Roles and permissions with automated user management

With automated user management (AUM), your users and groups in your identity provider (like OneLogin or Okta) are synchronized with New Relic. This allows the ability to configure groups (also known as "security groups") in your identity provider with access to specific New Relic accounts. Once configured, simply adding or removing a user to a specific group in your identity provider will add or remove their access within New Relic.

How groups work with your users

All group administration happens within your identity provider. If your existing groups logically map to access in New Relic, we recommend sending your existing groups. This makes providing and changing access to New Relic from within your identity provider easy.

In the above example, let’s focus on the Engineers group. Via SCIM, New Relic will receive the two user records as well as the information that they belong to the Engineers group. With the current configuration, the two Engineer users have Read only access to Account 1, Standard user access to Account 2, and All product admin access to Account 3.

This access is given by creating three grants within New Relic:

  • Role Read only to group Engineers on Account 1

  • Role Standard user to group Engineers on Account 2

  • Role All product admin to group Engineers on Account 3

Available roles

These are the roles and permissions that are available for users in groups. If a user exists in multiple groups that have access to a New Relic account, that user will have the combination of access from both groups to the account.

Role Description
Read only

Provides read-only access to the New Relic platform (except for synthetic monitor secure credentials).

Standard user

Provides standard access to our platform, including the ability to configure most monitoring tools, but does not include the ability to configure more sensitive settings, including account-level configuration and synthetic monitor secure credentials.

All product admin Provides admin access to the platform. This includes all functionality with the exception of managing users and managing billing-related settings.
Billing user Provides ability to manage subscriptions and billing, and read-only access to the rest of the platform.
Manage v1 users For New Relic organizations that existed before July 30 2020 and have users on our original user model, this role lets you manage these "v1" users.

For more help

If you need more help, check out these support and learning resources: