Skip to end of metadata
Go to start of metadata

Roles define a set of permissions that users of the AppDynamics Controller may have within the AppDynamics managed environment. This is also called role-based access control, or RBAC. 

The Controller UI enables you to apply permissions at a fine-grained level. For example, you can grant permission to configure only a single application or a particular tier, or to access a particular feature of the UI, such as custom dashboards.

Predefined Roles

The Controller UI includes predefined roles for administrator and read-only users. You cannot edit the predefined role permissions, however you can create new roles as described in Creating Custom Roles.

The Controller UI includes these roles:

  • Account Owner: Can add or edit users, groups, roles, and the authentication provider. This role has most of the account-level permissions and is sometimes known as the account administrator. See Account Permissions.
  • Administrator: Can view and modify components that change state, such as applications, business transactions, dashboards, and so on. Can create War Rooms, view business flow, view and configure scheduled reports. This role can not add or edit users, groups, or roles.
  • Analytics Administrator: Can view and grant access to Analytics features, such as creating API keys, creating metrics, creating extracted fields, and granting access for viewing analytics data. The Analytics Administrator has the capability to control which roles have access to specific applications or log source types. Additionally, the Analytics Administrator is the only user who is in charge of saved searches. By creating different saved searches, the Analytics admin can provide different data access levels to analytics users. For more details, see:
  • Dashboards Viewer: Can view custom dashboards. 
  • DB Monitoring User: Can view the Database Monitoring UI. Cannot add, edit or delete database collectors.
  • DB Monitoring Administrator: Can view the Database Monitoring UI and add, edit or delete database collectors.
  • Server Monitoring Administrator: Can view the Server Monitoring UI and configure Service Monitoring features including Service Availability Monitoring.
  • Server Monitoring User: Can view Server Monitoring UI. Can not configure Server Monitoring features.
  • Universal Agent Administrator: Can configure and view the Universal Agent
  • Universal Agent User: Can view the Universal Agent
  • Applications and Dashboards Viewer: Can view all applications and their dashboards but cannot edit any. (formerly known as the Read-Only User)
  • Workflow Executor: Can execute workflows.
To view the predefined roles
  1. While logged in to the Controller UI as an Administrator or Account Owner, click  (gear icon) > Administration.
  2. Click the Roles tab to view the list of predefined roles.

  3. You can click the Users and Groups with this Role tab to view users and groups assigned to a selected role.

Creating Custom Roles

Users with the Account Owner role or the Administer users, groups, roles ...permission can create new custom roles in the Controller UI. A common strategy for designing roles is to create a role with the minimum permissions allowable for all users, such as view permissions. Then you can create roles that use customizations of that minimum permission role to give additional, explicit permissions to a specific feature or business application. 

You can clone predefined roles as a starting point for creating your own customized roles, but you should not assume the cloned roles have all of the permissions of the predefined role. In some cases, there may be hidden permissions, so you should add or remove permissions as needed for your customized role to ensure that you get the RBAC result you need.

To create or edit a custom role
    1. While logged in to the Controller UI as an Account Owner (or other role with the Administer users, groups, roles ...permission), click  (gear icon) > Administration.
    2. Click the Roles tab to view the list of predefined roles.
      From the tab, you can create new roles and modify or delete custom roles.
    3. Click  + to create a custom role.

    4. Configure permissions by clicking the tabs. See the Related Pages links for more information on the specific permissions for each tab.
    • Account 
    • Applications 
    • Databases
    • Analytics 
    • Dashboards
    • Users and Groups with this Role
  • No labels