• /
  • Log in
  • Free account

New Relic One user model: Understand the user structure

New Relic One user model

In mid-2020, New Relic released a newer user model, referred to as the New Relic One user model.

Important

If you had a New Relic organization created before July 30 2020 and you haven't gone through a user migration process, your users are likely on our original user model. For more on this, see Pricing and user model changes.

Overview

This doc will explain the structure of the New Relic One user model, including:

For how to add and manage users in the UI, see User management.

User type: basic and full

Important

This section is for users on our New Relic One user model. If you're on our original user model, see Original users.

The user type (basic user or full user) determines whether a user has access to our Full Stack Observability features. A user's type is something you set long-term based on that user's expected New Relic responsibilities.

Below are details on the two user types. Note that billing-related aspects only apply if you're on New Relic One pricing.

  • Basic user. Details:
    • These users are free and have access to a wide range of features, including running queries of data, making custom charts and dashboards, and setting up alerts. Unlike full users, they do not have access to our Full-Stack Observability features and some advanced Applied Intelligence features (for a comparison of abilities, see Capabilities).
    • No matter what custom group a basic user is assigned to, they always have the capabilities of a basic user: no more and no less.
    • Basic users will see prompts for upgrading to a full user when they attempt to access unavailable features. For details, see Upgrade.
  • Full user. Details:
    • Unlike basic users, full users have access to our Full-Stack Observability features, which include curated UI experiences like APM, infrastructure monitoring, browser monitoring, mobile monitoring, synthetic monitors, access to New Relic One apps, and more. For details, see Capabilities.
    • The Standard pricing tier includes one free full user and up to five total full users.
    • A full user can downgrade to a basic user twice in a 12-month period.

Learn more about basic user versus full user differences:

Default groups: Admin and User

Important

This applies to users on our New Relic One user model. For users on our original user model, see Original user docs.

A user group allows managing multiple users at the same time. Your New Relic users are assigned to a group and that group is granted access to specific roles and specific accounts.

Full users can be added to one of two default groups:

  • User: This group allows a user to use and configure monitoring/analysis features but not perform account-related tasks like managing billing or users.
  • Admin: This group has all standard roles.

Pro and Enterprise tier organizations can create custom groups, and control access to roles and accounts using access grants.

To change the group a user is in, use the User management UI.

Relationship between user type, roles, and groups

Important

This applies to users on our New Relic One user model. For users on our original user model, see Original user docs.

Here's a table explaining how user type (basic vs full user), roles, and groups relate to each other:

Full user

Basic user

Group

Full users can be assigned to default groups (User and Admin) or custom groups.

Basic users, no matter what group they're assigned to, always have basic user abilities, no more and no less.

Role

Here are the roles our default groups have:

  • User group: has the All product admin standard role, which includes some feature-related administrative abilities but not more advanced organization-level or user management admin abilities.
  • Admin group: has complete admin capabilities, which is the equivalent of all our standard roles, including the more advanced organization-level and user management roles.

Custom groups can have either our default standard roles, or custom roles.

A basic user's abilities aren't directly related to roles. A basic user can best be described as having the All product admin role but without access to most of our curated UI experiences (learn more about user type).

Roles and capabilities

Important

This applies to users on our New Relic One user model. For users on our original user model, see Original user docs.

Roles are a set of capabilities. A capability is defined as the ability to do a specific New Relic task, like 'Delete alert conditions' (learn more about capabilities).

We provide some default standard roles (below). Pro and Enterprise tier accounts can also create custom roles.

Standard (default) roles

Our standard roles are default sets of capabilities that satisfy some commonly needed use cases.

Important

Note that some of our standard roles have hidden capabilities that aren't available for selection when creating a custom role. The only standard roles that can be replicated with a custom role are Standard user and Read only; all others have special hidden abilities.

Our standard roles include:

Standard roles

Scope

Description

All product admin

Account

Provides admin-level access to the platform. This includes all New Relic capabilities with the exception of managing users (Authentication domain manager role) and managing account-structure settings (Organization manager role).

Standard user

Account

Provides access to use most of the platform, but lacks configuration and administration-level abilities (like account-level configuration or synthetic monitor secure credentials).

Billing user

Account

Provides ability to manage subscriptions and billing, and read-only access to the rest of the platform.

Organization manager

Organization

Provides the ability to manage organization settings, including organization structure, name, and preferences. Due to our recent switch to the New Relic One account/user model, this role currently has few abilities but more will be added over time.

For how to grant this role, see Add user management capability.

Organization read only

Organization

Provides the ability to view organization-level settings. For how to grant this role, see Add user management capability.

Authentication domain manager

Organization

Provides ability to add and manage users, and configure authentication domains for users on the New Relic One user model. For how to grant this role, see Add user management capability.

Authentication domain read only

Organization

Provides the ability to view users in your organization and view the configuration of authentication domains. For how to grant this role, see Add user management capability.

Read only

Account

Provides read-only access to the New Relic platform (except for synthetic monitor secure credentials).

Manage v1 users

Account

For New Relic organizations that existed before July 30 2020 and have users on our original user model, this role lets you manage those "v1" users.

Capabilities

A role, whether one of our standard roles or a custom one, is defined as a set of capabilities. In the Organization and access UI, when you choose a role or create a custom role, you can see the available capabilities.

Important

Some of our standard roles have hidden capabilities that aren't available for selection when creating a custom role. For details, see Standard roles.

New Relic capabilities UI screenshot

Here's a view of the capabilities associated with the All product admin role. When creating a custom role, you can select a custom set of capabilities. Note that our list of capabilities changes over time: this screenshot was taken April 2021.

For how to set up roles with custom capabilities, see the user management tutorial.

Manage users

To learn how to add users, assign them to groups, and create custom groups and roles, see Manage users.

2020 user model changes

If you'd like to understand how our user model changed in 2020 and what the impacts of that change were, see User model changes.

For more help

If you need more help, check out these support and learning resources:

Create issueEdit page
Copyright © 2021 New Relic Inc.