アプリケーションの権限

このページでは、Splunk AppDynamics のアプリケーション権限の概要について説明します。アプリケーション権限は、最上位(デフォルト)から最下位(階層固有)の順にリストされた 3 レベルの継承モデルに従っています。

  • デフォルト権限
  • アプリケーション全体の権限
  • ティア固有の権限

デフォルトでは、下位のレベルで権限をカスタマイズしていない限り、各レベルは 1 つ上のレベルから継承されます。このメカニズムにより、コントローラテナント UI で特定のビジネスアプリケーションに関してグループまたはユーザーにアクセス権を付与できます。

特定のレベルでカスタマイズされた権限は、別のレベルのより全般的な権限よりも優先されます。つまり、ティア固有の権限は、アプリケーション固有の権限よりも優先され、アプリケーション固有の権限はデフォルトの権限よりも優先されます。すべての権限を階層レベルでカスタマイズできるわけではありません。

テナント管理 UI の [Applications] タブからカスタムロールのアプリケーション権限を設定できます。Can Create Applications 権限をカスタムロールに割り当てることもできます。「対象カスタムロールの管理Splunk AppDynamics」を参照してください。

注: 多数のアプリケーションがあり、コントローラのパフォーマンスが低下している場合は、[Controller Settings] ページで roles.admin.high.performance.controller.enabled 設定を true に設定してください。

Create Default Permissions

All new applications inherit default permissions.

Configure Default Application Permissions

  1. Log in to the Tenant Administration UI.
  2. Navigate to Settings > Administration and selectRoles.
  3. Add a new role or select a custom role.
  4. Click Can Create Applications to grant the role permission.
  5. Click Can Create Mobile Applications to create Mobile Real User Monitoring applications.
  6. Under Default Permissions, select the default permissions for this role:View, Edit, or Delete.
    1. To give all permissions to all applications, click Edit.
    2. To specify permissions for specific application configurations for all applications, deselectEdit, and then clickEdit (None).
    3. In the Edit Permissions panel, select specific permissions.
    4. Click Delete to grant permissions to delete any application. To grant permission to delete a specific application, customize the permission at the application level. See Application and Tier Level Permissions.
  7. Click OK then click Save.

アプリケーション権限のカスタマイズ

ビジネス アプリケーションレベルの権限をカスタマイズするには、以下の手順に従います。
  1. [Permissions] ドロップダウンを [Custom] に設定します。
  2. View を選択し、次に Edit (None) を選択します。特定のアプリケーションを削除する権限を付与することもできます。
階層レベルで権限をカスタマイズするには、次の手順を実行します。
  1. [Add] をクリックして階層を追加するか、既存の階層を選択します。
  2. Edit を選択します。
  3. 特定の階層に対して個々の権限を選択します。
  4. [OK] をクリックし、次に [Save] をクリックします。

General Permissions

警告: Within specific and default permissions, granting specific permission takes precedence over denying the same permission elsewhere. For example, if you assign two roles in which one grants permission and the other role denies it, the user has permission for the activity.
PermissionDescription of ActivitiesMore Information
Can Create ApplicationsCreate business, browser, and mobile applications. Also controls the Archive Snapshot action. Business Applications
View, Edit, and Delete permissions for new applications can be set as part of the default permissions for a custom role

View, edit, or delete business applications (and the tiers and nodes), browser, and mobile applications.

Setting default delete permissions allows the user to delete all three artifacts from the application model.

Business Applications

Tiers and Nodes

Application and Tier Permissions

You can grant the following permissions as specified. Permissions that you can customize at the tier level are indicated in the Description of Activities Enabled column. Asterisks (*) in the permissions table indicate permissions that are considered sensitive for security and data privacy purposes. Carefully consider the security and data privacy policies of your organization before granting these permissions.

PermissionDescription of ActivitiesMore Information
Configure Transaction Detection*

Create, edit, or delete transaction detection - can be at the tier level.

