In the user management space, a capability is a granular thing that you can do with New Relic that we've made available for addition to a custom role. These capabilities are also attached to our pre-build standard roles. Examples of capabilities are: the capability to view APM app settings, or modify alert conditions, or manage data retention settings.

To learn what capabilities a role has, go to the user management UI and view a specific role. The location of this UI depends on what user model a user is on:

Newer user model: From one.newrelic.com, click user menu > Administration > Access management > Roles.
Original user model: From one.newrelic.com, click user menu > Account settings > Users and roles.

What are capabilities?

A New Relic full platform user with all permissions (for example, a user in the Admin group) is able to use all features of the platform. Some of the things you can do in New Relic we've made available as role capabilities: you can add them or remove them from a custom role, and we use them to differentiate between our default-available standard roles. The capabilities that we've made visible and available for selection are those we think organizations are likely to find useful to control.

There are a lot of New Relic functionalities that we don't make visible and available for selection. For example, there are various UI pages that you can access as any user, and that aren't gated by capabilities. For another example: a user in a group with Organization administration settings can configure organization-level settings and that power is not available for adding to a custom role.

Important points about capabilities

Here are some other important points about role capabilities:

User type takes precedence. User-type-restrictions override access given by a role's associated capabilities. For more on that, see User access.
Some capabilities overlap in functionality. This is why selecting some capability checkboxes in the UI will automatically check or uncheck other boxes.
Capabilities don't affect querying of data. Most capabilities apply to New Relic UI and API experiences and not to querying data. For example, if your capabilities restrict you from accessing the UI, you can still query APM data if you have access to that account. If you require more firm data boundaries for some projects or users, you can segment your data into different accounts.

To learn more about the main ways user permissions are controlled, see User management concepts.

Our pre-built roles

Our pre-built roles have various groupings of capabilities. How our pre-built roles work is different depending on which of our user models you're on:

Our newer user model: learn about roles.
Our original user model: learn about roles.

Capability definitions

Here's a screenshot of the capabilities available in the capabilities UI. These are only a subset of everything you can do in New Relic and represent the specific capabilities we believe are likely to be valuable for creating custom roles.

Note that capabilities can change. The capabilities in this doc were last updated April 3, 2023.

To learn more about these capabilities, select a category below.

These capabilities pertain to our legacy alerting feature, not to our applied intelligence capabilities and incident intelligence capabilities.

Capabilities:

Channels: relates to alert notification channels.
Conditions: relates to alert conditions.
Incidents: relates to alert incidents.
Lifecycle overrides: relates to muting rules.
Policies: relates to alert policies.
Violations: relates to alert violations.

These capabilities pertain to our APM agents and associated features:

Application settings: relates to the APM Application settings UI page.
Deployments: relates to the APM deployments UI page.
Embedded charts: relates to the Get chart link feature.
Errors (all): relates to error trace details.
Errors (individual): relates to error trace details.
Instrumentation: relates to adding custom instrumentation.
Key transactions: relates to key transactions.
Labels: relates to tags for APM data.
Log settings: relates to APM logs.
Slow SQL: relates to slow query data.
Thread profiles: relates to the thread profiler.
Transaction traces (all): relates to transaction traces.
Transaction traces (individual): relates to transaction traces.

These capabilities pertain to applied intelligence features:

Anomaly detection configurations: relates to anomaly detection (limited availability).
Channels: relates to notification channels.
Comments: relates to postmortem comments.
Destinations: relates to destinations.
Incident analysis: relates to the part of the Issues & activity page where golden signals and component are shown.
Issue RCA: relates to root cause analysis.
Issues: relates to incident intelligence issues.
Issues configuration: relates to issue configuration.
Issues feed: relates to the issues feed.
Workflows: relates to workflows.

These capabilities pertain to incident intelligence:

Automatic inactivity closing policy: refers to time-to-live settings for inactive/idle issues.
Cartographer: relates to topology settings.
Decisions: relates to applied intelligence decisions.
Destinations: relates to a deprecated incident intelligence destination system.
Environments: relates to environments.
Grace period policy: relates to grace period policy settings.
Incidents: relates to incidents.
Input source configuration: relates to incident sources.
Issues: relates to incident intelligence issues.
Pathways: relates to the mostly deprecated incident intelligence pathways feature.
Platforms: relates to the mostly deprecated incident intelligence platforms feature.
Suggested decisions: relates to decisions suggested by applied intelligence.

Insights is the original name for a product that had features related to custom data ingest, custom queries, custom charts, and custom dashboards. Capabilities include:

Any dashboard: relates to the ability to delete any dashboard in an account.
Data sources: relates to a now deprecated UI that allowed for controlling what data was reported to New Relic.
Events to metrics: this governs:
- Events-to-metrics rules and data
- Service level indicators and objectives
Insert keys: relates to our mostly deprecated Insights insert key (a license key is preferred).
NRQL drop rules: relates to dropping data with drop rules.
Query keys: relates to our mostly deprecated Insights query key (the is preferred).

These are assorted capabilities related to basic features of the New Relic platform:

Entities: relates to creating and deleting New Relic-monitored entities.
Entity relationships: relates to entity relationships.
Golden metrics: relates to golden metrics (key metrics) in curated user experiences.
Nerdpacks: relates to New Relic apps.
Pixie account link: this capability allows the creation of an associated Pixie account when adding Pixie to a cluster from our guided install.
Pixie credentials: relates to access of linked Pixie accounts.
Pixie live data: enables access to live debugging data in the Kubernetes cluster explorer.
Repositories: relates to creating and deleting New Relic-monitored repositories (used by features like New Relic CodeStream).
Tags: relates to platform tagging.
Workloads: relates to workloads.

These capabilities pertain to synthetics monitoring:

Configure private locations: relates to private locations.
Monitor downtimes: relates to monitor downtimes.
Monitor scripts: relates to scripted monitors (scripted browser monitors and scripted API test monitors).
Monitors: relates to ability to configure synthetic monitors (for example, name, period, locations).
Secure credentials: relates to secure credentials.

User management capabilities

What are capabilities?

Important points about capabilities

Our pre-built roles

Capability definitions

Alerts

API keys

APM

Applied intelligence

Browser

Dashboards

Data platform

Data retention

Errors inbox

Incident intelligence

Incident workflows

Infinite Tracing

Infrastructure

Insights

Logs

Maps

Mobile

New Relic One

Plugins

Synthetics