Users, roles, permissions (original user model)

For users on our original user model, an introduction to how the user model works, including user roles and permissions, and how to add and manage users.

Requirements

This doc and the surrounding section of docs shows you how to manage users on our original user model. If you were a New Relic customer before July 30 2020 and haven't migrated your users to the new model, your users are on our original user model (and not the New Relic One model).

If you're an admin and want to see if you have users on the original model: If you can see users in the Users and roles UI, those users are on our original user model.

Updates about our new user model

In July of 2020, we released a new user model called the New Relic One user model, which offers many benefits in terms of how you manage your organization and users. At first this was only available to new sign-ups but over time we've been migrating more older customers to the new model. Some older customers are able to migrate their users on their own. We'll continue working on migrating users to the new model until the original model is fully deprecated.

One impact of the new user model is that it's possible now for users to have multiple logins associated with the same email. For example, a user with access to multiple organizations (like a contractor) may have their user record updated to the new user model in one organization, resulting in them having their original login method and records and a New Relic One user model record. This may result in the user being logged in to New Relic and not being able to find an account they're looking for. For more on that, see Factors affecting access.

If a user's email is associated with more than one login, they'll see a "multiple accounts found" note when logging in.

View and manage users in UI

If your New Relic account has users on our original user model, you can use the Users and roles UI. To access this: Click the account dropdown, click Account settings, and then click Users and roles.

Some features in the UI are visible only to account Owners and Admins.

Tip

You can also use the New Relic REST API to obtain a list of everyone and their roles in your New Relic account.

Here are some instructions and tips for adding and managing users via the UI:

Tip

Owner or Admins

To add a new user to your New Relic account:

Go to: account dropdown > Account settings > Users and roles > Users.
In the upper right corner, click New user.
Enter the appropriate name and email address.
Select their base role as either Admin, User, or Restricted.
Select Add user.
The new user will receive an email notification automatically from New Relic.
Important
New Relic recommends a maximum of 1,000 accounts per user. Additional accounts may result in limited access to some New Relic features.

Note that billing-related aspects of your count of full users only apply if you're on New Relic One pricing. If you're on our original pricing plan, billing impacts do not apply.

To update a user's type (basic user versus full user):

Go to: account dropdown > Account settings > Users and roles > Users.
Either select a user and edit their type or bulk update the type for multiple useres.
To control how basic users upgrade to become full users, from the Users and roles UI you can select Access requests. You have two options:

Automatic approval: With this option, basic users can automatically upgrade to be full users. This option allows your users to more easily troubleshoot problems.
Require review: With this option, your admins get a notification when basic users request an upgrade and must upgrade them first. You can approve them either from the notification email or from the user's entry in the Users and roles UI.
For more about user type, see User type.

If you're on New Relic One pricing plan, your count of full users is a factor in your billing. To see your count of full users, click the account dropdown and then click View your usage.

If you have a parent/child account structure (including a customer partnership), your count of full users may not match what you see when you go to Account settings > Users and roles. To examine users on a parent account's children accounts, go to a parent account's Account settings UI page, click on a child account, and go to that account's Users and roles UI page.

A New Relic account can have only one Owner role at any time. You must be the current account Owner to change your role to someone who currently has an Admin role for the account. If the current Owner is unavailable, contact your account representative at New Relic, or get support at support.newrelic.com.

You cannot delete or remove your assigned Owner role. However, if the account has one or more Admin role, you can change an Owner to an Admin.

Go to: account dropdown > Account settings > Account > Users and roles.
Above the Active users list, select Change owner. If an account has no Admins, this button won't be available.
Select someone who currently has an Admin role for the account.
Refresh the page for changes to take effect.
Your previous Owner role automatically changes to an Admin role.
To find out who is the current assigned Owner:
Go to: account dropdown > Account settings > Account > Users and roles.
View the Base role column to locate your account Owner.
The Change owner button is only visible to the current account Owner. If the current Owner is unable to change the role (for example, that person no longer is with your organization), contact your account representative at New Relic, or get support at support.newrelic.com.