Transaction Detection Rules

Configure Backend Detection

Create, edit, or delete backends - can be at the tier level.

Backend Detection Rules

Configure Error Detection

Create, edit, or delete error detection.

 Error Detection
Configure Diagnostic Data Collectors*

Create, edit, or delete diagnostic data collectors.

 Data Collectors
Configure Call Graph Settings
  • Edit call graph settings (no SQL)
  • Turn on or off capture raw SQL (call graph and SQL bind must both be on)
 Call Graph Settings
Configure JMX

Create, edit, or delete JMX metrics.

 Configure JMX Metrics from MBeans
Configure Memory Monitoring

Configure which custom classes are tracked by Object Instance Tracking. To activate or deactivate Object Instance Tracking, you need the Configure Agent Properties permission.

重要: To activate or deactivate Object Instance Tracking, you need the Configure Agent Properties permission.

Object Instance Tracking for Java

Configure EUM (for Browser RUM)

See End User Monitoring Permissions.

Configure the Controller UI for Browser RUM

Configure EUM (for Mobile RUM)

See End User Monitoring Permissions.

Configure the Controller UI for Mobile RUM

Configure Information Points*

Create, edit, or delete information points.

Information Points

Configure Health Rules

Create, edit, or delete health rules.

 Configure Health Rules
Configure Actions

Create, edit, or delete actions on agent properties UI.

Create, edit, or delete email digests.

Alert and Respond

Actions

Email Digests

Configure Policies

Create, edit, or delete policies.

Configure Policies

Configure Business Transactions

Organize Business Transactions including:

  • Group Business Transactions
  • Exclude/un-exclude Business Transactions
  • Delete Business Transactions
  • Enable Business Transaction lockdown
  • Rename Business Transactions

Configure Business Transaction thresholds.

Configure snapshot settings.

Set as a background task.

Configure data collectors.

Enable End User Monitoring.

Enable analytics for business transactions.

Activate or deactivate GUID injection.

Organize Business Transactions

Transaction Thresholds

Troubleshoot Business Transaction Performance with Transaction Snapshots

Monitor Background Tasks

Data Collectors

Set Up and Access Browser RUM

Collect Transaction Analytics Data

Business Transaction and Log Correlation

Configure Baselines

Create, edit, or delete baselines.

Dynamic Baselines

Configure SQL Bind Variables*

Turn on or off capture raw SQL (also requires Configure Call Graph Settings).

Call Graph Settings

Configure Agent Properties

Create, edit, or delete agent configuration (can be at the tier level).

Activate or deactivate automatic leak detection (can be at the tier level).

Activate or deactivate object instance tracking (can be at the tier level).

Activate or deactivate custom memory structure (can be at the tier level).

App Agent Node Properties

Object Instance Tracking for Java

Custom Memory Structures for Java

Agent Advanced Operation

Reset the agent from the node dashboard.

Request the agent thread dumps.

Request the agent debug logs.

Manage App Agents

Diagnostic Actions

Request Agent Log Files

Set JMX MBean Attributes and Invoke Operations

Edit MBean attributes or invokes actions on operations.

Monitor JMX

Configure Service Endpoints

Create, edit, or delete service endpoints.

Service Endpoint Detection

Configure Monitoring Level (Production/Deployment)

Switch between production and development mode.

Development Level Monitoring

Configure 'My Dashboards' for Tiers and Nodes

Create, edit or delete custom dashboards (can be at the tier level).

Create and Manage Custom Dashboards and Templates

Custom Dashboards

Create EventsCreate, edit, or delete events. Events and Action Suppression API
Start Diagnostic Sessions

Start a diagnostic session.

Diagnostic Sessions

View Sensitive Data*In combination with the Configure Transaction Detection permission, enables the use of Live Preview and Business Transaction Discovery features to stream live data from your application. Custom Match Rule Live Preview