In mid-2020, New Relic released a newer user model, referred to as the New Relic One user model. Here are the users on this user model:
- Users on New Relic organizations created on or after July 30 2020.
- Users on older accounts who were added via automated user management.
This doc will explain the structure of the New Relic One user model, including:
- User type (basic user vs full user)
- User groups
- User roles and how they relate to user type and groups
For how to add and manage users, see User management.
User type: basic and full
The user type determines what features a user has access to, and is a key factor in billing.
There are two user types:
- Basic user. Details:
- These users are free and have access to basic features like setting up reporting of data, running queries of data, making custom charts and dashboards, and setting up alerts. They do not have access to Full-Stack Observability features (for more details, see Capabilities).
- With the Standard pricing tier, these users can only be assigned to the default User group.
- No matter what custom group a basic user is assigned to, they always have the capabilities of a basic user: no more and no less.
- Basic users can upgrade on their own to become full users (with exception of users on original user model). Basic users are prompted to upgrade themselves when they attempt to access a feature available only to full users.
- Full user. Details:
- These users are billable and have access to our Full-Stack Observability features, which includes our curated UI experiences, like APM, infrastructure monitoring, browser monitoring, mobile monitoring, and synthetic monitors. For details, see Capabilities.
- These users can be added to the default Admin group.
- The Standard pricing tier includes one free full user and up to five total.
To change a user's type, use the User management UI.
To understand more about basic users and full users:
Below is a table showing basic user versus full user capabilities. In short, basic users have access to our Telemetry Data Platform and Applied Intelligence features, while full users have access to all of that plus Full-Stack Observability features.
Features Full user Basic user Full-Stack Observability
(New Relic-built UI experiences)
Application performance monitoring (APM) UI fa-check Infrastructure monitoring UI fa-check Digital Experience Monitoring (Browser, Mobile, Synthetics) UI fa-check Serverless monitoring UI fa-check Logs in context with other UI experiences fa-check Synthetics checks fa-check New Relic Edge with Infinite Tracing (tail-based sampling) fa-check
(Pro and Enterprise)
Subscribe to New Relic One catalog apps fa-check Assorted curated UI experiences (distributed tracing, Kubernetes cluster explorer, workloads, etc.) fa-check Applied Intelligence (AI) Proactive Detection fa-check fa-check Incident Intelligence fa-check fa-check Telemetry Data Platform Data ingest from any source (Metrics, Events, Logs, Traces) fa-check fa-check Alerts and notifications fa-check fa-check Interactive query interface fa-check fa-check Custom charts and dashboards (not New Relic-built) fa-check fa-check Encryption at rest fa-check fa-check Standard data retention fa-check fa-check NerdGraph (GraphQL) API fa-check fa-check Security and compliance fa-check fa-check Integrations fa-check fa-check Data management fa-check fa-check Logs UI fa-check fa-check Build custom New Relic One apps fa-check fa-check
Learn more about how user type (basic vs full) relates to roles and capabilities.
Learn more about user-related billing calculations.
Reasons to make someone a full user:
- They play a key role in the development, testing, deployment, and maintenance phases of the application development lifecycle.
- They break/fix code regularly; they are responsible for triaging workflows, troubleshooting, or managing users and roles for their team.
- They have DevOps practices (i.e. version control systems and implement CI/CD).
- They need to use New Relic's curated dashboards and experiences (not just the ability to create their own custom queries and charts); in other words, they need full access to our platform.
- They need to be able to manage users and/or billing.
Reasons to make someone a basic user:
- They play a key role in the planning phase of the application development lifecycle.
- They use and configure New Relic agents, APIs, and integrations to send us data, and access, configure, and use alerts on such data (not necessarily responsible for triaging workflows, troubleshooting, or managing users and roles for their team).
- They want to see high-level analytics and business metrics for future planning (such as C-Suite executives).
- They do not need to use our curated experiences and dashboards, but would benefit from the ability to create their own custom queries and charts of data; in other words, they don't need full access to the platform.
- They don't manage users.
Are you switching from our original pricing plan to New Relic One pricing? Learn about how to convert your users.
Learn more about user-related billing calculations.
For user-related billing calculation details, see Calculations.
For how to query and alert on usage data, see Query usage data.
Default user groups: Admin and User
A user group allows managing multiple users at the same time. Your New Relic users are assigned to a group and that group is granted access to specific roles and specific accounts.
We have two default user groups available for full users:
- User: Adding someone to this group allows them to use and configure monitoring/analysis features but not perform account-related tasks like managing billing or users.
- Admin: Adding someone to this group gives them the abilities of the User group and also gives them access to account/organization-related abilities like managing billing-related settings and managing users.
To edit a user's group, use the User management UI.
Pro and Enterprise tier accounts can create their own custom roles and custom groups.
Roles and capabilities
Roles are a set of capabilities. A capability is defined as the ability to do a specific New Relic task, like 'Delete alert conditions' (see more examples).
We provide some default standard roles (below). Pro and Enterprise tier accounts can also create custom roles.
Our standard roles are default sets of capabilities that satisfy some commonly needed use cases. These standard roles are assigned to our default Admin and User groups, but you can also assign these roles to a custom group.
Most standard roles have capabilities that are unique and that can't be replicated with a custom role. For example, to assign billing management capabilities to a user, you'd need to assign them the Billing user role; you wouldn't be able to assign billing management capability with a custom role. The only standard roles that can be replicated with custom roles are Read only, Standard user, and All product admin (this role is the equivalent of choosing all available capabilities).
Standard roles include:
|Read only||Account||Provides read-only access to the New Relic platform (except for synthetic monitor secure credentials).|
|Standard user||Account||Provides standard access to the platform, including the ability to configure most monitoring tools, but does not include the ability to configure more sensitive settings, including account-level configuration and synthetic monitor secure credentials.|
|All product admin||Account||
Provides admin-level access to the platform. This includes all New Relic capabilities with the exception of managing users (Organization manager and Authentication domain manager) and managing billing-related settings (Billing user).
Provides ability to manage subscriptions and billing, and read-only access to the rest of the platform.
|Organization read only||Organization|
|Authentication domain manager||Organization|
|Authentication domain read only||Organization|
|Manage v1 users||Account||
For New Relic organizations that existed before July 30 2020 and have users on our original user model, this role lets you manage those "v1" users.
Roles and user groups
- User: this group has only the All product admin standard role, which grants general platform access and some basic admin capabilities.
- Admin: this group has all the standard roles, giving it complete admin capabilities.
Custom groups can be assigned standard roles or custom roles.
Roles and user type
User type refers to whether a user is a basic user or a full user.
A basic user can be defined as having the All product admin standard role but without access to Full-Stack Observability features (learn more). A basic user always has basic user capabilities, no more and no less, regardless of what group they're assigned to. One nonintuitive impact of this is that a group's basic users could have more capabilities than its full users have. For example, if you created a custom group with very minimal capabilities, the full users in that group would have those minimal capabilities, but any basic users in that group would have more capabilities than the full users because the capabilities of a basic user trump group capabilities.
A full user's capabilities will depend on its assigned group; it has theoretical access to all roles and capabilities.
For more on this, see User type.
Custom roles and capabilities
For tips on setting up custom roles, see Add custom groups and roles.
To learn how to add users, and create custom groups and roles, see Manage users.
2020 user model changes
If you'd like to understand how our user model changed in 2020 and how this affects some functionality, see Impacts of user model changes.