New Relic One user model: Understand the user structure

New Relic One
user model

In mid-2020, New Relic released a newer user model, referred to as the New Relic One user model. Here are the users on this user model:

If you were a New Relic customer before July 30 2020, your users are likely on our original user model. For more on this, see Pricing and user model changes.

This doc will explain the structure of the New Relic One user model, including:

For how to add and manage users, see User management.

User type: basic and full

The user type determines what features a user has access to, and is a key factor in billing.

There are two user types:

  • Basic user. Details:
    • These users are free and have access to basic features like setting up reporting of data, running queries of data, making custom charts and dashboards, and setting up alerts. They do not have access to Full-Stack Observability features (for more details, see Capabilities).
    • With the Standard pricing tier, these users can only be assigned to the default User group.
    • No matter what custom group a basic user is assigned to, they always have the capabilities of a basic user: no more and no less.
    • Basic users can upgrade on their own to become full users (with exception of users on original user model). Basic users are prompted to upgrade themselves when they attempt to access a feature available only to full users.
  • Full user. Details:
    • These users are billable and have access to our Full-Stack Observability features, which includes our curated UI experiences, like APM, infrastructure monitoring, browser monitoring, mobile monitoring, and synthetic monitors. For details, see Capabilities.
    • These users can be added to the default Admin group.
    • The Standard pricing tier includes one free full user and up to five total.

To change a user's type, use the User management UI.

Switching from original pricing to New Relic One pricing? Learn about updating your users. Or learn more about user-related billing calculation.

To understand more about basic users and full users:

Below is a table showing basic user versus full user capabilities. In short, basic users have access to our Telemetry Data Platform and Applied Intelligence features, while full users have access to all of that plus Full-Stack Observability features.

Features Full user Basic user
Full-Stack Observability
(New Relic-built UI experiences)
Application performance monitoring (APM) UI fa-check
Infrastructure monitoring UI fa-check
Digital Experience Monitoring (Browser, Mobile, Synthetics) UI fa-check
Serverless monitoring UI fa-check
Logs in context with other UI experiences fa-check
Synthetics checks fa-check
New Relic Edge with Infinite Tracing (tail-based sampling) fa-check
(Pro and Enterprise)
Subscribe to New Relic One catalog apps fa-check
Assorted curated UI experiences (distributed tracing, Kubernetes cluster explorer, workloads, etc.) fa-check
Applied Intelligence (AI)
Proactive Detection fa-check fa-check
Incident Intelligence fa-check fa-check
Telemetry Data Platform
Data ingest from any source (Metrics, Events, Logs, Traces) fa-check fa-check
Alerts and notifications fa-check fa-check
Interactive query interface fa-check fa-check
Custom charts and dashboards (not New Relic-built) fa-check fa-check
Encryption at rest fa-check fa-check
Standard data retention fa-check fa-check
NerdGraph (GraphQL) API fa-check fa-check
Security and compliance fa-check fa-check
Integrations fa-check fa-check
Data management fa-check fa-check
Logs UI fa-check fa-check
Build custom New Relic One apps fa-check fa-check

Learn more about how user type (basic vs full) relates to roles and capabilities.

Learn more about user-related billing calculations.

Reasons to make someone a full user:

  • They play a key role in the development, testing, deployment, and maintenance phases of the application development lifecycle.
  • They break/fix code regularly; they are responsible for triaging workflows, troubleshooting, or managing users and roles for their team.
  • They have DevOps practices (i.e. version control systems and implement CI/CD).
  • They need to use New Relic's curated dashboards and experiences (not just the ability to create their own custom queries and charts); in other words, they need full access to our platform.
  • They need to be able to manage users and/or billing.

Reasons to make someone a basic user:

  • They play a key role in the planning phase of the application development lifecycle.
  • They use and configure New Relic agents, APIs, and integrations to send us data, and access, configure, and use alerts on such data (not necessarily responsible for triaging workflows, troubleshooting, or managing users and roles for their team).
  • They want to see high-level analytics and business metrics for future planning (such as C-Suite executives).
  • They do not need to use our curated experiences and dashboards, but would benefit from the ability to create their own custom queries and charts of data; in other words, they don't need full access to the platform.
  • They don't manage users.

Are you switching from our original pricing plan to New Relic One pricing? Learn about how to convert your users.

