AppDynamics switched from Semantic Versioning to Calendar Versioning starting in February 2020 for some agents and March 2020 for the entire product suite.

    Skip to end of metadata
    Go to start of metadata

    Related pages:

    Your Rating:
    1 Star2 Star3 Star4 Star5 Star
    27 rates

    This page provides an overview of application permissions in AppDynamics. Application permissions follow an inheritance model with three levels listed in order from highest (default) to lowest (tier-specific):

    • Default permissions
    • Application-wide permissions
    • Tier-specific permissions

    By default, each level inherits from the one above it, unless you customize permissions at a lower level. This mechanism enables you to grant access to groups or users for specific business applications in the Controller UI.

    Customized permissions at a specific level override more general permissions at another level. That is, tier-specific permissions take precedence over application-specific permissions, and application-specific permissions override default permissions. Not all permissions can be customized at the tier-level. 

    You can set application permissions for custom roles from the Applications tab in the Controller Administration UI. You can also assign the Can Create Applications permission to a custom role. 

    Create Default Permissions

    All new applications inherit default permissions.

    To configure default application permissions
    1. From the Controller Administration UI, add or edit a custom role for which you want to grant default application permissions.
    2. On the Applications tab, to grant the role permission to create new applications, click Can Create Applications.
    3. Under Default Permissions, select the default permissions for this role: View, Edit or Delete.
      Default Permissions
      1. Click Delete to grant permissions to delete any application. To grant permission to delete a specific application, customize the permission at the application level.
      2. To grant specific permissions to edit specific application configurations for all applications:
        1. Click Edit to give all permissions to all applications or deselect Edit, and then click Edit (None).
        2. In the Edit Permissions window select the permissions for this role.
          Default Permissions
          For information about the permissions that can be granted at the application level and tier levels, review the Application and Tier Level Permissions table.
    4. Click OK in the Edit Permissions window.
    5. Click Save at the top of the pane to save the configuration for this role.

    Customize Application Permissions

    To customize business application level permissions, follow these steps:

    1. Choose Custom from the Permissions drop-down menu for the application. 
    2. Select View and then Edit (None). You can also grant permission to delete a specific application.
      Custom Application Default Permissions
    3. To customize permissions at the tier level, click Add to add tiers and select Edit.

      Customize Permissions By Tier
    4. In the dialog box, choose the individual permissions for the selected tier and click OK.
      Custom Edit Properties
    5. Click Save when you are finished selecting permissions.

    Overlapping Role Permissions Examples

    Within specific and default permissions, granting a specific permission takes precedence over denying the same permission elsewhere. So, if a user is assigned two roles and one grants a permission and the second role denies it, the user will have permissions for the activity.

    The following examples are designed to illustrate how overlapping permissions of different roles interact. The examples enable view, edit, and delete permissions to applications as shown for two Groups. The last column shows the resulting permissions for a specific user with roles that are assigned to each group. 

    Group 1Group 2

    Default Permissions
    (view, edit delete all applications)
    Explicit permissions
    (view, edit delete application-1)
    Default Permissions
    (view, edit delete all applications)
    Explicit permissions
    (view, edit delete application-1)
    • Result for example A:  User has view, edit, and delete permissions to all applications, including application-1.
    • Result for example B: User has view, edit, and delete permissions to all applications, including application-1.
    • Result for example C: User has view, edit, and delete permissions to all applications, excluding application-1.

    General Permissions

    PermissionActivities EnabledMore Information
    Can Create ApplicationsCreate business, browser, and mobile applications. Also controls the Archive Snapshot action.Business Applications
    View, Edit and Delete permissions for new applications can be set as part of the default permissions for a custom role

    View, edit or delete business applications (and the tiers and nodes), browser and mobile applications.

    Setting default delete permissions allows the user to delete all three artifacts from the application model. 

    Business Applications

    Tiers and Nodes

    Application and Tier Permissions

    You can grant the following permissions as specified. Permissions that can be customized at the tier level are indicated in the Description of Activities Enabled column. Asterisks (*) in the permissions table indicate permissions that are considered sensitive for security and data privacy purposes. Carefully consider the security and data privacy policies of your organization before granting these permissions.

