This page applies to an earlier version of the AppDynamics App IQ Platform.
For documentation on the latest version, see the 4.4 Documentation.


Skip to end of metadata
Go to start of metadata

On this page:

 

Roles define a set of privileges that AppDynamics Controller users have within the AppDynamics managed environment. This is also called "role-based access control", or "RBAC".

Roles provide an easy way to define and clone a set of permissions for a user or a group without having to configure every user's or every group's permissions individually.

A user or group can have multiple roles.

Predefined Roles

AppDynamics provides the following predefined roles:

  • Account Owner: Can manage security settings (users, groups, roles) as well as view and modify applications and dashboards. This role is also known as the account administrator.
  • Administrator: Can view and modify components that change state: applications, business transactions, dashboards, etc. Can view and edit all applications and all custom dashboards.
  • Custom Dashboard Viewer: Can only view custom dashboards. Cannot do anything else.
  • Read Only User: Can view but not edit all applications.
  • Workflow Executor: Can execute workflows.
  • DB Monitoring User: Can view the Database Monitoring UI. Cannot add, edit or delete remove database collectors.
  • DB Monitoring Administrator: Can view the Database Monitoring UI and add, edit or delete database collectors.

You can view the configurations for predefined roles but you cannot change them. See View Predefined Roles.

Although you cannot modify the predefined roles, you can add or remove users and groups from the predefined roles by checking or clearing the Member check box in the Roles panel. See Configure Users and Groups.

Custom Roles

You can create custom roles to manage user access by the application/tier level, the custom dashboard level, and the account level. When creating a role, you can create the role from scratch or duplicate an existing role, save it under another name, and then modify it as a custom role.

See Configure Custom Roles.

Permission Inheritance for Default Permissions

For application-level and custom dashboard permissions, AppDynamics provides a default set of permissions, named Default. The default permissions are inherited by new applications and new custom dashboards. The Default permissions are listed first in the Application Permissions subtab of the Roles tab.

Tier-level permissions are inherited from the containing application.

Account-Level Permissions

Permissions that can be granted at the account level include:

  • Administer: Users with this permission can edit users, groups, roles, and the authentication provider.
  • Configure Email/SMS: Users with this permission can edit email and SMS settings used by AppDynamics to send alerts. See Configure the SMTP Server and Notification Actions.
  • Execute Workflows: Users with this permission can execute workflows. See Workflow Overview
  • Create War Rooms: Users with this permission can create (start) a war room. See Virtual War Room.
  • View Business Flow: Users with this permission can view all the applications in a multi-business-application flow map, including those for which they are not granted explicit application permissions. However, this role does not grant permission to drill down to applications that they have no permission for. See Cross application flow in AppDynamics Concepts.

Application- and Tier-Level Permissions

The following table lists the permissions that you can grant at the application level and tier levels. To enable or disable the application-level permissions for a role, see Configuring Application Level Permissions on Configure Custom Roles.

Permission nameActivities enabled in the UILearn more
Configure Transaction Detection
  • Create, edit, or delete transaction detection (can be at the tier level)*
Configure Business Transaction Detection

Configure Backend Detection

  • Create, edit, or delete backends (can be done at tier level)

Backend Monitoring

Configure Backend Detection for Java

Configure Backend Detection for .NET

Configure Error Detection
  • Create, edit, or delete error detection
Configure Error Detection
Configure Diagnostic Data Collectors
  • Create, edit, or delete diagnostic data collector*
Configure Data Collectors
Configure Call Graph Settings
  • Edit call graph settings (no SQL)
  • Turn on or off capture raw SQL (call graph and SQL bind must both be on)
Configure Call Graphs
Configure JMX
  • Create, edit, or delete JMX Metric

Configure JMX Metrics from MBeans

Create and Import or Export JMX Metric Configurations

Configure Memory Monitoring
  • Configure object instance tracking (can be done at tier level)
  • Configure custom memory structure (can be done at tier level)
Configure Memory Monitoring for Java
Configure EUM
  • Configure EUM
Set Up and Configure Web EUEM
Configure DB Monitoring
  • Can create, edit, and delete Database Collectors
  • Can view all Database Monitoring windows
Configure Database Collectors
View DB Monitoring
  • Can view all Database Monitoring windows
Monitor Your Servers using Server Monitoring - Beta
Configure Information Points
  • Create, edit, or delete information points*
Configure Code Metric Information Points
Configure Health Rules
  • Create, edit, or delete Health Rules
Configure Health Rules
Configure Actions
  • Create, edit, or delete Actions on Agent Properties UI
  • Create, edit, or delete Policy
  • Create, edit, or delete Email Digests

Notification Actions

Policies

Email Digests

Configure Business Transactions
  • Modify default slow thresholds
  • Start diagnostic session
Configure Transaction Thresholds
Configure Baselines
  • Create, edit, or delete baselines
Configure Baselines
Configure SQL Bind Variables
  • Turn on or off capture raw SQL (must have both Call Graph and SQL Bind on)*
Configure Call Graphs
Configure Agent Properties
  • Create, edit, or delete agent configuration (can be done at tier level)
  • Enable or disable automatic leak detection (can be done at tier level)
  • Enable or disable object instance tracking (can be done at tier level)
  • Enable or disable custom memory structure (can be done at tier level)
App Agent Node Properties
Set JMX MBean Attributes and Invoke Operations
  • Edit MBean attributes or invoke actions on operations
Monitor JMX MBeans
Configure Service Endpoints
  • Create, edit, or delete service end points
Monitor Service Endpoints
Configure Monitoring Level (Production/Deployment)
  • Switch between production and development mode
Monitor Applications in a Development Environment

* Asterisks indicate activities that may be considered sensitive for purposes of security and data privacy. Carefully consider the security and data privacy policies of your organization before granting these permissions.  

Custom Dashboard Permissions

Permissions that can be granted at the custom dashboard level include:

  • View
  • Edit
  • Delete

Custom dashboards are a good way to present selected metrics for a user who only needs a relatively narrow or focussed view of the data. For example, such a user could be an executive who only needs a high-level view of system performance and activity. You can allow such users to view custom dashboards by assigning them to the built-in Custom Dashboard Viewer role. The permissions of this role are limited to viewing custom dashboards in the Controller UI.

As an alternative to using the Custom Dashboard Viewer role for this purpose, you can share a custom dashboard. A shared dashboard is essentially public; anyone with the URL for a shared dashboard can access it, even users who are not logged in to the Controller UI. For more information, see Share Custom Dashboards.

  • No labels