Download PDF
Download page Roles and Permissions.
Roles and Permissions
This page describes roles and permissions in AppDynamics.
Roles define a set of permissions that users of the Controller may have within the AppDynamics-managed environment. This is also called role-based access control, or RBAC.
The Controller UI enables you to apply permissions at a granular level. For example, you can grant permission to configure only a single application or a particular tier or to access a particular feature of the UI, such as custom dashboards.
Predefined Roles
The Controller UI includes predefined roles for administrator and read-only users. You cannot edit the predefined role permissions, however, you can create new roles as described in Creating Custom Roles.
Roles | Description |
---|---|
Account Owner | Can add or edit users, groups, roles, and the authentication provider. This role has most of the account-level permissions and is sometimes known as the account administrator. See Account Permissions. |
Administrator | Can view and modify components that change state, such as applications, business transactions, dashboards, and so on. Can create War Rooms, view business flows, view and configure scheduled reports. This role can not add or edit users, groups, or roles. |
Analytics Administrator | Can view and grant access to Analytics features, such as creating API keys, creating metrics, creating extracted fields, and granting access for viewing analytics data. This role can control which roles have access to specific applications or log source types and is the only user in charge of saved searches. By creating different saved searches, the Analytics admin can provide different data access levels to analytics users. See Analytics and Data Security and Transaction Analytics Permissions. |
Dashboards Viewer | Can view custom dashboards. |
DB Monitoring User | Can view the Database Monitoring UI. Cannot add, edit, or delete database collectors. |
DB Monitoring Administrator | Can view the Database Monitoring UI and add, edit or delete database collectors. |
Server Monitoring Administrator | Can view the Server Monitoring UI and configure Service Monitoring features including Service Availability Monitoring. |
Server Monitoring User | Can view Server Monitoring UI. Can not configure Server Monitoring features. |
Applications and Dashboards Viewer | Can view all applications and their dashboards but cannot edit any (formerly known as the Read-Only User). |
View the Roles
- While logged in to the Controller UI as an Administrator or Account Owner, go to Settings > Administration.
- Click the Roles tab to view the list of predefined roles.
- Click the Users and Groups with this Role tab to view users and groups assigned to a selected role.
Create Custom Roles
Users with the Account Owner role or the Administer users, groups, roles permission can create new custom roles in the Controller UI. A common strategy for designing roles is to create a role with the minimum permissions allowable for all users, such as view permissions. Then you can create roles that use customizations of that minimum permission role to give additional, explicit permissions to a specific feature or business application.
- While logged in to the Controller UI as an Account Owner, or another role with the Administration permission, go to Settings > Administration.
- Click the Roles tab to view the list of predefined roles.
From the tab, you can create new roles and modify or delete custom roles. - Click + Create to create a custom role.
- Configure permissions by clicking the Component tabs.