• /
  • Log in
  • Free account

Users, roles, permissions (original user model)

For users on our original user model: how user roles and permissions work on this model, and how to add and manage users.

Requirements

This section of docs shows you how to manage users on our original user model. If you can see users in the Users and roles UI, those users are on our original user model.

A New Relic user is prohibited from sharing their login with other people. A New Relic user can have a maximum of either three concurrent active sessions, or three unique IP addresses in use at any given time.

Updates about our new user model

In July of 2020, we released a new user model called the New Relic One user model, which offers many benefits in terms of how you manage your organization and users. At first this was only available to new sign-ups but over time we've been migrating more older customers to the new model. Some older customers are able to migrate their users on their own. We'll continue working on migrating users to the new model until the original model is fully deprecated.

One impact of the new user model is that it's possible now for users to have multiple logins associated with the same email. For example, a user with access to multiple organizations (like a contractor) may have their user record updated to the new user model in one organization, resulting in them having their original login method and records and a New Relic One user model record. This may result in the user being logged in to New Relic and not being able to find an account they're looking for. For more on that, see Factors affecting access.

Multiple accounts

If a user's email is associated with more than one login, they'll see a "multiple accounts found" note when logging in.

View and manage users in UI

Before you manage users, here are some important things to know:

  • If your organization has multiple accounts, you aren't able to see all your organization's users in a single UI. To edit all your users, you'd have to go to the Users and roles UI for each account.
  • Some features in the UI are visible only to account Owners and Admins.

The Users and roles UI is used for managing users on our original user model. To find this UI: click the account dropdown, click Account settings, and then click Users and roles.

You can also use the New Relic REST API to get a list of users for an account.

Here are more detailed instructions for some common user management tasks:

User type

The user type is a billing factor only for organizations on our New Relic One pricing model.

A user's user type is what governs their maximum allowed set of New Relic capabilities. In practice, users will often have roles assigned to them that limit their capabilities in various ways, but the user type represents their maximum theoretical set of capabilities. For more information, see User type.

If a user in your organization is set as different user types in different accounts, the user is considered as whatever their highest user type is.

For how to edit a user's type, see Manage user type.

Account roles

Here are our default available roles:

Account role

Description

Owner

The person who initially creates the New Relic organization (set of related accounts) and receives all billing queries. A New Relic organization can have only one Owner. The Owner has complete access to all of the account information.

Admin

Can add, edit, and delete users, and can enable or set up features.

User

Can use (and optionally set up) New Relic features. In general, Admins take responsibility for setting up features, and Users and Restricted Users can use them.

Restricted User

One or more individuals who can view (but not set up or change) any New Relic features.

The Restricted User role is useful, for example, for demos. You can change your New Relic session settings so that Restricted User logins do not time out, and then set the user interface to Kiosk mode.

Add-on roles

Add-on roles let you grant more specific and granular access to your users. Giving a User or Restricted User add-on manager access to a product grants them the equivalent of Admin capabilities within the product. They will continue to have User or Restricted User capabilities for all other New Relic products. For example, you could make a software engineer in your company a User in most products, but assign Admin-level access to APM. For another example, you might assign the Nerdpack manager role to a user, and that gives them the ability to subscribe and unsubscribe New Relic One applications to an account.

There are two types of add-on roles:

  • Add-on manager roles are available to grant permissions on a per-product basis. Giving a User or Restricted User managed add-on access to a product grants them the equivalent of Admin capabilities within the product.
  • Custom add-on roles can grant feature-specific permissions across different New Relic products. For example, a group of Users could have the ability to acknowledge incidents and close violations in New Relic Alerts, but not have the ability to modify your existing alert preferences.

Individuals on a parent account automatically have the same level of access for all the child accounts of the parent account.

Below are options for managing both managed add-on roles and custom add-on roles:

Account permissions

Here is a summary of user permissions. Individuals on a parent account automatically have the same level of access for all the child accounts of that parent account. However, they won't receive email notifications for alerts or weekly reports for child accounts unless they are explicitly granted permission on those accounts.

Function

Owner

Admin

User

Restricted

Maintain billing information.

Change the account Owner.

Add, update, and delete account Admins, Users, and Restricted Users.

When the account Owner and Admins add individuals to the account, New Relic automatically sends them an email message.

Update users' job titles and roles from Account settings in the New Relic UI.