    PermissionDescription of Activities EnabledMore Information
    Configure Transaction Detection*

    Create, edit, or delete transaction detection - can be at the tier level.

    Transaction Detection Rules

    Configure Backend Detection

    Create, edit, or delete backends - can be done at tier level.

    Backend Detection Rules

    Configure Error Detection

    Create, edit, or delete error detection.

    Error Detection
    Configure Diagnostic Data Collectors*

    Create, edit, or delete diagnostic data collectors.

    Data Collectors
    Configure Call Graph Settings
    • Edit call graph settings (no SQL)
    • Turn on or off capture raw SQL (call graph and SQL bind must both be on)
    Call Graph Settings
    Configure JMX

    Create, edit, or delete JMX metrics.

    Configure JMX Metrics from MBeans
    Configure Memory Monitoring

    Configure which custom classes are tracked by Object Instance Tracking.

     Note: To enable or disable Object Instance Tracking, you need the Configure Agent Properties permission.

    Object Instance Tracking for Java

    Configure EUM (for Browser RUM)

    See End User Monitoring Permissions.

    Configure the Controller UI for Browser RUM

    Configure EUM (for Mobile RUM)

    See End User Monitoring Permissions.

    Configure the Controller UI for Mobile RUM 

    Configure Information Points*

    Create, edit, or delete information points.

    Information Points

    Configure Health Rules

    Create, edit, or delete health rules.

    Configure Health Rules
    Configure Actions

    Create, edit, or delete actions on agent properties UI.

    Create, edit, or delete email digests.

    Alert and Respond


    Email Digests

    Configure Policies

    Create, edit, or delete policies.

    Configure Policies

    Configure Business Transactions

    Organize Business Transactions including:

    • Group Business Transactions
    • Exclude/un-exclude Business Transactions
    • Delete Business Transactions
    • Enable Business Transaction lockdown
    • Rename Business Transactions

    Configure Business Transaction thresholds.

    Configure snapshot settings.

    Set as a background task.

    Configure data collectors.

    Enable End User Monitoring.

    Enable analytics for business transactions.

    Enable or disable GUID injection.

    Organize Business Transactions

    Transaction Thresholds

    Transaction Snapshots

    Monitor Background Tasks

    Data Collectors

    Set Up and Access Browser RUM

    Collect Transaction Analytics Data

    Business Transaction and Log Correlation

    Configure Baselines

    Create, edit, or delete baselines.

    Dynamic Baselines

    Configure SQL Bind Variables*

    Turn on or off capture raw SQL (also requires Configure Call Graph Settings).

    Call Graph Settings

    Configure Agent Properties

    Create, edit, or delete agent configuration (can be done at tier level).

    Enable or disable automatic leak detection (can be done at tier level).

    Enable or disable object instance tracking (can be done at tier level).

    Enable or disable custom memory structure (can be done at tier level).

    App Agent Node Properties

    Object Instance Tracking for Java

    Custom Memory Structures for Java

    Agent Advanced Operation

    Reset agent from the node dashboard.

    Request agent thread dumps.

    Request agent debug logs.

    Manage App Agents

    Diagnostic Actions

    Request Agent Log Files

    Set JMX MBean Attributes and Invoke Operations

    Edit MBean attributes or invoke actions on operations.

    Monitor JMX

    Configure Service Endpoints

    Create, edit, or delete service endpoints.

    Service Endpoint Detection

    Configure Monitoring Level (Production/Deployment)

    Switch between production and development mode.

    Development Level Monitoring

    Configure 'My Dashboards' for Tiers and Nodes

    Create, edit or delete custom dashboards (can be done at tier level).

    Create and Manage Custom Dashboards and Templates

    Custom Dashboards

    Create EventsCreate, edit, or delete events.Alert and Respond API
    Start Diagnostic Sessions

    Start a diagnostic session.

    Diagnostic Sessions

    View Sensitive Data*In combination with the Configure Transaction Detection permission, enables the use of Live Preview and Business Transaction Discovery features to stream live data from your application.Custom Match Rule Live Preview
    • No labels