New Relic Teams lets you connect the entities you're monitoring to the teams who own them. When you can easily see who owns an entity, you can speed up troubleshooting, enhance team collaboration, and improve your operational efficiency.
Default Teams access
New Relic provides default access to Teams through these standard roles:
Action | Required role |
|---|---|
View teams | |
Modify teams | |
Create and delete teams |
You might need a custom role if the default permissions don't meet your organization's needs.
Teams capabilities
When building a custom role for Teams, use the permissions below. Teams permissions are organization-scoped.
Capability | Permission identifier |
|---|---|
Read teams |
|
Delete teams |
|
Create teams |
|
Modify teams |
|
Read access to the automations/settings page |
|
Modify access to the automations/settings page |
|
Create teams from IdP user groups (for example, Okta) |
|
Prerequisites
Before you begin, ensure you have:
- General NerdGraph requirements
- Organization Admin with
Authentication Domain Managerrole to create custom roles
Tip
You can also create a custom role for Teams through the UI. For the permissions to select and the scope to use, see Teams capabilities.
To create a custom role via the NerdGraph API, perform the following steps:
Find the required permission IDs for Teams
Use the customerAdministration query to retrieve a list of capabilities, their permission IDs, and related information. Filter by scope: "organization" to get Teams permissions.
Input parameters
Parameter | Data Type | Is it Required? | Description |
|---|---|---|---|
| String | Yes | Set the value to |
Sample request
{ customerAdministration { permissions(filter: { scope: { eq: "organization" } }) { items { feature category id product } } }}Sample response
{ "data": { "customerAdministration": { "permissions": { "items": [ { "category": "READ", "feature": "Teams", "id": "xxxxx", "product": "New Relic One" }, { "category": "OTHER", "feature": "Teams", "id": "xxxxxx", "product": "New Relic One" }, { "category": "DELETE", "feature": "Teams", "id": "xxxxx", "product": "New Relic One" }, { "category": "MODIFY", "feature": "Teams", "id": "xxxxxx", "product": "New Relic One" } ] } } }}From the response, identify and copy the permission IDs where feature is "Teams" and the category matches the access level you want to grant. You'll need these IDs in the next step.
Retrieve your organization ID
Retrieve your organization ID, which you'll use in subsequent mutations.
Sample request
{ actor { organization { id } }}Sample response
{ "data": { "actor": { "organization": { "id": "YOUR_ORGANIZATION_ID" } } }}Copy your organization ID from the response. You'll need it to create the custom role.
Create the custom role
Use the customRoleCreate mutation to create your custom role for Teams management.
Input parameters
Parameter | Data Type | Is it Required? | Description |
|---|---|---|---|
| String | Yes | The organization ID from the previous step. |
| String | Yes | Set to |
| String | Yes | The display name for the custom role. |
| Array of Integers | Yes | The Teams permission IDs identified in Step 1. |
| String | Yes | Set to |
Sample request
mutation { customRoleCreate( container: { id: "YOUR_ORGANIZATION_ID", type: "organization" } name: "Teams manager" permissionIds: [xxxxx, xxxxx] scope: "organization" ) { id }}Sample response
{ "data": { "customRoleCreate": { "id": 9999999 } }}Save the returned role ID — you'll need it to assign this role to a user group.
Add the custom role to a user group
After creating the custom role, assign it to a user group in New Relic.
Retrieve group IDs
Use the customerAdministration query to get a list of available user groups.
Input parameters
Parameter | Data Type | Is it Required? | Description |
|---|---|---|---|
| String | Yes | The organization ID from the previous step. |
Sample request
{ customerAdministration { groups(filter: { organizationId: { eq: "YOUR_ORGANIZATION_ID" } }) { nextCursor items { id name users { items { id email } } } } }}From the response, copy the group ID for the group you want to assign the Teams role to.
Assign the role to the group
Use the authorizationManagementGrantAccess mutation to assign the custom role to a user group.
Input parameters
Parameter | Data Type | Is it Required? | Description |
|---|---|---|---|
| String | Yes | The custom role ID from the previous step. |
| String | Yes | The group ID retrieved above. |
Sample request
mutation { authorizationManagementGrantAccess( grantAccessOptions: { organizationAccessGrants: { roleId: "YOUR_ROLE_ID" } groupId: "YOUR_GROUP_ID" } ) { roles { id name organizationId roleId groupId displayName } }}Sample response
{ "data": { "authorizationManagementGrantAccess": { "roles": [ { "displayName": "Teams manager", "groupId": null, "id": "99999999", "name": "teams_manager", "organizationId": "YOUR_ORGANIZATION_ID", "roleId": 99999 } ] } }}Manage existing custom roles
For more information about Teams, see the Teams documentation.