NerdGraph tutorial: Create custom role for Teams

preview

We're still working on this feature, but we'd love for you to try it out!

This feature is currently provided as part of a preview program pursuant to our pre-release policies.

New Relic Teams lets you connect the entities you're monitoring to the teams who own them. When you can easily see who owns an entity, you can speed up troubleshooting, enhance team collaboration, and improve your operational efficiency.

Default Teams access

New Relic provides default access to Teams through these standard roles:

Read Access: All users have read access to Teams, including metadata such as contact information, team members, and other relevant details.
Modify Teams: Users with the Organization Product Admin role can modify Teams. This is a new role assigned to all users who currently have the All Product Admin role.
Create & Delete Teams: Users with Organization Manager or Authentication Manager roles can create and delete Teams.

You might need a custom role if the default permissions don't meet your organization's needs. This tutorial shows you how to use NerdGraph GraphQL mutations to create a custom role for managing Teams.

Process overview

To create a Teams administrator custom role, you'll need to:

Retrieve all the organization-scoped capabilities
Retrieve your organization ID
Identify the required permission IDs for Teams
Create the custom role for Teams administrator
Add the custom role to a user group

Prerequisites

Before you begin, ensure you have:

General NerdGraph requirements
Organization Admin role permissions to create custom roles

Mutations

New Relic provides various NerdGraph mutations to create custom role for Team managers.

Use the customerAdministration mutation to retrieve a list of capabilities, their permission ID’s, and related information.

Input parameters

Parameter	Data Type	Is it Required?	Description
`eq`	String	Yes	Set the value to `organization` to retrieve role for Teams.

Sample request

{
  customerAdministration {
    permissions(filter: { scope: { eq: "organization" } }) {
      items {
        feature
        category
        id
        product
      }
    }
  }
}

Sample response

{
  "data": {
    "customerAdministration": {
      "permissions": {
        "items": [
          {
            "category": "READ",
            "feature": "Teams",
            "id": "xxxxx",
            "product": "New Relic One"
          },
          {
            "category": "OTHER",
            "feature": "Teams",
            "id": "xxxxxx",
            "product": "New Relic One"
          },
          {
            "category": "DELETE",
            "feature": "Teams",
            "id": "xxxxx",
            "product": "New Relic One"
          },
          {
            "category": "MODIFY",
            "feature": "Teams",
            "id": "xxxxxx",
            "product": "New Relic One"
          }
        ]
      }
    }
  }
}

Next step: From the response, identify and copy the permission IDs where:

category: "MANAGE" (or the appropriate category for your needs)
feature: "Teams"

You'll need these IDs for the next step.

Retrieve your organization ID, which you'll use in subsequent mutations.

Sample request

{
  actor {
    organization {
      id
    }
  }
}

Sample response

{
  "data": {
    "actor": {
      "organization": {
        "id": "xxx****xxx-xx**00**-xxx-x*x*-xx**XXX**XX"
      }
    }
  }
}

Next step: Copy your organization ID from the response. You'll need it to create the custom role.

Use the customRoleCreate mutation to create your custom role for Teams management.

Input parameters

Parameter	Data Type	Is it Required?	Description
`id`	String	Yes	The organization ID copied in the previous step.
`type`	String	Yes	Set the type to `organization`.
`name`	String	Yes	The name of the role.
`permissionId`	Array of Integers	Yes	The permission IDs for Teams features retrieved in the first step.
`scope`	String	Yes	Set the scope to `organization`.

Sample request

mutation {
  customRoleCreate(
    container: {
      id: "xxx****xxx-xx**00**-xxx-x*x*-xx**XXX**XX"
      type: "organization"
    }
    name: "Teams manager"
    permissionIds: [xxxxx, xxxxx]
    scope: "organization"
  ) {
    id
  }
}

Sample response

{
  "data": {
    "customRoleCreate": {
      "id": 9999999
    }
  }
}

Next step: Save the returned role ID. You'll need it to assign this role to a user group.

After creating the custom role, you need to assign it to a user group in New Relic.

Step 1: Retrieve group IDs

Use the customerAdministration mutation to get a list of available user groups.

Input parameters

Parameter	Data Type	Is it Required?	Description
`id`	String	Yes	The organization ID copied in the previous step.

Sample request

{
  customerAdministration {
    groups(
      filter: {
        organizationId: { eq: "xxx****xxx-xx**00**-xxx-x*x*-xx**XXX**XX" }
      }
    ) {
      nextCursor
      items {
        id
        name
        users {
          items {
            id
            email
          }
        }
      }
    }
  }
}

Next step: From the response, copy the group ID for the group you want to assign the Teams role to.

Step 2: Assign the role to a user group

Use the authorizationManagementGrantAccess mutation to assign the custom role to a user group.

Input parameters

Parameter	Data Type	Is it Required?	Description
`roleId`	String	Yes	The custom role ID from the previous step.
`groupId`	String	Yes	The group ID from Step 1.

Sample request

mutation {
  authorizationManagementGrantAccess(
    grantAccessOptions: {
      organizationAccessGrants: { roleId: "99999999" }
      groupId: "xxx****xxx-xx**00**-xxx-x*x*-xx**XXX**XX"
    }
  ) {
    roles {
      id
      name
      organizationId
      roleId
      groupId
      displayName
    }
  }
}

Sample response

{
  "data": {
    "authorizationManagementGrantAccess": {
      "roles": [
        {
          "displayName": "Teams manager",
          "groupId": null,
          "id": "99999999",
          "name": "teams_manager",
          "organizationId": "xxx****xxx-xx**00**-xxx-x*x*-xx**XXX**XX",
          "roleId": 99999
        }
      ]
    }
  }
}

What's next

After successfully creating and assigning your custom Teams role, users in the assigned group will have the permissions you configured. You can:

Monitor the role's usage through your organization's user management
Modify the role permissions if needed using similar NerdGraph mutations
Create additional custom roles for different levels of Teams access

For more information about Teams, see our Teams documentation.

NerdGraph tutorial: Create custom role for Teams

preview

Default Teams access

Process overview

Prerequisites

Mutations

Retrieve organization-scoped capabilities

Input parameters

Sample request

Sample response

Retrieve your organization ID

Sample request

Sample response

Create custom role

Input parameters

Sample request

Sample response

Add custom role to a user group

Step 1: Retrieve group IDs

Input parameters

Sample request

Step 2: Assign the role to a user group

Input parameters

Sample request

Sample response

What's next

NerdGraph tutorial: Create custom role for Teams

preview

Default Teams access.css-21sua1{background:none;border:none;width:0;padding:0;}

Process overview

Prerequisites

Mutations

Retrieve your organization ID

Create custom role

Add custom role to a user group

What's next

Default Teams access