On this page:
Roles define a set of privileges that AppDynamics Controller users have within the AppDynamics managed environment. This is also called role-based access control, or RBAC.
The Controller UI enables you to apply permissions at a very fine-grained level. For example, you can grant permissions to the configuration only for application or particular tier, or to access a particular feature of the UI, such as custom dashboards.
The Controller UI includes these preconfigured roles:
Although you cannot edit the predefined role permissions, you can create new ones based on the existing roles, as described in the following section.
A particular user can have multiple roles with possibly conflicting permissions. The following explains the order of precedence for the permissions:
A common strategy for designing roles would be to have a role with the minimum permissions allowable for all users, such as dashboard view permissions. Then you create roles that use customizations to give explicit permissions to a particular feature or business application.
To view permissions, as an administrator or account owner in the Controller UI, click Settings > Administration from the gear icon menu and click the Roles tab. From the tab, you can create new roles and modify or delete custom roles.
After you have created a custom role, select it and configure permissions by clicking the tabs:
The following sections provide more information on these permissions.
Application permissions follow an inheritance model in the Controller UI. There are three levels in the model:
By default, each level inherits from the one above it, unless permissions are customized at the lower level. This is the mechanism that lets you permit access to groups or users only to specific business applications in the Controller UI.
In your custom role, you can view or modify the default by clicking the View checkbox in the Default row, as follows:
For the other levels, from the permissions menu, choose Customized instead of Inherited from Default or Inherited from Application and then click Edit to configure application permissions. For information on those application permissions, see Application Permissions below.
Custom dashboards are a good way to present selected metrics for a user who only needs a relatively narrow or focused view of the data. For example, an executive may only need a high-level view of system performance and activity. You can allow such users to view custom dashboards by assigning them to the built-in Custom Dashboard Viewer role. The permissions of this role are limited to viewing custom dashboards in the Controller UI. War rooms are collaborative custom dashboards created in real time.
As an alternative to using the Custom Dashboard Viewer role to share dashboards, you can share a custom dashboard. A shared dashboard is essentially public; anyone with the URL for a shared dashboard can access it, even users who are not logged in to the Controller UI. For more information, see Custom Dashboard Visibility and Permissions in Custom Dashboards.
You grant privileges to view, edit or delete a custom dashboard or war room in the Custom Dashboard and War Room Permissions tab.
The default dashboard role applies if more specific permissions are not set for a custom dashboard or for new dashboards created later. Every dashboard inherits the default custom dashboard permissions unless you override them by configuring separate permissions for individual dashboards.
For example, you could have a custom dashboard called SalesDashboard and a custom role SalesRole, and another custom dashboard called FinanceDashboard and a custom role FinanceRole. The SalesRole could be configured to have permissions in the SalesDashboard but not in the FinanceDashboard or vice-versa.
Account-level permissions are general settings that apply across business applications in the UI, or outside the context of an application. Most can be considered administration permissions. These include:
The following table lists the permissions that you can grant at the application level and tier levels, and those required to configure and the features such as EUM and Database Monitoring.
Asterisks (*) indicate permissions that should be considered sensitive for security and data privacy purposes. Carefully consider the security and data privacy policies of your organization before granting these permissions.
|Permission name||Activities enabled in the UI||Learn more|
|Configure Transaction Detection||Business Transaction Detection|
Configure Backend Detection
|Configure Error Detection||Configure Error Detection|
|Configure Diagnostic Data Collectors||Collecting Application Data|
|Configure Call Graph Settings||Configure Call Graphs|
|Configure Memory Monitoring||Configure Memory Monitoring for Java|
|Configure EUM||Set Up and Configure Browser RUM|
|Configure DB Monitoring||Configure Database Collectors|
|View DB Monitoring||Monitor Your Servers using Server Monitoring - Beta|
|Configure Information Points||Information Points|
|Configure Health Rules||Configure Health Rules|
|Configure Business Transactions||Transaction Thresholds|
|Start Diagnostic Sessions (New in 4.1.5)||Using Diagnostic Sessions|
|Configure Baselines||Dynamic Baselines|
|Configure SQL Bind Variables||Configure Call Graphs|
|Configure Agent Properties||App Agent Node Properties|
|Set JMX MBean Attributes and Invoke Operations||Monitor JMX MBeans|
|Configure Service Endpoints||Service Endpoints|
|Configure Monitoring Level (Production/Deployment)||Monitor Development Environments|
|Configure Tier / Node Custom Dashboards||Create and Manage Custom Dashboards and Templates|