For users on our original user model: how user roles and permissions work on this model, and how to add and manage users.
A New Relic user is prohibited from sharing their login with other people. A New Relic user can have a maximum of either three concurrent active sessions, or three unique IP addresses in use at any given time.
In July of 2020, we released a new user model called the New Relic One user model, which offers many benefits in terms of how you manage your organization and users. At first this was only available to new sign-ups but over time we've been migrating older customers to the new model. Some older customers are able to self-serve the migration of their users. We'll continue working on migrating users to the new model until the original model is fully deprecated.
One impact of the new user model is that it's possible now for users to have multiple logins associated with the same email. For example, a user with access to multiple organizations (like a contractor) may have their user record updated to the new user model in one organization, resulting in them having their original login method and records and a New Relic One user model record. This may result in the user being logged in to New Relic and not being able to find an account they're looking for. For more on that, see Factors affecting access.
If you're on the New Relic One pricing model, see some important considerations.
You can also use the New Relic REST API to get a list of users for an account.
Here are instructions and considerations for some common user management tasks and scenarios:
The user type is a billing factor only for organizations on our New Relic One pricing model.
A user's user type is what governs their maximum allowed set of New Relic capabilities. In practice, users will often have roles assigned to them that limit their capabilities in various ways, but the user type represents their maximum theoretical set of capabilities. For more information, see User type.
If a user in your organization is set as different user types in different accounts, the user is considered as whatever their highest user type is.
For how to edit a user's type, see Manage user type.
Here are our default available roles:
The person who initially creates the New Relic organization (set of related accounts) and receives all billing queries. A New Relic organization can have only one Owner. The Owner has complete access to all of the account information.
Can add, edit, and delete users, and can enable or set up features.
Can use (and optionally set up) New Relic features. In general, Admins take responsibility for setting up features, and Users and Restricted Users can use them.
One or more individuals who can view (but not set up or change) any New Relic features.
The Restricted User role is useful, for example, for demos. You can change your New Relic session settings so that Restricted User logins do not time out, and then set the user interface to Kiosk mode.
Add-on roles let you grant more specific and granular access to your users. Giving a User or Restricted User add-on manager access to a product grants them the equivalent of Admin capabilities within the product. They will continue to have User or Restricted User capabilities for all other New Relic products. For example, you could make a software engineer in your company a User in most products, but assign Admin-level access to APM. For another example, you might assign the Nerdpack manager role to a user, and that gives them the ability to subscribe and unsubscribe New Relic One applications to an account.
There are two types of add-on roles:
- Add-on manager roles are available to grant permissions on a per-product basis. Giving a User or Restricted User managed add-on access to a product grants them the equivalent of Admin capabilities within the product.
- Custom add-on roles can grant feature-specific permissions across different New Relic products. For example, a group of Users could have the ability to acknowledge incidents and close violations in New Relic Alerts, but not have the ability to modify your existing alert preferences.
Individuals on a parent account automatically have the same level of access for all the child accounts of the parent account.
Below are options for managing both managed add-on roles and custom add-on roles:
Here is a summary of user permissions. Individuals on a parent account automatically have the same level of access for all the child accounts of that parent account. However, they won't receive email notifications for alerts or weekly reports for child accounts unless they are explicitly granted permission on those accounts.
Change the account Owner.
When the account Owner and Admins add individuals to the account, New Relic automatically sends them an email message.
Update users' job titles and roles from Account settings in the New Relic UI.
Create, modify and delete child accounts from Account settings in the New Relic UI.
Change someone else's password.
You cannot reset passwords for anyone else on the account, even if you are an Owner or Admin. Instead, follow standard procedures to request a password reset from New Relic.
Manage flexible data retention.
Subscribe and unsubscribe applications to New Relic One
Add, update, and delete Proactive Detection configurations.
Here is a summary of Admin and Add-on manager capabilities with New Relic Alerts. To allow a User or Restricted User to execute any of these functions in New Relic Alerts, assign an Alerts add-on manager role.
Admin and manager capabilities for Alerts include:
- Create or name alert policies.
- Specify incident preferences.
- Disable or define alert conditions.
- Provide runbook instructions.
- Select product targets.
- Alter alert condition thresholds.
- Create, modify, or delete notification channels.
Here is a summary of Admin and Add-on manager capabilities with APM. To allow a User or Restricted User to execute any of these functions in APM, assign an APM add-on manager role.
Admin and manager capabilities for APM include:
Here is a summary of Admin and Add-on manager capabilities with New Relic Browser. To allow a User or Restricted User to execute any of these functions in New Relic Browser, assign a Browser add-on manager role.
Admin and manager capabilities for Browser include:
Here is a summary of Admin and Add-on manager capabilities with New Relic Infrastructure. To allow a User or Restricted User to execute any of these functions in New Relic Infrastructure, assign an Infrastructure manager role.
Admin and manager capabilities for Infrastructure include:
- Create alert conditions in New Relic infrastructure, including conditions for host not reporting.
- Add or modify integrations.
Note that New Relic Insights has been deprecated.
To allow a User or Restricted User to execute any of these functions, assign an Insights manager role. The functions include the ability to create, view, modify, or delete:
- Query API keys: Note that we now recommend using NerdGraph and not the Insights query API.
- Insert API keys: Note that we now recommend using the license key instead.
To give permission to delete a mobile app from New Relic, you can assign an Admin or Mobile manager role.
Here's a summary of Admin and Add-on manager capabilities with New Relic Synthetics. To allow a User or Restricted User to execute any of these functions in New Relic Synthetics, assign a Synthetics add-on manager role.
Admin and manager capabilities for Synthetics include:
- Create, edit, or delete monitors.
- Edit monitor scripts.
- Create, edit, or delete private locations.
- Create, edit, or delete monitor downtimes.
- Create, view, edit, or delete secure credentials.
For more information, see User roles in Synthetics.
Here's a summary of Admin and Add-on manager capabilities with New Relic One workloads:
To allow a User or Restricted User to execute these functions, assign the workloads manager add-on role.
With the Bulk user actions feature, you can add, update, or delete multiple users at once. This can be helpful for:
- adding roles when multiple new employees start
- deleting roles when multiple employees leave
- giving multiple employees Admin roles
Some important rules and recommendations for making bulk user actions:
- You cannot make updates to your own role or an Owner role.
- You cannot edit an existing user's email address or name.
- You should avoid editing an existing user by deleting and re-adding them because this can have unintended consequences (for example, API keys associated with the original user will be lost).
To add new user roles, update existing user roles, or delete user roles for users on the original user model:
Go to: account dropdown > Account settings > Users and roles, and add
/bulk_actionsat the end of the URL.
Download a Backup CSV file. Downloading a backup file keeps a record of the users in your account prior to changes being made, and allows you to easily re-add any users that may be removed accidentally.
Download a CSV of users or a CSV template. Each bulk action (add, update, or delete) will require its own CSV file. New Relic recommends saving your files with an account number, date, and the bulk action being performed. For example:
Populate that sheet with only the users whose roles you'll be applying the chosen bulk action for. Remove users from the spreadsheet whose roles you do not want to change.
Required fields: user email, name, type, base role
Optional field: add-on role
Required fields: user email (do not edit), name (do not edit), base role
Optional field: add-on role
Required fields: only user email
In the UI, select a CSV action: Add, Update, or Delete the users listed within the CSV file.
Upload the new CSV, and select Save changes.
If a user is removed or changed during your CSV file upload by mistake, you can add them back through another CSV file upload.
Be aware that associated permissions may be lost when a user is deleted and re-added. For example, associated API keys will need to be re-added.