User types: basic user and full user

Important

This section is for users on our original user model. If you're on our New Relic One user model, see our New Relic One user docs.

Starting March 2021, we ended the preview period for basic users on our original user model. The preview period gave these basic users the same permissions as full users. For more on this, see our Explorers Hub post on user type changes.

The user type (basic user or full user) determines what features a user has access to.

Below are details on the two user types. Note that billing-related aspects only apply if you're on New Relic One pricing. If you're on our original pricing plan, billing impacts do not apply.

Basic user. Details:
- These users have access to basic features like setting up reporting of data, running queries of data, making custom charts and dashboards, and setting up alerts. They do not have access to our more curated observability UI experiences (for more details on feature access, see Capabilities).
- Depending on access request settings, basic users can either upgrade themselves to be full users or request upgrade access from admins.
Full user. Details:
- Full users have access to everything (dependent on role restrictions), which includes our curated observability UI experiences, such as APM, infrastructure monitoring, browser monitoring, mobile monitoring, and synthetic monitors. For details, see Capabilities.
- For organizations on New Relic One pricing: these users are billable. The Standard edition includes one free full user and up to five total.

If a user in your organization is set as a basic user in one account and a full user in another, the user is considered a full user and has full user access on all accounts in that organization.

For how to edit a user's type, see Manage users.

Account roles

A New Relic account can have only one Owner. To share an account with other users in your organization, create Admins, Users, or Restricted Users.

Account role	Description
Owner	The person who initially creates the New Relic account and receives all billing queries. The Owner has complete access to all of the account information.
Admin	Can add, edit, and delete users, and can enable or set up features.
User	Can use (and optionally set up) New Relic features. In general, Admins take responsibility for setting up features, and Users and Restricted Users can use them.
Restricted User	One or more individuals who can view (but not set up or change) any New Relic features. The Restricted User role is useful, for example, for demos. You can change your New Relic session settings so that Restricted User logins do not time out, and then set the user interface to Kiosk mode.

Add-on roles

With add-on roles, you can grant variable levels of access to all users in your account, across the entire platform of New Relic products. This allows you to tailor your account permissions levels to suit the needs of Users and Restricted Users within your account.

Giving a User or Restricted User add-on manager access to a product grants them the equivalent of Admin capabilities within the product. They will continue to have User or Restricted User capabilities for all other New Relic products. For example, you could make a software engineer in your company a User in most products, but assign Admin-level access to APM. For another example, you might assign the Nerdpack manager role to a user, and that gives them the ability to subscribe and unsubscribe New Relic One applications to an account.

There are two types of add-on roles:

Add-on Manager roles are available to grant permissions on a per-product basis. Giving a User or Restricted User managed add-on access to a product grants them the equivalent of Admin capabilities within the product.
Custom add-on roles can grant feature-specific permissions across different New Relic products. For example, a group of Users could have the ability to acknowledge incidents and close violations in New Relic Alerts, but not have the ability to modify your existing alert preferences.

Individuals on a parent account automatically have the same level of access for all the child accounts of the parent account.

Below are options for managing both managed add-on roles and custom add-on roles:

Tip

Owner and Admins

Managed add-on roles are available by default for each New Relic product. Adding a managed role for a user grants them Admin-level permissions for the assigned product. They cannot be edited or deleted. To assign a managed add-on role for a User or Restricted User in your account:

Go to account dropdown > Account settings > Users and roles.
From the list of users associated with your account, select their name.
Under Add-on roles, select the type of manager role for the user.
To understand which capabilities may be added, use the Capabilities preview chart.
Features in the Capabilities preview chart may not exactly match what features are available for your subscription level.
Tip
You can also add, update, or delete users in bulk by using a CSV file.

Account permissions

Here is a summary of user permissions. Individuals on a parent account automatically have the same level of access for all the child accounts of that parent account. However, they won't receive email notifications for alerts or weekly reports for child accounts unless they are explicitly granted permission on those accounts.

