On this page:
Roles define a set of privileges that AppDynamics Controller users have within the AppDynamics managed environment. This is also called "role-based access control", or "RBAC".
Roles provide an easy way to define and clone a set of permissions for a user or a group without having to configure every user's or every group's permissions individually.
A user or group can have multiple roles.
AppDynamics provides the following predefined roles:
- Account Owner: Can manage security settings (users, groups, roles) as well as view and modify applications and dashboards. This role is also known as the account administrator.
- Administrator: Can view and modify components that change state: applications, business transactions, dashboards, etc. Can view and edit all applications and all custom dashboards.
- Custom Dashboard Viewer: Can only view custom dashboards. Cannot do anything else.
- Read Only User: Can view but not edit all applications.
- Workflow Executor: Can execute workflows.
- DB Monitoring User: Can view the Database Monitoring UI. Cannot add, edit or delete remove database collectors.
- DB Monitoring Administrator: Can view the Database Monitoring UI and add, edit or delete database collectors.
You can view the configurations for predefined roles but you cannot change them. See View Predefined Roles.
Although you cannot modify the predefined roles, you can add or remove users and groups from the predefined roles by checking or clearing the Member check box in the Roles panel. See Configure Users and Groups.
You can create custom roles to manage user access by the application/tier level, the custom dashboard level, and the account level. When creating a role, you can create the role from scratch or duplicate an existing role, save it under another name, and then modify it as a custom role.
Permission Inheritance for Default Permissions
For application-level and custom dashboard permissions, AppDynamics provides a default set of permissions, named Default. The default permissions are inherited by new applications and new custom dashboards. The Default permissions are listed first in the Application Permissions subtab of the Roles tab.
Tier-level permissions are inherited from the containing application.
Permissions that can be granted at the account level include:
- Administer: Users with this permission can edit users, groups, roles, and the authentication provider.
- Configure Email/SMS: Users with this permission can edit email and SMS settings used by AppDynamics to send alerts. See Configure the SMTP Server and Notification Actions.
- Execute Workflows: Users with this permission can execute workflows. See Workflow Overview.
- Create War Rooms: Users with this permission can create (start) a war room. See Virtual War Room.
- View Business Flow: Users with this permission can view all the applications in a multi-business-application flow map, including those for which they are not granted explicit application permissions. However, this role does not grant permission to drill down to applications that they have no permission for. See Cross application flow in AppDynamics Concepts.
Application- and Tier-Level Permissions
The following table lists the permissions that you can grant at the application level and tier levels. To enable or disable the application-level permissions for a role, see Configuring Application Level Permissions on Configure Custom Roles.
|Permission name||Activities enabled in the UI||Learn more|
|Configure Transaction Detection||Configure Business Transaction Detection|
Configure Backend Detection
|Configure Error Detection||Configure Error Detection|
|Configure Diagnostic Data Collectors||Configure Data Collectors|
|Configure Call Graph Settings||Configure Call Graphs|
|Configure Memory Monitoring||Configure Memory Monitoring for Java|
|Configure EUM||Set Up and Configure Web EUEM|
|Configure DB Monitoring||Configure Database Collectors|
|View DB Monitoring||Monitor Your Servers using Server Monitoring - Beta|
|Configure Information Points||Configure Code Metric Information Points|
|Configure Health Rules||Configure Health Rules|
|Configure Business Transactions||Configure Transaction Thresholds|
|Configure Baselines||Configure Baselines|
|Configure SQL Bind Variables||Configure Call Graphs|
|Configure Agent Properties||App Agent Node Properties|
|Set JMX MBean Attributes and Invoke Operations||Monitor JMX MBeans|
|Configure Service Endpoints||Monitor Service Endpoints|
|Configure Monitoring Level (Production/Deployment)||Monitor Applications in a Development Environment|
* Asterisks indicate activities that may be considered sensitive for purposes of security and data privacy. Carefully consider the security and data privacy policies of your organization before granting these permissions.
Custom Dashboard PermissionsPermissions that can be granted at the custom dashboard level include:
Custom dashboards are a good way to present selected metrics for a user who only needs a relatively narrow or focussed view of the data. For example, such a user could be an executive who only needs a high-level view of system performance and activity. You can allow such users to view custom dashboards by assigning them to the built-in Custom Dashboard Viewer role. The permissions of this role are limited to viewing custom dashboards in the Controller UI.
As an alternative to using the Custom Dashboard Viewer role for this purpose, you can share a custom dashboard. A shared dashboard is essentially public; anyone with the URL for a shared dashboard can access it, even users who are not logged in to the Controller UI. For more information, see Share Custom Dashboards.