AppDynamics Application Intelligence Platform

3.8.x Documentation

PDFs

Videos

Release Notes

Create custom roles if you want to grant permissions to users and groups using roles that are configured differently from the predefined roles. See View Predefined Roles to see exactly which permissions are granted and denied by the predefined roles.

You can configure custom roles very finely to grant users certain permissions in a single application or even a single tier or set of tiers or custom dashboard.

See Configure Roles for information about the types of permissions that roles grant.

Configuring Custom Roles

After you have created a custom role, select it and configure the three categories of permissions by clicking the tabs:

  • Application Level Permissions
  • Custom Dashboard Permissions
  • Account Level Permissions

To Create a Custom Role

  1. As an administrator or account owner in the Controller UI, click Settings -> Administration.
  2. Click the Roles tab.
  3. Either:
    1. In the left panel, click the Add icon to create a new role.
    2. In the right panel, enter the name of the role and an optional description.
    3. Click Save.
    Or:
    1. Select an existing role in the left panel.
    2. Click the Duplicate icon.
    3. In the Duplicate Role window, overwrite the default name with your name for the new role.
    4. Click Duplicate.
    5. In the left panel, select the newly created role.
    6. In the right panel, edit the name and description for the new role.
    7. Click Save

Configuring Application Level Permissions

In this tab you can configure:

  • the role's default application-level permissions
  • the role's custom permissions for specific applications and tiers

Custom roles can be very fine-tuned at the application level and tier levels.  For example, you could create an AcmeManager role with certain delete and edit permissions that apply only to the Acme bookstore application and another AcmeUser role with only view permissions or possibly also with a more limited set of edit permissions for the Acme bookstore application. You can also create roles at the tier level; for example, an InventoryManager role or an InventoryUser role with certain permissions only the Inventory tier and not for any of the other tiers in the application.

Every role has a set of default application-level permissions that are inherited by all new applications in the account. For a custom role you can reconfigure these default permissions. You can also override the inherited permissions for custom roles by reconfiguring application-level and tier-level permissions.

To Configure the Default Application Permissions

  1. With the custom role that you are configuring selected in the left panel, in the right panel click the Application Permissions tab.
  2. To grant the role permission to create new applications, check the Can Create Applications check box. Otherwise leave it clear. 
  3. In the Default row do the following: 

    • To permit users with this role to view applications check the View check box. To deny them view permission, clear the View check box. 

    • To permit users with this role to delete the application check the Delete check box. To deny them delete permission, clear the Delete check box.
    • To permit users to edit AppDynamics configurations:
      1. Click the Edit icon.
      2. In the Edit Permissions window check the check boxes for the configurations that the role can perform and clear them for the configurations that it cannot perform.
  4. Click OK in the Edit Permissions window.
  5. Click Save at the top of the pane to save the default configuration.

To Configure Application Permissions

You can configure a custom role to have different permissions in different applications.

  1. With the custom role that you are configuring selected in the left panel, in the right panel click the Application Permissions tab.
  2. In the row for the application for which you want to configure the role's permissions, do one of the following:
    • If you want the role to inherit the default application-level permissions, select Inherit from Default from the dropdown menu if it is not already selected.
    Or:
    • If you do not want the role to inherit the default application-level permissions, select Customized from the dropdown menu and then follow steps 3 and 4 as described above in To Configure the Default Permissions for the application's row instead of for the Default row.
  3. Repeat the previous step for every application that you want to configure.
  4. Click Save at the top of the pane to save the configuration.

To Configure Tier-Level Permissions

By default, a role's permissions in a tier are inherited from the role's permissions in the tier's containing application. You can override this behavior to configure a custom role to have specific permissions in different tiers.

  1. In the Application Permissions tab, expand the application in which you want to configure the role's tier-level permissions.
  2. In the row for the tier for which you want to configure the role's permissions, do one of the following:
    • If you want the role to inherit the application permissions for the tier, select Inherit from Application from the dropdown menu if it is not already selected.
    Or:
    • If you do not want the role to inherit the application permissions for the tier, select Customized from the dropdown menu and then follow steps 3 and 4 as described above in To Configure the Default Permissions for tier's row instead of for the Default row.
  3. Repeat the previous step for every tier that you want to configure.
  4. Click Save at the top of the pane to save the configuration.

Configuring Custom Dashboard Permissions

In this tab you can configure:

  • the role's default custom dashboard permissions
  • the role's permissions for specific custom dashboards

Every dashboard inherits the default custom dashboard permissions unless you override them by configuring separate permissions for individual dashboards. For example, you could have a custom dashboard called SalesDashboard and a custom role SalesRole, and another custom dashboard called FinanceDashboard and a custom role FinanceRole. The SalesRole could be configured to have permissions in the SalesSdashboard but no permissions in the FinanceDashboard and vice-versa.

To Configure the Default Custom Dashboard Permissions

  1. With the custom role that you are configuring selected in the left panel, in the right panel click the Custom Dashboard Permissions tab.
  2. To grant the role permission to create new custom dashboards, check the Can Create Custom Dashboards check box. Otherwise leave it clear.
  3. In the default row do the following:
    • To permit users with this role to view custom dashboards, check the View check box. To deny them view permission, clear the View check box.
    • To permit users with this role to edit custom dashboards, check the Edit check box. To deny them edit permission, clear the Edit check box.
    • To permit users with this role to delete custom dashboards, check the Delete check box. To deny them delete permission, clear the Delete check box.
  4. Click Save at the top of the pane to save the default configuration.

To Configure Permissions for Individual Dashboards

You can configure a custom role to have different permissions in different custom dashboards.

  1. With the custom role that you are configuring selected in the left panel, in the right panel click the Custom Dashboard Permissions tab.
  2. In the row for the custom dashboard for which you want to configure the role's permissions:
    • To permit users with this role to view the custom dashboard, check the View check box. To deny them view permission, clear the View check box.
    • To permit users with this role to edit the custom dashboard, check the Edit check box.To deny them edit permission, clear the Edit check box.
    • To permit users with this role to delete the custom dashboard, check the Delete check box. To deny them delete permission, clear the Delete check box.
  3. Repeat the previous step for every custom dashboard that you want to configure.
  4. Click Save at the top of the pane to save the configuration.

Configuring Account Level Permissions

To Configure Account Level Permissions

  1. With the role selected in the left panel, in the right panel click the Account Level Permissions tab.
  2. Check the check boxes for the tasks that can be performed by the selected custom role. see Account Level Permissions for descriptions of these permissions.
  3. Clear the check boxes for the tasks that cannot be performed by this role if they are not already clear.
  4. Click Save.

Modifying a Custom Role

Modifying a custom role is similar to creating a new role.

To Modify a Custom Role

  1. Select the role to modify in the left panel of the role configuration screen.
    The role configuration is visible in the right panel.
  2. Edit the role as you would for a creating a new custom role, as described in the preceding sections.

Learn More