AppDynamics Application Intelligence Platform
Roles define a set of privileges that AppDynamics Controller users have within the AppDynamics managed environment. This is also called "role-based access control", or "RBAC".
Roles provide an easy way to define and clone a set of permissions for a user or a group without having to configure every user's or every group's permissions individually.
A user or group can have multiple roles.
AppDynamics provides the following predefined roles:
You can view the configurations for predefined roles but you cannot change them. See View Predefined Roles.
Although you cannot modify the predefined roles, you can add or remove users and groups from the predefined roles by checking or clearing the Member check box in the Roles panel. See Configure Users and Configure Groups.
You can create custom roles to manage user access by the application/tier level, the custom dashboard level, and the account level. When creating a role, you can create the role from scratch or duplicate an existing role, save it under another name, and then modify it as a custom role.
For application-level and custom dashboard permissions, AppDynamics provides a default set of permissions, named Default. The default permissions are inherited by new applications and new custom dashboards. The Default permissions are listed first in the Application Permissions subtab of the Roles tab.
Tier-level permissions are inherited from the containing application.
Permissions that can be granted at the account level include:
The following table lists the permissions that you can grant at the application level and tier levels. To enable or disable the application-level permissions for a role, see Configuring Application Level Permissions on Configure Custom Roles.
|Permission name||Activities enabled in the UI||Learn more|
|Configure Transaction Detection||Configure Business Transaction Detection|
Configure Backend Detection
Configure Backend Detection (Java)
|Configure Error Detection||Configure Error Detection|
|Configure Diagnostic Data Collectors||Configure Data Collectors|
|Configure Call Graph Settings||Configure Call Graphs|
Configure JMX Metrics from MBeans
|Configure Memory Monitoring||Configure Memory Monitoring for Java|
|Configure EUM||Set Up and Configure Web EUEM|
|Configure Information Points||Configure Code Metric Information Points|
|Configure Health Rules||Configure Health Rules|
|Configure Business Transactions||Configure Thresholds|
|Configure Baselines||Configure Baselines|
|Configure SQL Bind Variables||Configure Call Graphs|
|Configure Agent Properties||App Agent Node Properties|
|Set JMX MBean Attributes and Invoke Operations||Monitor JMX MBeans|
|Configure Service Endpoints||Monitor Service Endpoints|
|Configure Monitoring Level (Production/Deployment)||Monitoring in a Development Environment|
* Asterisks indicate activities that may be considered sensitive for purposes of security and data privacy. Carefully consider the security and data privacy policies of your organization before granting these permissions.
Permissions that can be granted at the custom dashboard level include:
Custom dashboards are a good way to present selected metrics for a user who only needs a relatively narrow or focussed view of the data. For example, such as user could be an executive who only needs a high-level view of system performance and activity. You can grant such users permission to view custom dashboards created especially for them.
I found some errors in the permissions description. My fault actually. I documented them wrong. Here are the changes:
The permission name "Configure Call Graph Settings" does not control the "start diagnostic session" activity. The "start diagnostic session" activity is controlled by the "Configure Business Transactions" permission.
Thanks, Jack. I've updated the page.
Thanks a lot Steve! Looks good.