Create, modify and delete child accounts from Account settings in the New Relic UI.

Update your own account information (name, password change or password reset request, default account, email preferences, etc.) from User preferences in the New Relic UI.

Change someone else's password.

You cannot reset passwords for anyone else on the account, even if you are an Owner or Admin. Instead, follow standard procedures to request a password reset from New Relic.

View the list of individuals on the account from (account dropdown) > Account settings > Account > Summary in the New Relic UI.

Manage flexible data retention.

Subscribe and unsubscribe applications to New Relic One

Add, update, and delete Proactive Detection configurations.

Alert permissions

Here is a summary of Admin and Add-on manager capabilities with New Relic Alerts. To allow a User or Restricted User to execute any of these functions in New Relic Alerts, assign an Alerts add-on manager role.

Admin and manager capabilities for Alerts include:

APM permissions

Here is a summary of Admin and Add-on manager capabilities with APM. To allow a User or Restricted User to execute any of these functions in APM, assign an APM add-on manager role.

Admin and manager capabilities for APM include:

Browser permissions

Here is a summary of Admin and Add-on manager capabilities with New Relic Browser. To allow a User or Restricted User to execute any of these functions in New Relic Browser, assign a Browser add-on manager role.

Admin and manager capabilities for Browser include:

Infrastructure permissions

Here is a summary of Admin and Add-on manager capabilities with New Relic Infrastructure. To allow a User or Restricted User to execute any of these functions in New Relic Infrastructure, assign an Infrastructure manager role.

Admin and manager capabilities for Infrastructure include:

Insights permissions

Note that New Relic Insights has been deprecated.

To allow a User or Restricted User to execute any of these functions, assign an Insights manager role. The functions include the ability to create, view, modify, or delete:

Mobile permissions

To give permission to delete a mobile app from New Relic, you can assign an Admin or Mobile manager role.

Synthetics permissions

Here's a summary of Admin and Add-on manager capabilities with New Relic Synthetics. To allow a User or Restricted User to execute any of these functions in New Relic Synthetics, assign a Synthetics add-on manager role.

Admin and manager capabilities for Synthetics include:

For more information, see User roles in Synthetics.

Workloads permissions

Here's a summary of Admin and Add-on manager capabilities with New Relic One workloads:

To allow a User or Restricted User to execute these functions, assign the workloads manager add-on role.

Bulk user management

With the Bulk user actions feature, you can add, update, or delete multiple users at once. This can be helpful for:

  • adding roles when multiple new employees start
  • deleting roles when multiple employees leave
  • giving multiple employees Admin roles

Update users in bulk

Some important rules and recommendations for making bulk user actions:

  • You cannot make updates to your own role or an Owner role.
  • You cannot edit an existing user's email address or name.
  • You should avoid editing an existing user by deleting and re-adding them because this can have unintended consequences (for example, API keys associated with the original user will be lost).

To add new user roles, update existing user roles, or delete user roles for users on the original user model:

  1. Go to: account dropdown > Account settings > Users and roles, and add /bulk_actions at the end of the URL.

    Example URL:

    https://account.newrelic.com/accounts/123456789/users/bulk_actions
  2. Download a Backup CSV file. Downloading a backup file keeps a record of the users in your account prior to changes being made, and allows you to easily re-add any users that may be removed accidentally.

  3. Download a CSV of users or a CSV template. Each bulk action (add, update, or delete) will require its own CSV file. New Relic recommends saving your files with an account number, date, and the bulk action being performed. For example: account_123456789_delete_users_2018-06-29

  4. Populate that sheet with only the users whose roles you'll be applying the chosen bulk action for. Remove users from the spreadsheet whose roles you do not want to change.

    Bulk action

    Fields

    Add

    Required fields: user email, name, type, base role

    Optional field: add-on role

    Update

    Required fields: user email (do not edit), name (do not edit), base role

    Optional field: add-on role

    Delete

    Required fields: only user email

  5. In the UI, select a CSV action: Add, Update, or Delete the users listed within the CSV file.

  6. Upload the new CSV, and select Save changes.

Bulk user management troubleshooting

If a user is removed or changed during your CSV file upload by mistake, you can add them back through another CSV file upload.

Important

Be aware that associated permissions may be lost when a user is deleted and re-added. For example, associated API keys will need to be re-added.

Create issueEdit page
Copyright © 2021 New Relic Inc.