: Enable access to kubernetes clusters from the list.
    • Kubernetes Namespaces: Enable access to kubernetes namespaces from the list.
    • Websites: Enable access to websites from the list.
    • Mobile Apps: Enable access to mobile applications from the list.
    • Infrastructure DFQ: Enable access to a given dynamic focus query.
    • Application Perspectives: User can view the Application Perspectives in the Applications list, the related services in the Services list, the monitored hosts on the Infrastructure Map, and has access to Analytics.
    • Kubernetes Clusters: User can view the Kubernetes Clusters in the Clusters list, on the Infrastructure Map, and has access to Analytics..
    • Kubernetes Namespaces: User can view the Kubernetes Namespaces in the Namespaces list, on the Infrastructure Map, and has access to Analytics.
    • Websites: User can view the website listed on the Websites page and has access to Analytics.
    • Mobile Apps: User can view the mobile applications on the Mobile Apps page and has access to Analytics.
    • Infra DFQ: User can view the entities matching the dynamic focus filter on the Infrastructure Map.
  5. Click Create.

Audit Logs

All user activity is logged to the audit log.