In the user management space, a capability is a granular thing that you can do with New Relic that we've made available for addition to a custom role. These capabilities are also attached to our pre-build standard roles. Examples of capabilities are: the capability to view APM app settings, or modify alert conditions, or manage data retention settings.
To learn what capabilities a role has, go to the user management UI and view a specific role. The location of this UI depends on what user model a user is on:
- Newer user model: From one.newrelic.com, click user menu > Administration > Access management > Roles.
- Original user model: From one.newrelic.com, click user menu > Account settings > Users and roles.
A New Relic full platform user with all permissions (for example, a user in the Admin group) is able to use all features of the platform. Some of the things you can do in New Relic we've made available as role capabilities: you can add them or remove them from a custom role, and we use them to differentiate between our default-available standard roles. The capabilities that we've made visible and available for selection are those we think organizations are likely to find useful to control.
There are a lot of New Relic functionalities that we don't make visible and available for selection. For example, there are various UI pages that you can access as any user, and that aren't gated by capabilities. For another example: a user in a group with Organization administration settings can configure organization-level settings and that power is not available for adding to a custom role.
Here are some other important points about role capabilities:
- User type takes precedence. User-type-restrictions override access given by a role's associated capabilities. For more on that, see User access.
- Capabilities can change. The capabilities we expose in the UI are subject to change and reorganization. The capabilities in this doc were last updated November, 2022.
- Some capabilities overlap in functionality. This is why selecting some capability checkboxes in the UI will automatically check or uncheck other boxes.
- Capabilities don't affect querying of data. Most capabilities apply to New Relic UI and API experiences and not to querying data. For example, if your capabilities restrict you from accessing the APM UI, you can still query APM data if you have access to that account. If you require more firm data boundaries for some projects or users, you can segment your data into different accounts.
To learn more about the main ways user permissions are controlled, see User management concepts.
Our pre-built roles have various groupings of capabilities. How our pre-built roles work is different depending on which of our user models you're on:
Here's a screenshot of the capabilities available in the capabilities UI. These are only a subset of everything you can do in New Relic and represent the specific capabilities we believe are likely to be valuable for creating custom roles.
To learn more about these capabilities, select a category below.