This page provides information and instructions for managing roles in AppDynamics. 

A role is a collection of permissions that define what actions a user can perform within the AppDynamics-managed environment. You can use groups to manage roles collectively. A user or group can have more than one role but must have at least one defined role.

Administrators can grant user permissions at a granular level, including which business applications they can monitor, what parts of the UI are visible, and the types of configuration changes they can make.

Predefined Roles

The Tenant UI includes predefined roles for administrators and read-only users that you cannot change, however, you can create new custom roles



Account Owner
  • Access to Administration, Agent, and Getting Started Wizard UIs.
  • Add or edit users, groups, roles, and the authentication provider.
  • Possesses most of the account-level permissions and is sometimes known as the account administrator. See Account Permissions.
  • Create War Rooms.
  • Configure alert, email, and HTTP request templates, emails, reports, and licenses.
  • View licenses, business flows, and reports.
  • View and modify components that change state, such as applications, business transactions, dashboards, and so on.
  • Create War Rooms, view business flows, and view and configure scheduled reports.
  • Cannot add or edit users, groups, or roles.
Analytics Administrator
  • View and grant access to Analytics features, such as creating API keys, creating metrics, creating extracted fields, and granting access for viewing analytics data. 
  • Controls which roles have access to specific applications or log source types.
  • The only role in charge of saved searches. Saved searches provide different data access levels to analytics users. See Analytics and Data Security and Transaction Analytics Permissions.
Applications and Dashboards Viewer
  • View all applications and their dashboards.
  • Cannot edit dashboards (formerly known as the Read-Only User).
Dashboards Viewer
  • View application dashboards.
DB Monitoring User
  • Manage Events.
  • View the Database Monitoring UI.
  • Cannot add, edit, or delete database collectors.
DB Monitoring Administrator
  • View the Database Monitoring UI.
  • Add, edit or delete database collectors.
Server Monitoring Administrator
  • View the Server Monitoring UI.
  • Configure Service Monitoring features including Service Availability Monitoring.
Server Monitoring User
  • View Server Monitoring UI.
  • Cannot configure Server Monitoring features.
Workflow ExecutorExecute Workflows.

Create Custom Roles

You must have the Account Owner role or the Administration, Agents, Getting Started Wizard permission to create new custom roles.
Roles can be managed collectively by using groups. A user or group must have at least one role but can have multiple. You have the option to add users and groups to predefined roles.

As a starting point for creating your own customized roles, you can copy predefined roles. If you are working under a custom role and copy a predefined role, some permissions may not be visible to you. You must adjust permissions for your customized role to ensure that you get the correct RBAC result.

To create a custom role:

  1. Navigate to SettingsGear Icon > Administration Roles.
  2. Click CreatePlus Icon and enter a unique Name and optional Description.
  3. Configure permissions through the UI.
    1. Account—set role permissions
    2. Applications—set access and function permissions for applications and tiers
      1. End User Monitoring—enable end-user monitoring
      2. Server Visibility—enable users to view and/or configure server components
    3. Databases—set access and function permissions for databases
    4. Analytics—set general, log, search, and event data view permissions
    5. Dashboards—set default and custom dashboard management permissions
    6. User and Groups with this Role—view existing or add new users and groups to the role
  4. Click Save.