For users on our New Relic One user model, we provide various user management features, including the ability to:
- Use role based access control (RBAC) to assign default or custom roles to user groups
- Create custom user groups
- Grant user groups access to specific roles and accounts
To quickly check if you can access these user management features, go to the user management UI and see what you have access to.
- These features allow managing of users on the New Relic One user model. To learn more, see User models.
- Some capabilities require the Organization manager role and some require the Authentication domain manager role. For details, see Standard roles.
- Pricing tier requirements:
- A New Relic user can have a maximum of either three concurrent active sessions, or three unique IP addresses in use at any given time.
- User management: Use this to add users, update user information, and approve upgrade requests.
- Organization and access: Use this page to create and manage groups, roles, and access grants.
To optimally use our more advanced user management features, it's important to first understand the concept of the "access grant." An access grant gives a group of users access to a) a role and b) an account. For a New Relic organization that has many accounts, groups typically require more than one access grant because users in a group usually need access to multiple accounts and roles. The diagram below explains the elements that make up an access grant.
Note that if you're on our Standard tier and want to assign a user to a default group (Admin or User), you don't need to create an access grant: you would simply add a user to that group and you're done. But for Pro and Enterprise tier accounts, if you're trying to grant users access to a custom group, a custom role, or to other accounts, you must create an access grant.
A diagram explaining how you can grant user groups access to roles and accounts. Note that this applies to users on our New Relic One user model (and not our original user model).
Some tips on setting up access grants:
- It may help to first plan out how your access grants will be organized. How many accounts will you have? What user groups will get access to which roles and which accounts? Will you use our default groups and roles or create your own custom groups and roles?
- For smaller, flatter organizations okay with full internal transparency, you may only need a couple groups.
- A common configuration for organizations with many accounts (roughly 20 or more) is setting up groups with the more organization-scoped roles (Organization manager, Authentication domain manager, and Billing user) on the primary account, and then on other accounts, setting up groups with the more product-scoped roles (like All product admin, Standard user, or custom roles).
Here are some definitions of our user management terms and how they relate to each other:
- A capability is an ability to use or edit a specific, granular New Relic feature. Examples of capabilities:
- The ability to modify APM settings
- The ability to delete alert conditions
- A role is a set of capabilities. Our default standard roles have various capability sets, and you can create custom roles that have a custom set of capabilities.
- A user group has one or more roles associated with it. You assign your users to a group. We have default user groups (Admin and User), and you can make your own groups.
- An access grant is what grants a user group access to roles and specific New Relic accounts. An access grant essentially states, "This group is assigned this role on this New Relic account." Adding a user to a group doesn’t do anything unless that group is included in an access grant.
- An authentication domain contains a set of users who are added to New Relic and who log in to New Relic in the same way. For example, you may have one authentication domain for users who log in via username/password and another authentication domain for users who log in via SAML.
- If a user is a basic user, this takes precedence over any role-related limitations. For more on this, see Basic user and roles.
In the Organization and access UI, you can create custom groups, roles, and grant access to user groups.
Here are some example user management procedures:
To see an audit log of changes to your account, including user management actions, you can query the
If you need more help, check out these support and learning resources:
- Browse the Explorers Hub to get help from the community and join in discussions.
- Find answers on our sites and learn how to use our support portal.
- Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
- Review New Relic's data security and licenses documentation.