Learn more about user-related billing calculations.

For user-related billing calculation details, see Calculations.

For how to query and alert on usage data, see Query usage data.

Default user groups: Admin and User

This applies to users on our New Relic One user model. For users on our original user model, see Original user docs.

A user group allows managing multiple users at the same time. Your New Relic users are assigned to a group and that group is granted access to specific roles and specific accounts.

We have two default user groups available for full users:

  • User: Adding someone to this group allows them to use and configure monitoring/analysis features but not perform account-related tasks like managing billing or users.
  • Admin: Adding someone to this group gives them the abilities of the User group and also gives them access to account/organization-related abilities like managing billing-related settings and managing users.

To edit a user's group, use the User management UI.

See the roles and capabilities these default groups have.

Pro and Enterprise tier accounts can create their own custom roles and custom groups.

Roles and capabilities

This applies to users on our New Relic One user model. For users on our original user model, see Original user docs.

Roles are a set of capabilities. A capability is defined as the ability to do a specific New Relic task, like 'Delete alert conditions' (see more examples).

We provide some default standard roles (below). Pro and Enterprise tier accounts can also create custom roles.

Our standard roles are default sets of capabilities that satisfy some commonly needed use cases. These standard roles are assigned to our default Admin and User groups, but you can also assign these roles to a custom group.

Most standard roles have capabilities that are unique and that can't be replicated with a custom role. For example, to assign billing management capabilities to a user, you'd need to assign them the Billing user role; you wouldn't be able to assign billing management capability with a custom role. The only standard roles that can be replicated with custom roles are Read only, Standard user, and All product admin (this role is the equivalent of choosing all available capabilities).

Standard roles include:

Standard roles Scope Description
Read only Account Provides read-only access to the New Relic platform (except for synthetic monitor secure credentials).
Standard user Account Provides standard access to the platform, including the ability to configure most monitoring tools, but does not include the ability to configure more sensitive settings, including account-level configuration and synthetic monitor secure credentials.
All product admin Account

Provides admin-level access to the platform. This includes all New Relic capabilities with the exception of managing users (Organization manager and Authentication domain manager) and managing billing-related settings (Billing user).

A basic user is defined as having the All product admin role but without access to Full-Stack Observability features.

Billing user Account

Provides ability to manage subscriptions and billing, and read-only access to the rest of the platform.

Organization manager Organization

Provides the ability to view configuration for user groups, roles, and access grants for users on the New Relic One user model. For how to grant this role, see Add user management capability.

Organization read only Organization

Provides the ability to view the configuration of authentication domains and view users in those domains. For how to grant this role, see Add user management capability.

Authentication domain manager Organization

Provides ability to configure authentication domains for users on the New Relic One user model, and manage those users. For how to grant this role, see Add user management capability.

Authentication domain read only Organization

Provides the ability to view the configuration of authentication domains and view users in those domains. For how to grant this role, see Add user management capability.

Manage v1 users Account

For New Relic organizations that existed before July 30 2020 and have users on our original user model, this role lets you manage those "v1" users.

There are two default user groups available: User and Admin. These groups have our standard roles applied in these ways:

  • User: this group has only the All product admin standard role, which grants general platform access and some basic admin capabilities.
  • Admin: this group has all the standard roles, giving it complete admin capabilities.

Custom groups can be assigned standard roles or custom roles.

User type refers to whether a user is a basic user or a full user.

A basic user can be defined as having the All product admin standard role but without access to Full-Stack Observability features (learn more). A basic user always has basic user capabilities, no more and no less, regardless of what group they're assigned to. One nonintuitive impact of this is that a group's basic users could have more capabilities than its full users have. For example, if you created a custom group with very minimal capabilities, the full users in that group would have those minimal capabilities, but any basic users in that group would have more capabilities than the full users because the capabilities of a basic user trump group capabilities.

A full user's capabilities will depend on its assigned group; it has theoretical access to all roles and capabilities.

For more on this, see User type.

For tips on setting up custom roles, see Add custom groups and roles.

Manage users

To learn how to add users, and create custom groups and roles, see Manage users.

2020 user model changes

If you'd like to understand how our user model changed in 2020 and how this affects some functionality, see Impacts of user model changes.

For more help

If you need more help, check out these support and learning resources: