User management capabilities

In the user management space, a capability is a granular thing that you can do with New Relic that we've made available for addition to a custom role. These capabilities are also attached to our pre-build standard roles. Examples of capabilities are: the capability to view APM app settings, or modify alert conditions, or manage data retention settings.

To learn what capabilities a role has, go to the user management UI and view a specific role. The location of this UI depends on what user model a user is on:

What are capabilities?

A New Relic full platform user with all permissions (for example, a user in the Admin group) is able to use all features of the platform. Some of the things you can do in New Relic we've made available as role capabilities: you can add them or remove them from a custom role, and we use them to differentiate between our default-available standard roles. The capabilities that we've made visible and available for selection are those we think organizations are likely to find useful to control.

There are a lot of New Relic functionalities that we don't make visible and available for selection. For example, there are various UI pages that you can access as any user, and that aren't gated by capabilities. For another example: a user in a group with Organization administration settings can configure organization-level settings and that power is not available for adding to a custom role.

Important points about capabilities

Here are some other important points about role capabilities:

  • User type takes precedence. User-type-restrictions override access given by a role's associated capabilities. For more on that, see User access.
  • Some capabilities overlap in functionality. This is why selecting some capability checkboxes in the UI will automatically check or uncheck other boxes.
  • Capabilities don't affect querying of data. Most capabilities apply to New Relic UI and API experiences and not to querying data. For example, if your capabilities restrict you from accessing the UI, you can still query APM data if you have access to that account. If you require more firm data boundaries for some projects or users, you can segment your data into different accounts.

To learn more about the main ways user permissions are controlled, see User management concepts.

Our pre-built roles

Our pre-built roles have various groupings of capabilities. How our pre-built roles work is different depending on which of our user models you're on:

Capability definitions

Here's a screenshot of the capabilities available in the capabilities UI. These are only a subset of everything you can do in New Relic and represent the specific capabilities we believe are likely to be valuable for creating custom roles.

Note that capabilities can change. The capabilities in this doc were last updated April 3, 2023.

To learn more about these capabilities, select a category below.