Users, roles, permissions (original user model)

Note that if you're adding users on our original user model to an organization that has multiple accounts, you'll want to think about which account you add users to, because the account structure impacts what users have access to.

To add a new user to a New Relic account:

1. For the account you want to add a user to, go to: user menu > Account settings > Users and roles > Users.

2. In the upper right corner, click New user.

3. Enter the appropriate name and email address.

4. Select their user type. Note that the user type is a billing factor if you're on our usage-based pricing model.

5. Select their base role as either Admin, User, or Restricted.

6. Select Add user.

   The new user will receive an email notification automatically from New Relic.

   Important

   New Relic recommends a maximum of 1,000 accounts per user. Additional accounts may result in limited access to some New Relic features.

If you're on our usage-based pricing model, the user types of your users are a factor in your billing.

If you have multiple accounts in your organization, here are some important considerations when managing billable users on the original user model:

• You aren't able to see all your organization's users in a single UI. If your goal is to review and edit all your users (for example, editing their user type for billing purposes), you must go to the Users and roles UI for each individual account. (Note that the ability to more easily manage your users is one benefit of our newer user model.)

• Because of the above point, the count of billable users you see in the View your usage UI may not match the number of users you see when you go to a specific account's Users and roles UI.

• You can be charged for billable users in all accounts in your organization, regardless of whether those accounts are marked as "active" or "inactive" (not reporting data) in the Account settings UI.

  For tips on editing user type, see Manage user type.

Some important tips for managing user type:

• If you're on our usage-based pricing model, your users' user type is a billing factor.

• If you upgrade a user to a higher user type (either via the UI or via an upgrade request email), their user type is changed across all accounts in the organization.

  To update your users' user type:

1. Go to: user menu > Account settings > Users and roles > Users.

2. Select a user and edit their type, or bulk update the type for multiple users. Note that if your organization has multiple accounts, you can't see all your users in a single UI location: to manage users across in different accounts, you'll have to go to the Users and roles UI for each account.

   To view and approve users who have requested an upgrade:

3. Go to: user menu > Account settings > Users and roles.

4. Click Upgrade requests. Note that if your organization has multiple accounts, you can't see all your users in a single UI location: to manage users across in different accounts, you'll have to go to the Users and roles UI for each account.

   To control how users upgrade, from the Users and roles UI, you can select Access requests. You have two options:

• Automatic approval: With this option, users can automatically and immediately upgrade their user type. This option allows your users to more easily troubleshoot problems.

• Require review: With this option, your admins get a notification email when users request an upgrade and the admins must upgrade them first. They can be approved either from the notification email or from the user's record in the Users and roles UI.

  For more about user type, see User type.

For an introduction to using SAML SSO and/or SCIM provisioning, see Get started with SAML SSO or SCIM.

If your organization has implemented SAML Single Sign On, you may have a list of Pending users. These are users who have been added to the SAML-enabled account but have not yet confirmed.

For organizations on our newer usage-based pricing model and have users on our original user model, these Pending invite users are not billable. (If they're on our newer user model, Pending invite users are billable).

To update a person's role and permissions:

1. Go to: user menu > Account settings > Users and roles > Users.

2. Select the person's name.

3. Under Roles and capabilities, select their base role as Admin, User, or Restricted.

   The account Owner must update the Owner role.

To remove a user from your New Relic account:

1. Go to: user menu > Account settings > Users and roles > Users.

2. Click on the name of the person you would like to update.

3. Click Delete User.

   Tip

   You can also add, update, or delete users in bulk via CSV file.

The Owner role concept exists only for users on our original user model.

A New Relic account can have only one Owner role at any time. You must be the current account Owner to change your role to someone who currently has an Admin role for the account. If the current Owner is unavailable, contact your account representative at New Relic, or get support at support.newrelic.com.

You cannot delete or remove your assigned Owner role. However, if the account has one or more Admin role, you can change an Owner to an Admin.

1. Go to: user menu > Account settings > Account > Users and roles.

2. Above the Active users list, select Change owner. If an account has no Admins, this button won't be available.

3. Select someone who currently has an Admin role for the account.

4. Refresh the page for changes to take effect.

   Your previous Owner role automatically changes to an Admin role.

   To find out who is the current assigned Owner:

5. Go to: user menu > Account settings > Account > Users and roles.

6. View the Base role column to locate your account Owner.

   The Change owner button is only visible to the current account Owner. If the current Owner is unable to change the role (for example, that person no longer is with your organization), contact your account representative at New Relic, or get support at support.newrelic.com.

Here is a summary of Admin and Add-on manager permissions with alerts. To allow a User or Restricted User to execute any of these functions in alerts, assign an alerts add-on manager role.

Admin and manager permissions for alerts include:

• Create or name alert policies.
• Specify incident preferences.
• Disable or define alert conditions.
• Provide runbook instructions.
• Select product targets.
• Alter alert condition thresholds.
• Create, modify, or delete notification channels.

Here is a summary of Admin and Add-on manager permissions with APM. To allow a User or Restricted User to execute any of these functions in APM, assign an APM add-on manager role.

Admin and manager permissions for APM include:

• Remove applications from the New Relic UI.
• Delete app traces and error traces.

Here's a screenshot of the permissions for the applied intelligence manager, the incident intelligence manager, and the incident workflows manager. Note that the permissions UI may change over time. This screenshot is from March 2022.

Here is a summary of Admin and Add-on manager permissions with New Relic browser monitoring. To allow a User or Restricted User to execute any of these functions in New Relic Browser, assign a Browser add-on manager role.

Admin and manager permissions for Browser include:

• Add, rename, or delete applications.
• Manage whitelists.
• Manage domain conditions.

Here is a summary of Admin and Add-on manager permissions with New Relic Infrastructure. To allow a User or Restricted User to execute any of these functions in New Relic Infrastructure, assign an Infrastructure manager role.

Admin and manager permissions for Infrastructure include:

• Create alert conditions in New Relic infrastructure, including conditions for host not reporting.
• Add or modify integrations.

Note that New Relic Insights has been deprecated.

To allow a User or Restricted User to execute any of these functions, assign an Insights manager role. The functions include the ability to create, view, modify, or delete:

• Query API keys: Note that we now recommend using NerdGraph and not the Insights query API.
• Insert API keys: Note that we now recommend using the license key instead.

This governs the ability to use the Add user feature, located in the user menu.

See Nerdpack permissions.

Here's a summary of Admin and Add-on manager permissions with synthetic monitoring. To allow a User or Restricted User to execute any of these functions with synthetic monitoring, assign a synthetics add-on manager role.

Admin and manager permissions for synthetics include:

• Create, edit, or delete monitors.

• Edit monitor scripts.

• Create, edit, or delete private locations.

• Create, edit, or delete monitor downtimes.

• Create, view, edit, or delete secure credentials.

  For more information, see User roles in Synthetics.

This governs the ability to configure Infinite Tracing.

Here's a summary of Admin and Add-on manager permissions with New Relic workloads:

• Create, duplicate, modify, or delete workloads.

• Link dashboards to workloads and save filters.

  To allow a User or Restricted User to execute these functions, assign the workloads manager add-on role.

To view the list of individuals assigned to your account and their current roles: Go to user menu > Account settings > Users and roles.

Managed add-on roles are available by default for each New Relic product. Adding a managed role for a user grants them Admin-level permissions for the assigned product. They cannot be edited or deleted. To assign a managed add-on role for a User or Restricted User in your account:

1. Go to user menu > Account settings > Users and roles.

2. From the list of users associated with your account, select their name.

3. Under Add-on roles, select the type of manager role for the user.

4. To understand which permissions may be added, use the Capabilities preview chart.

   Features in the Capabilities preview chart may not exactly match what features are available for your subscription level.

   Tip

   You can also add, update, or delete users in bulk by using a CSV file.

To create a custom add-on role for your account:

1. Go to user menu > Account settings > Users and roles > Roles.
2. Select New custom add-on role.
3. Select the permissions necessary for the new custom role, then Create role.

You must create a custom role before assigning it to a user. To assign a custom add-on role for a User or Restricted User in your account:

1. Go to user menu > Account settings > Users and roles > Users.
2. From the list of users associated with your account, select their name ].
3. Under Add-on roles, select a custom role for the user.
4. Click Update user.

You cannot edit or delete New Relic's default roles. However, you can edit or delete custom add-on roles for your account:

1. Go to user menu > Account settings > Users and roles > Roles.
2. From the Add-on roles list, select the custom add-on role, then select Edit role or Delete role as appropriate.

If you have a backup CSV file saved:

1. Open the backup CSV file.
2. Populate the backup CSV file with the users whose roles will be modified.
3. Select a CSV action for the new CSV file: add, update, or delete
4. Upload the new CSV, and select Save changes.

If no backup CSV file has been previously downloaded:

1. Download the CSV file template.

2. Populate the spreadsheet with the information required for the user to be restored.

   Action	Required fields
   Add	User email, name, type, base role. Optional: Add-on role
   Update	User email, name, type, base role. Optional: Add-on role
   Delete	User email

3. Select a CSV action for the new CSV file: Add, Update, or Delete.

4. Upload the new CSV, and select Save changes.