Function	Owner	Admin	User	Restricted
Maintain billing information.
Change the account Owner.
Add, update, and delete account Admins, Users, and Restricted Users. When the account Owner and Admins add individuals to the account, New Relic automatically sends them an email message.
Update users' job titles and roles from Account settings in the New Relic UI.
Create, modify and delete child accounts from Account settings in the New Relic UI.
Update your own account information (name, password change or password reset request, default account, email preferences, etc.) from User preferences in the New Relic UI.
Change someone else's password. You cannot reset passwords for anyone else on the account, even if you are an Owner or Admin. Instead, follow standard procedures to request a password reset from New Relic.
View the list of individuals on the account from (account dropdown) > Account settings > Account > Summary in the New Relic UI.
Manage flexible data retention.
Subscribe and unsubscribe applications to New Relic One
Add, update, and delete Proactive Detection configurations.

Alert permissions

Here is a summary of Admin and Add-on manager capabilities with New Relic Alerts. To allow a User or Restricted User to execute any of these functions in New Relic Alerts, assign an Alerts add-on manager role.

Admin and manager capabilities for Alerts include:

Create or name alert policies.
Specify incident preferences.
Disable or define alert conditions.
Provide runbook instructions.
Select product targets.
Alter alert condition thresholds.
Create, modify, or delete notification channels.

APM permissions

Here is a summary of Admin and Add-on manager capabilities with APM. To allow a User or Restricted User to execute any of these functions in APM, assign an APM add-on manager role.

Admin and manager capabilities for APM include:

Remove applications from the New Relic UI.
Delete app traces and error traces.

Browser permissions

Here is a summary of Admin and Add-on manager capabilities with New Relic Browser. To allow a User or Restricted User to execute any of these functions in New Relic Browser, assign a Browser add-on manager role.

Admin and manager capabilities for Browser include:

Add, rename, or delete applications.
Manage whitelists.
Manage domain conditions.

Infrastructure permissions

Here is a summary of Admin and Add-on manager capabilities with New Relic Infrastructure. To allow a User or Restricted User to execute any of these functions in New Relic Infrastructure, assign an Infrastructure manager role.

Admin and manager capabilities for Infrastructure include:

Create alert conditions in New Relic Infrastructure, including conditions for host not reporting.
Add or modify integrations.

Insights permissions

Here is a summary of Admin and Add-on manager capabilities with New Relic Insights.

To allow a User or Restricted User to execute any of these functions, assign an Insights manager role. These functions include:

Create, view, modify, or delete Query API keys or Insert API keys.

Tip

New Relic Insights includes permission levels to share your Insights dashboards with others.

Mobile permissions

To give permission to delete a mobile app from New Relic, you can assign an Admin or Mobile manager role.

Synthetics permissions

Here's a summary of Admin and Add-on manager capabilities with New Relic Synthetics. To allow a User or Restricted User to execute any of these functions in New Relic Synthetics, assign a Synthetics add-on manager role.

Admin and manager capabilities for Synthetics include:

Create, edit, or delete monitors.
Edit monitor scripts.
Create, edit, or delete private locations.
Create, edit, or delete monitor downtimes.
Create, view, edit, or delete secure credentials.

For more information, see User roles in Synthetics.

Workloads permissions

Here's a summary of Admin and Add-on manager capabilities with New Relic One workloads:

Create, duplicate, modify, or delete workloads.
Link dashboards to workloads and save filters.

To allow a User or Restricted User to execute these functions, assign the workloads manager add-on role.

For more help

If you need more help, check out these support and learning resources:

Browse the Explorers Hub to get help from the community and join in discussions.
Find answers on our sites and learn how to use our support portal.
Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
Review New Relic's and and documentation.

Users, roles, permissions (original user model)

Requirements

Updates about our new user model

View and manage users in UI

Tip

Manage user type (basic vs full) and full user upgrades

Determine full user count

Enable SAML SSO and/or SCIM

View pending SAML SSO users

Update account roles

Delete a user

Update the account Owner