• /
  • Log in
  • Free account

Tutorial: Add new user groups and roles (New Relic One user model)

This tutorial will walk you through some common procedures for managing users on the New Relic One user model.


Some notes on who this tutorial is for and requirements:

  • This tutorial is for managing users on our New Relic One user model.
  • Assigning new group access grants requires Pro or Enterprise tier. For details, see user management requirements.
  • Role requirements:
    • Using the Organization and access UI to manage group access requires Authentication domain manager and Organization manager roles.
    • Using the User management UI to add/edit users requires Authentication domain manager role.


Before using this tutorial, we first recommend reading these docs:

This tutorial will walk you through how to:

View available accounts

Understanding the accounts in your New Relic organization is important for granting groups access, because you must choose what accounts to grant them access to.

To view the accounts in your organization: go to the account dropdown, click Administration, click Organizations and access, and then click Accounts.

Grant groups access to roles and accounts

Groups are used to manage what your users are able to do in New Relic. By default, organizations on the New Relic One account/user structure have two available groups: Admin and User. These default groups automatically have access to specific standard roles and are assigned to the account in which they were initially added. If you're on our Pro or Enterprise tier, you have the ability to create new groups and new roles, and to assign groups to other accounts in your organization.


Note that you can also import users from your identity provider.

To view existing group access grants: from the account dropdown, click Administration, and then click Organization and access.

To grant a user group access to a role and an account:

  1. From the Organization and access UI, click Group access.
  2. Complete the UI prompts to assign an existing group or a new group access to a specific role on a specific account. If you have questions about these concepts, see User management concepts.
  3. Optional: To give a group the ability to manage other users, under Scope, select Organization and choose the Authentication domain manager role. For more on the difference between organization- and account-scoped roles, see Standard roles. (Note that these users must also have an account-scoped role. Without that, you may see a message that the user doesn't belong to an organization.)
  4. Optional: to continue adding access for the same group, select Add another at the bottom before clicking Add access.

Some important tips to understand when managing groups:

  • If a group has basic users in it, their basic user status overrides any group-related restrictions.
  • When you create a new group, note that your users don't have access to that group until both of these steps are done: 1) The group has been granted access, and 2) Users have been added to that group.

Create custom role

When granting a group access to roles and accounts, you can use our default standard roles that have default capabilities, or you can create your own roles with unique sets of capabilities.

To view existing roles: from the account dropdown, click Administration, then click Organization and access, and then click Roles.

To create a custom role, click Add new custom role. Note that there are some hidden capabilities that are not available for adding to a custom role. For details, see Capabilities.

To learn more about how roles and groups relate, see User management concepts.

Add users

If you've created a new group, you must make sure that the users are added to that group. If users don't have the group assigned, no access will be granted.

To view or manage users: from the account dropdown, click Administration, and click User management. If you don’t see that option, review the requirements.

Groups reside within the boundaries of an authentication domain. If your organization has more than one authentication domain, the domain switcher in the top left will show which one you’re in.

To add a user, click Add user. Complete the prompts in the UI, including choosing the user type and group. Any custom groups you’ve added should be available from the group dropdown. If the custom group you choose has been granted access to a role and an account, once you add the user to that group, that user will now have access.

To edit a user’s group or other details: click on the user you want to edit and make changes.

For more help

If you need more help, check out these support and learning resources:

Create issueEdit page
Copyright © 2021 New Relic Inc.