For users on our original user model, an introduction to how the user model works, including user roles and permissions, and how to add and manage users.
This doc and the surrounding section of docs shows you how to manage users on our original account/user model. If you were a New Relic customer before July 30 2020 and haven't migrated your users to the new model, your users are on our original account/user model (and not the New Relic One model).
If you're an admin and want to see if you have users on the original model: If you can see users in the Users and roles UI, those users are on our original user model.
In July of 2020, we released a new account/user model called the New Relic One user model, which offers many benefits in terms of how you manage your organization and users. At first this was only available to new sign-ups but over time we've been migrating more older customers to the new model. Some older customers are able to migrate their users on their own. We'll continue working on migrating users to the new model until the original model is fully deprecated.
One impact of the new user model is that it's possible now for users to have multiple logins associated with the same email. For example, a user with access to multiple organizations (like a contractor) may have their user record updated to the new user model in one organization, resulting in them having their original login method and records and a New Relic One user model record. This may result in the user being logged in to New Relic and not being able to find an account they're looking for. For more on that, see Factors affecting access.
Some features in the UI are visible only to account Owners and Admins.
You can also use the New Relic REST API to obtain a list of everyone and their roles in your New Relic account.
Here are some instructions and tips for adding and managing users via the UI:
Starting March 2021, we ended the preview period for basic users on our original user model. The preview period gave these basic users the same permissions as full users. For more on this, see our Explorers Hub post on user type changes.
The user type (basic user or full user) determines what features a user has access to.
- Basic user. Details:
- These users have access to basic features like setting up reporting of data, running queries of data, making custom charts and dashboards, and setting up alerts. They do not have access to Full-Stack Observability features (for more details on feature access, see Capabilities).
- Depending on access request settings, basic users can either upgrade themselves to be full users or request upgrade access from admins.
- No matter what custom group a basic user is assigned to, they always have the capabilities of a basic user: no more and no less.
- Full user. Details:
- Full users have access to our Full-Stack Observability features, which include our curated UI experiences like APM, infrastructure monitoring, browser monitoring, mobile monitoring, and synthetic monitors. For details on what's available, see Capabilities.
- For organizations on New Relic One pricing: these users are billable. The Standard edition includes one free full user and up to five total.
If a user in your organization is set as a basic user in one account and a full user in another, the user has full user access for all accounts.
For how to edit a user's type, see Manage users.
A New Relic account can have only one Owner. To share an account with other users in your organization, create Admins, Users, or Restricted Users.
Can add, edit, and delete users, and can enable or set up features.
Can use (and optionally set up) New Relic features. In general, Admins take responsibility for setting up features, and Users and Restricted Users can use them.
One or more individuals who can view (but not set up or change) any New Relic features.
The Restricted User role is useful, for example, for demos. You can change your New Relic session settings so that Restricted User logins do not time out, and then set the user interface to Kiosk mode.
With add-on roles, you can grant variable levels of access to all users in your account, across the entire platform of New Relic products. This allows you to tailor your account permissions levels to suit the needs of Users and Restricted Users within your account.
Giving a User or Restricted User add-on manager access to a product grants them the equivalent of Admin capabilities within the product. They will continue to have User or Restricted User capabilities for all other New Relic products. For example, you could make a software engineer in your company a User in most products, but assign Admin-level access to APM. For another example, you might assign the Nerdpack manager role to a user, and that gives them the ability to subscribe and unsubscribe New Relic One applications to an account.
There are two types of add-on roles:
- Add-on Manager roles are available to grant permissions on a per-product basis. Giving a User or Restricted User managed add-on access to a product grants them the equivalent of Admin capabilities within the product.
- Custom add-on roles can grant feature-specific permissions across different New Relic products. For example, a group of Users could have the ability to acknowledge incidents and close violations in New Relic Alerts, but not have the ability to modify your existing alert preferences.
Individuals on a parent account automatically have the same level of access for all the child accounts of the parent account.
Below are options for managing both managed add-on roles and custom add-on roles:
Here is a summary of basic user rights for your New Relic account. Individuals on a parent account automatically have the same level of access for all the child accounts of that parent account. However, they won't receive email notifications for alerts or weekly reports for child accounts unless they are explicitly granted permission on those accounts.
Change the account Owner.
When the account Owner and Admins add individuals to the account, New Relic automatically sends them an email message.
Update users' job titles and roles from Account settings in the New Relic UI.
Create, modify and delete child accounts from Account settings in the New Relic UI.
Change someone else's password.
You cannot reset passwords for anyone else on the account, even if you are an Owner or Admin. Instead, follow standard procedures to request a password reset from New Relic.
Manage flexible data retention.
Subscribe and unsubscribe applications to New Relic One
Add, update, and delete Proactive Detection configurations.
Here is a summary of Admin and Add-on manager capabilities with New Relic Alerts. To allow a User or Restricted User to execute any of these functions in New Relic Alerts, assign an Alerts add-on manager role.
Admin and manager capabilities for Alerts include:
- Create or name alert policies.
- Specify incident preferences.
- Disable or define alert conditions.
- Provide runbook instructions.
- Select product targets.
- Alter alert condition thresholds.
- Create, modify, or delete notification channels.
Here is a summary of Admin and Add-on manager capabilities with New Relic APM. To allow a User or Restricted User to execute any of these functions in New Relic APM, assign an APM add-on manager role.
Admin and manager capabilities for APM include:
Here is a summary of Admin and Add-on manager capabilities with New Relic Browser. To allow a User or Restricted User to execute any of these functions in New Relic Browser, assign a Browser add-on manager role.
Admin and manager capabilities for Browser include:
Here is a summary of Admin and Add-on manager capabilities with New Relic Infrastructure. To allow a User or Restricted User to execute any of these functions in New Relic Infrastructure, assign an Infrastructure manager role.
Admin and manager capabilities for Infrastructure include:
- Create alert conditions in New Relic Infrastructure, including conditions for host not reporting.
- Add or modify integrations.
Here is a summary of Admin and Add-on manager capabilities with New Relic Insights.
To allow a User or Restricted User to execute any of these functions in New Relic Insights, assign an Insights manager role. These functions include:
New Relic Insights includes permission levels to share your Insights dashboards with others.
To give permission to delete a mobile app from New Relic, you can assign an Admin or Mobile manager role.
Here's a summary of Admin and Add-on manager capabilities with New Relic Synthetics. To allow a User or Restricted User to execute any of these functions in New Relic Synthetics, assign a Synthetics add-on manager role.
Admin and manager capabilities for Synthetics include:
- Create, edit, or delete monitors.
- Edit monitor scripts.
- Create, edit, or delete private locations.
- Create, edit, or delete monitor downtimes.
- Create, view, edit, or delete secure credentials.
For more information, see User roles in Synthetics.
Here's a summary of Admin and Add-on manager capabilities with New Relic One workloads:
To allow a User or Restricted User to execute these functions, assign the workloads manager add-on role.
If you need more help, check out these support and learning resources:
- Browse the Explorers Hub to get help from the community and join in discussions.
- Find answers on our sites and learn how to use our support portal.
- Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
- Review New Relic's data security and licenses documentation.