This page describes roles and permissions in the Splunk AppDynamics on-premises platform.
Roles define a set of permissions that users of the Controller may have within the Splunk AppDynamics-managed environment. This is also called role-based access control (RBAC).
The Controller enables you to set user and group permissions at a granular level. For example, you can grant permission to configure only a single application, a particular tier, or to access a particular feature, such as custom dashboards.
Predefined Roles
The Controller includes predefined roles for administrators and read-only users. You cannot edit the predefined role permissions, however, you can create new roles. See Creating Custom Roles.
| Roles | Description |
|---|
| Account Owner | |
|---|
| Administrator | - Can view and modify components that change state, such as applications, business transactions, dashboards, and so on.
- Can create War Rooms, view business flows, view and configure scheduled reports. This role can not add or edit users, groups, or roles.
|
|---|
| Analytics Administrator | - Can view and grant access to Analytics features, such as creating API keys, creating metrics, creating extracted fields, and granting access for viewing analytics data.
- Can control which roles have access to specific applications or log source types and is the only user in charge of saved searches.
- By creating different saved searches, the Analytics admin can provide different data access levels to analytics users. See Analytics and Data Security and Transaction Analytics Permissions.
|
|---|
| Dashboards Viewer | Can view custom dashboards. |
|---|
| DB Monitoring User | - Can view the Database Monitoring UI.
- Cannot add, edit, or delete database collectors.
|
|---|
| DB Monitoring Administrator | Can view the Database Monitoring UI and add, edit or delete database collectors. |
|---|
| Server Monitoring Administrator | Can view the Server Monitoring UI and configure Service Monitoring features including Service Availability Monitoring. |
|---|
| Server Monitoring User | - Can view the Server Monitoring UI.
- Can not configure Server Monitoring features.
|
|---|
| Applications and Dashboards Viewer | - Can view all applications and their dashboards.
- Cannot edit any applications or their dashboards (formerly known as the Read-Only User).
|
|---|
View the Roles
- While logged in to the Controller UI as an Administrator or Account Owner, go to Settings
> Administration. - Click the Roles tab to view the list of predefined roles.
- Click the Users and Groups with this Role tab to view users and groups assigned to a selected role.
Create Custom Roles
Users with the Account Owner role or the Administer users, groups, roles permission can create new custom roles in the Controller UI. A common strategy for designing roles is to create a role with the minimum permissions allowable for all users, such as view permissions. Then you can create roles that use customizations of that minimum permission role to give additional, explicit permissions to a specific feature or business application.
You can clone predefined roles as a starting point for creating your own customized roles, but you should not assume the cloned roles have all of the permissions of the predefined role. In some cases, there may be hidden permissions, so you should add or remove permissions necessary to ensure you get the RBAC result you need.
- While logged in to the Controller UI as an Account Owner, or another role with the Administration permission, go to Settings > Administration.
- Click the Roles tab to view the list of predefined roles.
From the tab, you can create new roles and modify or delete custom roles. - Click + Create to create a custom role.
- Click the Component tabs to configure permissions.