PDFs


This page applies to an earlier version of the AppDynamics App IQ Platform.
See the latest version of the documentation.


Skip to end of metadata
Go to start of metadata

Application Analytics provides role-based access control (RBAC) to enable you to control and protect your data. The Analytics permissions enable you to provide granular, controlled access to features and analytics data in your environment. This topic outlines the available permissions.

Predefined Roles and Permissions

A predefined role called Analytics Administrator is provided with preset default permissions for all the analytics permissions. 

 The following screen shot shows the Administration window and the default Analytics admin role and Analytics permissions tab. 

Click to expand

 

To create roles and assign users to roles for analytics purposes, users need both the Analytics Administrator and the Account Owner role.

You can clone predefined roles as a starting point for creating your own customized roles, but you should not assume the cloned roles have all of the permissions of the predefined role. In some cases, there may be hidden permissions, so you should add or remove permissions as needed for your customized role to ensure that you get the RBAC result you need.

Default Application 

To ensure that your users have access to the full Analytics functionality they need, be sure to give them the view permission on the Default Application. This permission is given to all predefined admin roles and to the Read Only role. If you create new roles for analytics, you need to grant this permission in addition to specific analytics permissions.
 
When you create a new role, this permission is not automatically given to that role. You can either turn on the view permission by checking view option on Default application or you can add the Read Only role to new users. From the Administration page Applications tab, grant view permissions to the Default Application as shown in the following screen shot:
Click to enlarge 

General Permissions

This section contains permissions that control access to analytics features:

Search Permissions

All the saved searches created in Analytics appear in this section. The admin role can assign View, Edit and Delete permissions on a search by search level. The admin can create and save specific searches needed by various roles in your organization. In addition to enabling the permissions, View, Edit, and Delete, for a specific saved search, the admin must also enable access to the related application or log source type for the search. Otherwise, the data access level won't be granted to the role.

To create a new saved search, the user must have the Can Create a Search permission.

View permission: Assigning only the View permission for a saved search means users can not edit or delete the search.

Edit permission: Assigning Edit permission for a saved search means users can modify the filter criteria and save back to the same search.

Delete permission: Assigning Delete permission for a saved search means users can delete the search.

Event Type Permissions

Transactions Permissions: This section enables the admin user to assign permissions for viewing application transaction data. Permissions can be granted to view all transaction data for the account or on an application by application basis. When creating new roles, remember that granting permissions to view transaction analytics data does not automatically grant permissions to see all application data associated with a specific transaction analytics record. You need to grant at least read-only permissions to the application to enable the user to see associated transaction snapshot data such as flow maps.

Log Permissions: This section enables the admin user to assign permissions for viewing log data. Permissions can be granted to view log data for all source types configured for the account or on a source by source basis.

Browser Requests Permissions: This section enables the admin user to assign permissions for viewing browser request data. Permissions can be granted to view data for all applications for the account or on an application by application basis.

Mobile Requests Permissions: This section enables the admin user to assign permissions for viewing mobile requests and crash report data. Permissions can be granted to view data for all applications for the account or on an application by application basis.

Custom Analytics Events: This section enables the admin user to assign permissions for querying custom analytics events data. Permissions can be granted to view data for all custom analytics events or on an event by event basis.

Synthetic Permissions: This section enables the admin user to assign permissions for querying Synthetic events data. Permissions can be granted to view data for all applications for the account or on an application by application basis.

Upgrade Note

When you upgrade from 4.0.x or 4.1.x to versions prior to 4.2.1.4, all existing users are assigned the Analytics Administrator role. Unneeded permissions should be removed manually.

When you upgrade to 4.2.1.4 and later, the Analytics Administrator role is assigned to users who already have the “Administrator” role. Non-admin users who had access to all the Analytics functionality in 4.1, will no longer have full access. The Administrators need to manually assign this role to users as needed and or create new user roles and grant appropriate access to the Analytics functionality.

  • No labels