Application Permissions
This page provides an overview of application permissions in Splunk AppDynamics. Application permissions follow an inheritance model with three levels listed in order from highest (default) to lowest (tier-specific):
- Default permissions
- Application-wide permissions
- Tier-specific permissions
By default, each level inherits from the one above it, unless you customize permissions at a lower level. This mechanism enables you to grant access to groups or users for specific business applications in the Controller Tenant UI.
Customized permissions at a specific level override more general permissions at another level. That is, tier-specific permissions take precedence over application-specific permissions, and application-specific permissions override default permissions. Not all permissions can be customized at the tier level.
You can set application permissions for custom roles from the Applications tab in the Tenant Administration UI. You can also assign the Can Create Applications permission to a custom role. See Manage Custom Roles for Splunk AppDynamics.
Create Default Permissions
All new applications inherit default permissions.
Configure Default Application Permissions
- Log in to the Tenant Administration UI.
- Navigate to Settings
> Administration and selectRoles.
- Add a new role or select a custom role.
- Click Can Create Applications to grant the role permission.
- Click Can Create Mobile Applications to create Mobile Real User Monitoring applications.
- Under Default Permissions, select the default permissions for this role:View, Edit, or Delete.
- To give all permissions to all applications, click Edit.
- To specify permissions for specific application configurations for all applications, deselectEdit, and then clickEdit (None).
- In the Edit Permissions panel, select specific permissions.
- Click Delete to grant permissions to delete any application. To grant permission to delete a specific application, customize the permission at the application level. See Application and Tier Level Permissions.
- Click OK then click Save.
Customize Application Permissions
- Set the Permissions drop-down to Custom.
- Select View and then Edit (None). You can also grant permission to delete a specific application.
- Click Add to add tiers or select an existing tier.
- Select Edit.
- Select the individual permissions for the specific tier.
- Click OK then click Save.
General Permissions
| Permission | Description of Activities | More Information |
|---|---|---|
| Can Create Applications | Create business, browser, and mobile applications. Also controls the Archive Snapshot action. | Business Applications |
| View, Edit, and Delete permissions for new applications can be set as part of the default permissions for a custom role |
View, edit, or delete business applications (and the tiers and nodes), browser, and mobile applications. Setting default delete permissions allows the user to delete all three artifacts from the application model. |
Business Applications Tiers and Nodes |
Application and Tier Permissions
You can grant the following permissions as specified. Permissions that you can customize at the tier level are indicated in the Description of Activities Enabled column. Asterisks (*) in the permissions table indicate permissions that are considered sensitive for security and data privacy purposes. Carefully consider the security and data privacy policies of your organization before granting these permissions.
| Permission | Description of Activities | More Information |
|---|---|---|
| Configure Transaction Detection* |
Create, edit, or delete transaction detection - can be at the tier level. |
Transaction Detection Rules |
|
Configure Backend Detection |
Create, edit, or delete backends - can be at the tier level. |
Backend Detection Rules |
| Configure Error Detection |
Create, edit, or delete error detection. | Error Detection |
| Configure Diagnostic Data Collectors* |
Create, edit, or delete diagnostic data collectors. | Data Collectors |
| Configure Call Graph Settings |
| Call Graph Settings |
| Configure JMX |
Create, edit, or delete JMX metrics. | Configure JMX Metrics from MBeans |
| Configure Memory Monitoring |
Configure which custom classes are tracked by Object Instance Tracking. To activate or deactivate Object Instance Tracking, you need the Configure Agent Properties permission. Note: To activate or deactivate Object Instance Tracking, you need the Configure Agent Properties permission.
|
Object Instance Tracking for Java |
| Configure EUM (for Browser RUM) |
See End User Monitoring Permissions. |
Configure the Controller UI for Browser RUM |
| Configure EUM (for Mobile RUM) |
See End User Monitoring Permissions. |
Configure the Controller UI for Mobile RUM |
| Configure Information Points* |
Create, edit, or delete information points. |
Information Points |
| Configure Health Rules |
Create, edit, or delete health rules. | Configure Health Rules |
| Configure Actions |
Create, edit, or delete actions on agent properties UI. Create, edit, or delete email digests. |
Alert and Respond Actions Email Digests |
| Configure Policies |
Create, edit, or delete policies. |
Configure Policies |
|
Configure Business Transactions
|
Organize Business Transactions including:
Configure Business Transaction thresholds. Configure snapshot settings. Set as a background task. Configure data collectors. Enable End User Monitoring. Enable analytics for business transactions. Activate or deactivate GUID injection. |
Organize Business Transactions Transaction Thresholds Troubleshoot Business Transaction Performance with Transaction Snapshots Monitor Background Tasks Data Collectors Set Up and Access Browser RUM Collect Transaction Analytics Data Business Transaction and Log Correlation |
| Configure Baselines |
Create, edit, or delete baselines. |
Dynamic Baselines |
| Configure SQL Bind Variables* |
Turn on or off capture raw SQL (also requires Configure Call Graph Settings). |
Call Graph Settings |
| Configure Agent Properties |
Create, edit, or delete agent configuration (can be at the tier level). Activate or deactivate automatic leak detection (can be at the tier level). Activate or deactivate object instance tracking (can be at the tier level). Activate or deactivate custom memory structure (can be at the tier level). |
App Agent Node Properties Object Instance Tracking for Java Custom Memory Structures for Java |
| Agent Advanced Operation |
Reset the agent from the node dashboard. Request the agent thread dumps. Request the agent debug logs. |
Manage App Agents Diagnostic Actions Request Agent Log Files |
| Set JMX MBean Attributes and Invoke Operations |
Edit MBean attributes or invokes actions on operations. |
Monitor JMX |
| Configure Service Endpoints |
Create, edit, or delete service endpoints. |
Service Endpoint Detection |
| Configure Monitoring Level (Production/Deployment) |
Switch between production and development mode. |
Development Level Monitoring |
| Configure 'My Dashboards' for Tiers and Nodes |
Create, edit or delete custom dashboards (can be at the tier level). |
Create and Manage Custom Dashboards and Templates Custom Dashboards |
| Create Events | Create, edit, or delete events. | Events and Action Suppression API |
| Start Diagnostic Sessions |
Start a diagnostic session. |
Diagnostic Sessions |
| View Sensitive Data* | In combination with the Configure Transaction Detection permission, enables the use of Live Preview and Business Transaction Discovery features to stream live data from your application. | Custom Match Rule Live Preview |