Roles define a set of privileges that AppDynamics Controller users have within the AppDynamics managed environment. This is also called "role-based access control", or "RBAC".
Roles provide an easy way to define and clone a set of permissions for a user or a group without having to configure every user's or every group's permissions individually.
A user or group can have multiple roles.
AppDynamics provides the following predefined roles:
- Account Owner: Can manage security settings (users, groups, roles) as well as view and modify applications and dashboards. This role is also known as the account administrator.
- Administrator: Can view and modify components that change state: applications, business transactions, dashboards, etc. Can view and edit all applications and all custom dashboards.
- Custom Dashboard Viewer: Can only view custom dashboards. Cannot do anything else.
- Read Only User: Can view but not edit all applications.
- Workflow Executor: Can execute workflows.
You can view the configurations for predefined roles but you cannot change them. See View Predefined Roles.
Although you cannot modify the predefined roles, you can add or remove users and groups from the predefined roles by checking or clearing the Member check box in the Roles panel. See Configure Users and Configure Groups.
You can create custom roles to manage user access by the application/tier level, the custom dashboard level, and the account level. When creating a role, you can create the role from scratch or duplicate an existing role, save it under another name, and then modify it as a custom role.
Permission Inheritance for Default Permissions
For application-level and custom dashboard permissions, AppDynamics provides a default set of permissions, named Default. The default permissions are inherited by new applications and new custom dashboards. The Default permissions are listed first in the Application Permissions subtab of the Roles tab.
Tier-level permissions are inherited from the containing application.
Permissions that can be granted at the account level include:
- Administer: Users with this permission can edit users, groups, roles, and the authentication provider.
- Configure Email/SMS: Users with this permission can edit email and SMS settings used by AppDynamics to send alerts. See Configure the SMTP Server and Notification Actions.
- Execute Workflows: Users with this permission can execute workflows. See Workflow Overview.
Application- and Tier-Level Permissions
The following table lists the permissions that you can grant at the application level and tier levels. To enable or disable the application-level permissions for a role, see Configuring Application Level Permissions on Configure Custom Roles.
|Permission name||Activities enabled in the UI||Learn more|
|Configure Transaction Detection||Configure Business Transaction Detection|
Configure Backend Detection
|Configure Error Detection||Configure Error Detection|
|Configure Diagnostic Data Collectors||Configure Data Collectors|
|Configure Call Graph Settings||Configure Call Graphs|
|Configure Memory Monitoring||Configure Memory Monitoring for Java|
|Configure EUM||Set Up and Configure Web EUM|
|Configure Information Points||Configure Code Metric Information Points|
|Configure Health Rules||Configure Health Rules|
|Configure Business Transactions||Configure Thresholds|
|Configure Baselines||Configure Baselines|
|Configure SQL Bind Variables||Configure Call Graphs|
|Configure Agent Properties||App Agent Node Properties|
|Set JMX MBean Attributes and Invoke Operations||Monitor JMX MBeans|
|Configure Service Endpoints||Service Endpoint Monitoring|
|Configure Monitoring Level (Production/Deployment)||Monitoring in a Development Environment|
* Asterisks indicate activities that may be considered sensitive for purposes of security and data privacy. Carefully consider the security and data privacy policies of your organization before granting these permissions.
Custom Dashboard Permissions
Permissions you can grant for custom dashboards include:
Custom dashboards are a good way to present selected metrics for a user who needs a focussed view of the data. For example, an executive may need a high-level view of system activity and business metrics. You can grant users permission to view custom dashboards created especially for them.