Assign Tenant Roles

The following sections provide information and instructions for assigning specific  Observability Platform tenant permissions to users through pre-defined roles.

Predefined  Observability Platform tenant Roles

These predefined roles allow administrators to define a user's actions in the Observability Platform tenant. They are Observability Platform tenant-specific with default permissions set and are not editable. 

Cisco Observability Platform modules can also create roles through Solution Principals. Thus, if you subscribe to modules for Cloud Native Application Observability, you may see other roles in the Account Management Portal.

Role	Permissions	Supported Assignees
Agent	Can post MELT data through the Common Ingestion Service API. Can access other APIs meant for agent consumption.	User Service Principal Agent Principal
Config Manager	Inherits Troubleshooter Tenant role permissions.  Has full access to configure alerting, data sources, and other integrations. Cannot perform administrator functions such as adding users to a tenant, modifying another user's access, or creating new service principals.	User Service Principal
Observer (Default)	Only has read-only access, but may not necessarily have access to read privileged information such as access configurations. Users default to this role if you do not select a specific role for them. Has read-only access to metrics, events, logs, and traces (MELT) data. Cannot view configuration details.	User Service Principal
Tenant Administrator	A Tenant Administrator can access everything on a tenant except a public API that is not mapped to a permission.	User
Troubleshooter	Inherits Read Only Tenant role permissions. Can manage health rules. Can respond to system alerts. Can troubleshoot issues.	User Service Principal

Work with Role Assignments

Every user or Service Principal you assign to an  Observability Platform tenant has Observer access by default. You must assign the user or Service Principal to one of the available Observability Platform tenant Roles to allow additional functionality.

To begin:

1. Navigate to Access Management > Observability Platform tenant Roles.
2. Select an Observability Platform tenant from the dropdown.
3. Click on a Role Name or highlight a row to expand the Role Details panel.

The Role Details panel provides three expandable and collapsible tabs:

• Permissions tab—allows you to view and search the preset permissions for a role.
• Users tab—allows you to assign an initial user and then displays a list of assigned users.
• Service Principals tab—allows you to assign an initial Service Principal and then displays a list of assigned Service Principals.

Assign Users and Service Principals to Roles 

1. Expand the Users or Service Principals tab.
   1. If no assignment has been set up, click Assign users or Assign Service Principals.
   2. Otherwise, click to add or remove them.
2. Check or uncheck one or more items to assign or unassign them to the role. 
3. Click Save then Confirm.

4. Click Back to close the panel.