• Log inFree account

Users, roles, permissions (original user model)

For users on our original user model: how user roles and permissions work on this model, and how to add and manage users.

Requirements

This section of docs shows you how to manage users on our original user model. If you can see users in the Users and roles UI, those users are on our original user model.

A New Relic user is prohibited from sharing their login with other people. A New Relic user can have a maximum of either three concurrent active sessions, or three unique IP addresses in use at any given time.

Updates about our new user model

In July of 2020, we released a new user model called the New Relic One user model, which offers many benefits in terms of how you manage your organization and users. At first this was only available to new sign-ups but over time we've been migrating older customers to the new model. Some older customers are able to self-serve the migration of their users. We'll continue working on migrating users to the new model until the original model is fully deprecated.

One impact of the new user model is that it's possible now for users to have multiple logins associated with the same email. For example, a user with access to multiple organizations (like a contractor) may have their user record updated to the new user model in one organization, resulting in them having their original login method and records and a New Relic One user model record. This may result in the user being logged in to New Relic and not being able to find an account they're looking for. For more on that, see Factors affecting access.

Multiple accounts

If a user's email is associated with more than one login, they'll see a "multiple accounts found" note when logging in.

View and manage users in UI

The Users and roles UI is used for managing users on our original user model. To find this UI: click the account dropdown, click Account settings, and then click Users and roles.

If you're on the New Relic One pricing model, see some important considerations.

You can also use the New Relic REST API to get a list of users for an account.

Here are instructions and considerations for some common user management tasks and scenarios:

User type

The user type is a billing factor only for organizations on our New Relic One pricing model.

A user's user type is what governs their maximum allowed set of New Relic capabilities. In practice, users will often have roles assigned to them that limit their capabilities in various ways, but the user type represents their maximum theoretical set of capabilities. For more information, see User type.

If a user in your organization is set as different user types in different accounts, the user is considered as whatever their highest user type is.

For how to edit a user's type, see Manage user type.

Account roles

Here are our default available roles:

Account role

Description

Owner

The person who initially creates a New Relic account and receives all billing queries. A New Relic account can have only one Owner. The Owner has complete access to all of the account information.

Admin

Can add, edit, and delete users, and can enable or set up features.

User

Can use (and optionally set up) New Relic features. In general, Admins take responsibility for setting up features, and Users and Restricted Users can use them.

Restricted User

One or more individuals who can view (but not set up or change) any New Relic features.

The Restricted User role is useful, for example, for demos. You can change your New Relic session settings so that Restricted User logins do not time out, and then set the user interface to Kiosk mode.

Add-on roles

Add-on roles let you grant more specific and granular access to your users. Giving a User or Restricted User add-on manager access grants them the equivalent of Admin capabilities for that feature category. They will continue to have User or Restricted User capabilities for all other New Relic products. For example, you could make a software engineer in your company a User and assign them the APM manager role to give them APM capabilities.

Original user model add-on roles UI

A view of the capabilities UI for the alerts manager

Individuals on a parent account automatically have the same level of access for all the child accounts of the parent account.

We have the following add-on manager roles:

  • Alerts manager
  • APM manager
  • Applied intelligence manager
  • Browser manager
  • Data retention manager
  • Incident intelligence manager
  • Incident workflows manager
  • Infrastructure manager
  • Insights manager
  • Logs manager
  • Mobile manager
  • Nerdpack manager
  • Synthetics manager
  • Workloads manager

To understand the capabilities that a role has, go to: account dropdown > Account settings > Users and roles > Roles and select a specific role. You can hover over specific capabilities to learn more details.

Here are some more details about some of our add-on manager roles:

Manage custom and add-on roles

Below are options for managing both managed add-on roles and custom add-on roles:

Account permissions

The table below gives a summary of roles and their permissions. Note that these are roles applicable only for our original user model.

Users in a parent account have the same level of access for all the child accounts of that parent account. However, those users won't receive email notifications for alerts or weekly reports for child accounts unless they are explicitly granted permission on those accounts.

Function

Owner

Admin

User

Restricted

Maintain billing information.

Change the account Owner.

Add, update, and delete account Admins, Users, and Restricted Users.

When the account Owner and Admins add individuals to the account, New Relic automatically sends them an email message.

Update users' job titles and roles from Account settings in the New Relic UI.

Create, modify and delete child accounts from Account settings in the New Relic UI.

Update your own account information (name, password change or password reset request, default account, email preferences, etc.) from User preferences in the New Relic UI.

Change someone else's password.

You cannot reset passwords for anyone else on the account, even if you are an Owner or Admin. Instead, follow standard procedures to request a password reset from New Relic.

View the list of individuals on the account from (account dropdown) > Account settings > Account > Summary in the New Relic UI.

Manage flexible data retention.

Subscribe and unsubscribe applications to New Relic One

Add, update, and delete proactive detection configurations.

Have more questions about access to New Relic? See Factors affecting access.

Bulk user management

With the Bulk user actions feature, you can add, update, or delete multiple users at once. This can be helpful for:

  • adding roles when multiple new employees start
  • deleting roles when multiple employees leave
  • giving multiple employees Admin roles

Update users in bulk

Some important rules and recommendations for making bulk user actions:

  • You cannot make updates to your own role or an Owner role.
  • You cannot edit an existing user's email address or name.
  • You should avoid editing an existing user by deleting and re-adding them because this can have unintended consequences (for example, API keys associated with the original user will be lost).

To add new user roles, update existing user roles, or delete user roles for users on the original user model:

  1. Go to: account dropdown > Account settings > Users and roles, and add /bulk_actions at the end of the URL.

    Example URL:

    https://account.newrelic.com/accounts/123456789/users/bulk_actions
  2. Download a Backup CSV file. Downloading a backup file keeps a record of the users in your account prior to changes being made, and allows you to easily re-add any users that may be removed accidentally.

  3. Download a CSV of users or a CSV template. Each bulk action (add, update, or delete) will require its own CSV file. New Relic recommends saving your files with an account number, date, and the bulk action being performed. For example: account_123456789_delete_users_2018-06-29

  4. Populate that sheet with only the users whose roles you'll be applying the chosen bulk action for. Remove users from the spreadsheet whose roles you do not want to change.

    Bulk action

    Fields

    Add

    Required fields: user email, name, type, base role

    Optional field: add-on role

    Update

    Required fields: user email (do not edit), name (do not edit), base role

    Optional field: add-on role

    Delete

    Required fields: only user email

  5. In the UI, select a CSV action: Add, Update, or Delete the users listed within the CSV file.

  6. Upload the new CSV, and select Save changes.

Bulk user management troubleshooting

If a user is removed or changed during your CSV file upload by mistake, you can add them back through another CSV file upload.

Important

Be aware that associated permissions may be lost when a user is deleted and re-added. For example, associated API keys will need to be re-added.

Copyright © 2022 New Relic Inc.