In mid-2020, New Relic released a newer user model, referred to as the New Relic One user model. Here are the users on this user model:
- Users on New Relic organizations created on or after July 30 2020.
- Users on older accounts who were added via automated user management.
This doc will explain the structure of the New Relic One user model, including:
For how to add and manage users, see User management.
User type: basic and full
The user type determines the monitoring and analysis features a user has access to, and is a key factor in billing. (Note that user type does not control account admin-related permissions; that's determined by the user group.)
There are two user types:
- Basic user:
- These users are free and have access to basic features like setting up reporting of data, running queries of data, making custom charts and dashboards, and setting up alerts. They do not have access to Full-Stack Observability features. For details, see Capabilities.
- No matter what group a basic user is assigned to, they always have the capabilities of a basic user: no more and no less.
- Basic users can upgrade on their own to become full users (with exception of users on original user model). Basic users are prompted to upgrade themselves when they attempt to access a feature available only to full users.
- Full user:
- These users are billable and have access to our Full-Stack Observability features, which includes our curated UI experiences, like APM, infrastructure monitoring, browser monitoring, mobile monitoring, and synthetic monitors. For details, see Capabilities.
- The Standard pricing tier includes one free full user and up to five total.
To understand more about basic users and full users:
- Compare full vs basic capabilities
Below is a detailed table showing differences between basic user and full user capabilities. In short, basic users have access to our Telemetry Data Platform and Applied Intelligence (read-only) features, while full users have access to that plus Full-Stack Observability features.
Features Full user Basic user Full-Stack Observability
(New Relic-built UI experiences)
Application performance monitoring (APM) UI fa-check Infrastructure monitoring UI fa-check Digital Experience Monitoring (Browser, Mobile, Synthetics) UI fa-check Serverless monitoring UI fa-check Logs in context with other UI experiences fa-check Synthetics checks fa-check New Relic Edge with Infinite Tracing (tail-based sampling) fa-check
(Pro and Enterprise)
Subscribe to New Relic One catalog apps fa-check Assorted curated UI experiences (distributed tracing, Kubernetes cluster explorer, workloads, etc.) fa-check Applied Intelligence (AI) Proactive Detection fa-check fa-check
Incident Intelligence fa-check fa-check
Telemetry Data Platform Data ingest from any source (Metrics, Events, Logs, Traces) fa-check fa-check Alerts and notifications fa-check fa-check Interactive query interface fa-check fa-check Custom charts and dashboards (not New Relic-built) fa-check fa-check Encryption at rest fa-check fa-check Standard data retention fa-check fa-check NerdGraph (GraphQL) API fa-check fa-check Security and compliance fa-check fa-check Integrations fa-check fa-check Data management fa-check fa-check Logs UI fa-check fa-check Build custom New Relic One apps fa-check fa-check
Learn more about how user type (basic vs full) relates to roles and capabilities.
Learn more about user-related billing calculations.
- Tips on choosing user type
Reasons to make someone a full user:
- They play a key role in the development, testing, deployment, and maintenance phases of the application development lifecycle.
- They break/fix code regularly; they are responsible for triaging workflows, troubleshooting, or managing users and roles for their team.
- They have DevOps practices (i.e. version control systems and implement CI/CD).
- They need to use New Relic's curated dashboards and experiences (not just the ability to create their own custom queries and charts); in other words, they need full access to our platform.
- They need to be able to manage users.
Reasons to make someone a basic user:
- They play a key role in the planning phase of the application development lifecycle.
- They use and configure New Relic agents, APIs, and integrations to send us data, and access, configure, and use alerts on such data (not necessarily responsible for triaging workflows, troubleshooting, or managing users and roles for their team).
- They want to see high-level analytics and business metrics for future planning (such as C-Suite executives).
- They do not need to use our curated experiences and dashboards, but would benefit from the ability to create their own custom queries and charts of data; in other words, they don't need full access to the platform.
- They don't manage users.
Are you switching from our original pricing plan to New Relic One pricing? Learn about how to convert your users.
Learn more about user-related billing calculations.
- Understand user-related billing
For user-related billing calculation details, see Calculations.
For how to query and alert on usage data, see Query usage data.
A user group allows managing multiple users at the same time. Your New Relic users are assigned to a group and that group is granted access to specific roles and specific accounts.
We have two default user groups you can add users to:
- User: Adding someone to this group allows them to use and configure monitoring/analysis features but not perform account-related tasks like managing billing or users.
- Admin: Adding someone to this group gives them the abilities of the User group and also gives them access to account/organization-related abilities like managing billing-related settings and managing users.
Pro and Enterprise tier accounts can create their own custom roles and custom groups.
Roles and capabilities
Roles are a set of capabilities. A capability is defined as the ability to do a specific New Relic task, like 'Delete alert conditions' (see more examples).
We provide some default standard roles (below). Pro and Enterprise tier accounts can also create custom roles.
Our standard roles are default sets of capabilities that satisfy some commonly needed use cases. These standard roles are assigned to our default Admin and User groups, but you can also assign these roles to a custom group.
Most standard roles have capabilities that are unique and that can't be replicated with a custom role. For example, to assign billing management capabilities to a user, you'd need to assign them the Billing user role; you wouldn't be able to assign billing management capability with a custom role. The only standard roles that can be replicated with custom roles are Read only, Standard user, and All product admin (this role is the equivalent of choosing all available capabilities).
Standard roles include:
|Read only||Provides read-only access to the New Relic platform (except for synthetic monitor secure credentials).|
|Standard user||Provides standard access to the platform, including the ability to configure most monitoring tools, but does not include the ability to configure more sensitive settings, including account-level configuration and synthetic monitor secure credentials.|
|All product admin||
Provides admin-level access to the platform. This includes all New Relic capabilities with the exception of managing users (Organization manager and Authentication domain manager) and managing billing-related settings (Billing user).
Provides ability to manage subscriptions and billing, and read-only access to the rest of the platform.
Provides the ability to manage users on the New Relic One user model. This includes abilities to manage user groups, roles, and access grants. For how to grant this role, see Add user management capability.
|Authentication domain manager||
Provides the ability to manage authentication domains for users on the New Relic One user model. Authentication domains control how users are authenticated, whether via manual username/password or using SAML SSO, and SCIM provisioning (also called automated user management). For how to grant this role, see Add user management capability.
|Manage v1 users||
For New Relic organizations that existed before July 30 2020 and have users on our original user model, this role lets you manage those "v1" users.
Roles and user groups
- User: this group has only the All product admin standard role, which grants general platform access and some basic admin capabilities.
- Admin: this group has all the standard roles, giving it complete admin capabilities.
Custom groups can be assigned standard roles or custom roles.
Roles and user type
User type refers to whether a user is a basic user or a full user.
A basic user can be defined as having the All product admin standard role but without access to Full-Stack Observability features (learn more). A basic user always has basic user capabilities, no more and no less, regardless of what group they're assigned to. One nonintuitive impact of this is that a group's basic users could have more capabilities than its full users have. For example, if you created a custom group with very minimal capabilities, the full users in that group would have those minimal capabilities, but any basic users in that group would have more capabilities than the full users because the capabilities of a basic user trump group capabilities.
A full user's capabilities will depend on its assigned group; it has theoretical access to all roles and capabilities.
For more on this, see User type.
Custom roles and capabilities
For tips on setting up custom roles and capabilities, see Add custom role.
To learn how to add users, and create custom groups and roles, see Manage users.
2020 user model changes
If you'd like to understand how our user model changed in 2020 and how this affects some functionality, see Impacts of user model changes.