For users on our original user model: how user roles and permissions work on this model, and how to add and manage users.
There are limits on how many sessions and IP addresses a New Relic user can have. For details, see Factors affecting access.
In July of 2020, we released a new user model that offers many benefits in terms of how you manage your organization and users. At first this was only available to new sign-ups but over time we've been migrating older customers to the new model. Some older customers are able to self-serve the migration of their users. We'll continue working on migrating users to the new model until the original model is fully deprecated.
One impact of the new user model is that it's possible now for users to have multiple logins associated with the same email. For example, a user with access to multiple organizations (like a contractor) may have their user record updated to the new user model in one organization, resulting in them having both their original login method and records and a user record on the newer model. This may result in the user being logged in to New Relic and not being able to find an account they're looking for. For more on that, see Factors affecting access.
If a user's email is associated with more than one login, they'll see a "multiple accounts found" note when logging in.
If you're on our newer usage-based pricing model, see some important considerations.
You can also use the New Relic REST API to get a list of users for an account.
Here are instructions and considerations for some common user management tasks and scenarios:
For organizations on our usage-based pricing model, the user type is a billing factor.
A user's user type is what governs their maximum allowed access to New Relic features. In practice, users will often have roles assigned to them that limit their permissions in various ways, but the user type represents their maximum theoretical access. For more information, see User type.
If a user in your organization is set as different user types in different accounts, the user is considered as whatever their highest user type is.
For how to edit a user's type, see Manage user type.
Here are our default available roles:
Can add, edit, and delete users, and can enable or set up features.
Can use (and optionally set up) New Relic features. In general, Admins take responsibility for setting up features, and Users and Restricted Users can use them.
One or more individuals who can view (but not set up or change) any New Relic features.
The Restricted User role is useful, for example, for demos. You can change your New Relic session settings so that Restricted User logins do not time out, and then set the user interface to Kiosk mode.
Add-on roles let you grant more specific and granular access to your users. Giving a User or Restricted User add-on manager access grants them the equivalent of Admin permissions for that feature category. They will continue to have User or Restricted User permissions for all other New Relic products. For example, you could make a software engineer in your company a User and assign them the APM manager role to give them permissions.
A view of the permissions UI for the alerts manager
Individuals on a parent account automatically have the same level of access for all the child accounts of the parent account.
We have the following add-on manager roles:
- Alerts manager
- Applied intelligence manager
- Browser manager
- Data retention manager
- Incident intelligence manager
- Incident workflows manager
- Infrastructure manager
- Insights manager
- Invite teammate email manager
- Logs manager
- Mobile manager
- Nerdpack manager
- Synthetics manager
- Trace observer manager
- Workloads manager
Here are some more details about some of our add-on manager roles:
For a description of specific permissions, see Capabilities.
Below are options for managing both managed add-on roles and custom add-on roles:
The table below gives a summary of roles and their permissions. Note that these are roles applicable only for our original user model.
Users in a parent account have the same level of access for all the child accounts of that parent account. However, those users won't receive email notifications for alerts or weekly reports for child accounts unless they are explicitly granted permission on those accounts.
Change the account Owner.
When the account Owner and Admins add individuals to the account, New Relic automatically sends them an email message.
Update users' job titles and roles from Account settings in the New Relic UI.
Create, modify and delete child accounts from Account settings in the New Relic UI.
Change someone else's password.
You cannot reset passwords for anyone else on the account, even if you are an Owner or Admin. Instead, follow standard procedures to request a password reset from New Relic.
Manage flexible data retention.
Subscribe and unsubscribe applications to New Relic
Add, update, and delete proactive detection configurations.
Have more questions about access to New Relic? See Factors affecting access.
With the Bulk user actions feature, you can add, update, or delete multiple users at once. This can be helpful for:
- adding roles when multiple new employees start
- deleting roles when multiple employees leave
- giving multiple employees Admin roles
Some important rules and recommendations for making bulk user actions:
- You cannot make updates to your own role or an Owner role.
- You cannot edit an existing user's email address or name.
- You should avoid editing an existing user by deleting and re-adding them because this can have unintended consequences (for example, API keys associated with the original user will be lost).
To add new user roles, update existing user roles, or delete user roles for users on the original user model:
Go to: user menu > Account settings > Users and roles, and add
/bulk_actionsat the end of the URL.
Download a Backup CSV file. Downloading a backup file keeps a record of the users in your account prior to changes being made, and allows you to easily re-add any users that may be removed accidentally.
Download a CSV of users or a CSV template. Each bulk action (add, update, or delete) will require its own CSV file. New Relic recommends saving your files with an account number, date, and the bulk action being performed. For example:
Populate that sheet with only the users whose roles you'll be applying the chosen bulk action for. Remove users from the spreadsheet whose roles you do not want to change.
Required fields: user email, name, type, base role
Optional field: add-on role
Required fields: user email (do not edit), name (do not edit), base role
Optional field: add-on role
Required fields: only user email
In the UI, select a CSV action: Add, Update, or Delete the users listed within the CSV file.
Upload the new CSV, and select Save changes.
If a user is removed or changed during your CSV file upload by mistake, you can add them back through another CSV file upload.
Be aware that associated permissions may be lost when a user is deleted and re-added. For example, associated API keys will need to be re-added.