Your New Relic users can be on one of two user models: this doc explains the New Relic One user model.
If your New Relic organization was created before July 30 2020 and you haven't gone through a user migration process, your users are likely on our original user model. For more on this, see User model changes.
This doc will explain the structure of the New Relic One user model, including:
- User type (basic user versus full user)
- Default user groups, including Admin and User
- Roles and capabilities
For how to add and manage users in the UI, see User management.
The user type (basic user or full user) determines whether a user has access to our Full Stack Observability features. A user's type is something you set long-term based on that user's expected New Relic responsibilities.
Below are details on the two user types. Note that billing-related aspects only apply if you're on New Relic One pricing.
- Basic user. Details:
- These users are free and have access to a wide range of features, including setting up and configuring any New Relic data-reporting tool, running queries of your data, using our logs UI, making custom charts and dashboards, and setting up alerts. Unlike full users, they do not have access to our Full-Stack Observability features and some Applied Intelligence features (for a detailed comparison, see Capabilities).
- Basic users will see prompts to become a full user when they attempt to access unavailable features. For details, see Upgrade.
- Full user. Details:
- Full users have access to our Full-Stack Observability features, which include curated UI experiences like APM, infrastructure monitoring, browser monitoring, mobile monitoring, synthetic monitors, access to New Relic One apps, and more. For details, see Capabilities.
- Standard edition includes one free full user and up to five total full users.
- A full user can downgrade to a basic user twice in a 12-month period.
To see and edit a user's user type, use the User management UI.
Learn more about basic user versus full user differences:
For users on our New Relic One user model, a "group" is what allows the grouping together and managing of multiple users at the same time. Your New Relic users are assigned to a group, and that group is granted access to specific roles on specific accounts.
We have two default groups:
- User: This group allows a user to use and configure monitoring/analysis features but not perform account-related tasks like managing billing or users. It has access to the All product admin role, which gives access to our observability platform tools but not to the organization and user management capabilities governed by the Organization manager and Authentication manager roles.
- Admin: has full access and capabilities, including the organization-level admin abilities. This is the equivalent of having the All product admin, the Billing user, the Organization manager and the Authentication domain manager roles.
These groups are added inside your default authentication domain, which includes the default settings of users a) being managed via New Relic and b) logging in via standard email and password. If you add other authentication domains (for SAML SSO and/or SCIM provisioning of users), you'd have new custom groups in those new domains to govern those users.
Note that groups, whether default or custom, are not what limit a user's capabilities: it is the role that is assigned to that group (with any basic user restrictions on top of that). If your organization is Pro or Enterprise edition and you want to understand how users are granted access to specific roles and accounts, see Access grants.
To change the group a user is in, use the User management UI.
Full users can be assigned to default groups (User and Admin) or custom groups.
When basic users are added to a group, that group's role-related restrictions apply. A basic user's capabilities can be restricted in that way, but a basic user can never be granted more capabilities than they start with. For Standard edition, basic users can't be assigned to groups. For Pro and Enterprise edition, they can.
For an explanation of the roles our default groups have, see Default groups.
Custom groups can have either our default standard roles, or custom roles.
A basic user's abilities aren't directly defined by a specific role. A basic user can best be described as having the All product admin role but without access to Full Stack Observability features (learn more about user type).
When basic users are added to a group, that group's role-related restrictions apply, but a basic user can never be granted more capabilities than they start with.
For users on the New Relic One user model, a "role" can be defined as "a set of capabilities." A capability is defined as the ability to do a specific New Relic task, like 'Delete alert conditions' (learn more about capabilities).
Roles are sets of capabilities. We have several "standard roles," which are roles that satisfy some commonly needed use cases. To view roles and their associated capabilities, use the Organization and access UI.
Note that some of our standard roles have hidden, non-exposed capabilities that are not available for selection when creating a custom role. The only standard roles that can be replicated with a custom role are Standard user and Read only; all others have some hidden capabilities.
Our standard roles include:
All product admin
Provides admin-level access to observability platform features but not organization-level and user management features. In other words, this role includes all New Relic capabilities with the exception of managing users (Authentication domain manager role), managing organization/account-structure settings (Organization manager role), and managing billing (Billing user role).
Note: the Standard user role is essentially the All product admin role minus observability feature configuration capabilities.
Provides access to observability platform features, but lacks permissions for configuring those features (for example, ability to configure synthetic monitor secure credentials) and lacks organization-level and user management permissions.
Note: the Standard user role is essentially the All product admin role without that role's ability to configure platform features.
Provides ability to manage subscriptions and billing setup, and read-only access to the rest of the platform. For organizations with multiple accounts, billing is aggregated in the primary (first-created) account, which is why assigning this role to that primary account grants billing permissions for the entire organization.
Provides the ability to manage organization settings, including organization structure, name, and preferences. Due to our recent switch to the New Relic One user model, this role currently has few abilities but more will be added over time.
For how to grant this role, see Add user management capability.
Organization read only
Provides the ability to view organization-level settings. For how to grant this role, see Add user management capability.
Authentication domain manager
Authentication domain read only
Provides read-only access to the New Relic platform (except for synthetic monitor secure credentials).
Manage v1 users
For New Relic organizations that existed before July 30 2020 and have users on our original user model, this role lets you manage those "v1" users.
For more about how you'd assign roles to groups and create custom roles, see the user management tutorial.
Some of our standard roles have hidden capabilities that aren't available for selection when creating a custom role. For details, see Standard roles.
For how to set up roles with custom capabilities, see the user management tutorial.
To learn how to add users, assign them to groups, and create custom groups and roles, see Manage users.
If you'd like to understand how our user model changed in 2020 and what the impacts of that change were, see User model changes.
If you need more help, check out these support and learning resources:
- Browse the Explorers Hub to get help from the community and join in discussions.
- Find answers on our sites and learn how to use our support portal.
- Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
- Review New Relic's data security and licenses documentation.