This page provides an overview of roles and permissions in AppDynamics.

Roles define a set of permissions that users of the Controller may have within the AppDynamics-managed environment. This is also called role-based access control, or RBAC. 

The Controller UI enables you to apply permissions at a granular level. For example, you can grant permission to configure only a single application or a particular tier or to access a particular feature of the UI, such as custom dashboards.

Predefined Roles

The Controller UI includes predefined roles for administrator and read-only users. You cannot edit the predefined role permissions, however, you can create new roles as described in Creating Custom Roles.

Account OwnerCan add or edit users, groups, roles, and the authentication provider. This role has most of the account-level permissions and is sometimes known as the account administrator. See Account Permissions.
AdministratorCan view and modify components that change state, such as applications, business transactions, dashboards, and so on. Can create War Rooms, view business flows, view and configure scheduled reports. This role can not add or edit users, groups, or roles.
Analytics AdministratorCan view and grant access to Analytics features, such as creating API keys, creating metrics, creating extracted fields, and granting access for viewing analytics data. This role can control which roles have access to specific applications or log source types and is the only user in charge of saved searches. By creating different saved searches, the Analytics admin can provide different data access levels to analytics users. See Analytics and Data Security and Business iQ Analytics Permissions.
Dashboards ViewerCan view custom dashboards. 
DB Monitoring UserCan view the Database Monitoring UI. Cannot add, edit, or delete database collectors.
DB Monitoring Administrator

Can view the Database Monitoring UI and add, edit or delete database collectors.

Server Monitoring AdministratorCan view the Server Monitoring UI and configure Service Monitoring features including Service Availability Monitoring.
Server Monitoring UserCan view Server Monitoring UI. Can not configure Server Monitoring features.
Applications and Dashboards ViewerCan view all applications and their dashboards but cannot edit any (formerly known as the Read-Only User).

View the Roles

  1. While logged in to the Controller UI as an Administrator or Account Owner, go to Settings  > Administration.
  2. Click the Roles tab to view the list of predefined roles.
  3. Click the Users and Groups with this Role tab to view users and groups assigned to a selected role.

Create Custom Roles

Users with the Account Owner role or the Administer users, groups, roles permission can create new custom roles in the Controller UI. A common strategy for designing roles is to create a role with the minimum permissions allowable for all users, such as view permissions. Then you can create roles that use customizations of that minimum permission role to give additional, explicit permissions to a specific feature or business application. 

You can clone predefined roles as a starting point for creating your own customized roles, but you should not assume the cloned roles have all of the permissions of the predefined role. In some cases, there may be hidden permissions, so you should add or remove permissions as needed for your customized role to ensure that you get the RBAC result you need.

  1. While logged in to the Controller UI as an Account Owner, or another role with the Administration permission, go to Settings  > Administration.
  2. Click the Roles tab to view the list of predefined roles.
    From the tab, you can create new roles and modify or delete custom roles.
  3. Click + Create to create a custom role.
  4. Configure permissions by clicking the Component tabs.