User Roles and Access Levels
Organization Roles define the access users have to the organization’s settings and resources across all SolarWinds Application Management products (AppOptics, Loggly, Papertrail, and Pingdom). Product Roles define the access users have to the individual product's data and settings.
If a user or a group is assigned to multiple roles, they gain access to all features, data, settings, and other rights for all of their assigned roles.
User roles, whether organization or product roles, can be defined on a per-person level in the common settings. If SAML is enabled, user roles can instead be defined based on a user's membership in the organization's identity provider group. See Set up role mapping
Organization roles
Organization Roles define the access users have to the organization’s settings and resources across SolarWinds Application Management products (AppOptics, Loggly, Papertrail, and Pingdom).
-
Member roles have access to viewing the organization’s resources, but cannot modify settings related to the organization.
-
Admin roles can also manage the organization, its users, the products activated, and the organization’s settings.
-
Owner roles can do anything a member or admin can do, but also are allowed to configure Security settings. The organization owner role cannot be defined via role mapping; define the organization owner role for the user(s) manually in the Users section of common settings. See Edit a user's access to the organization and products.
Users must have an organization role defined before they can log into a SolarWinds Application Management product. If SAML role mapping is enabled, ensure all users are members of a group mapped to an organization role. If users are only mapped to product roles, they will not be able to log into the product.
Product roles and access levels
Product Roles define the access users have to each individual product's data and settings.
AppOptics product roles
-
Member roles have access to AppOptics data and features.
-
Admin roles have access to all AppOptics data and features and can manage billing information.
-
Owner roles have access to all AppOptics data and features and can manage billing information.
Loggly product roles
-
User roles have access to log data, alerts or alerting endpoints, and the Loggly API; depending on the restrictions applied to the user in Loggly settings, access to data may be limited to a set of specific source groups
-
Admin roles have access to all log data, as well as the ability to add or remove customer tokens, set up and edit alerts or alerting endpoints, manage users and their access to log data, and modify account settings.
-
Owner roles have access to all log data, as well as the ability to add or remove customer tokens, set up and edit alerts or alerting endpoints, manage users and their access to log data, modify account settings, update billing details, and modify subscription settings.
All users for all account tiers can perform and save searches, and create trend graphs. Users of Standard and Pro accounts can also create custom dashboards, source groups, and more. To change Loggly product ownership and restrict access to log data, see Log access and product ownership.
Click here for details about what features are available by product role.
| Owner | Admin | User | |
|---|---|---|---|
| Change Account Owner | X | ||
| Change billing information | X | ||
| Modify the subscription settings | X | ||
| Add or remove users | X | ||
| Manage users' access to Loggly data and settings | X | ||
| Add or retire Customer Tokens | X | X | |
| Adjust account daily volume limit | X | X | |
| Add or edit the S3 archive folder | X | X | |
| Set up or edit alerts or alerting endpoints | X | X | X |
| View log data | X | X |
X *access may be limited to specific source groups |
| Create Saved Searches | X | X | X |
| Overwrite other users’ Saved Searches | X | X | X |
| Create Source Groups | X |
X |
X |
| *available to Standard and Pro subscription plans only | |||
| Edit other users’ Source Groups | X | X | X |
| *available to Standard and Pro subscription plans only | |||
| Create and edit custom dashboards | X | X | X |
| *available to Standard and Pro subscription plans only | |||
| API Access | X | X | X |
Papertrail product roles and access levels
Papertrail product roles define the access granted for Papertrail capabilities (settings and features), as well as log access permission levels. When access is defined in Papertrail settings, the users' product roles are defined by granting access to individual capabilities and permission levels. When defined in common settings, product roles are granted by selecting a product role (which encompasses a combination of capabilities accessible and log access permission levels).
While Papertrail is not part of the APM Integrated Experience, all SolarWinds Application Management products share common settings, including user role definitions.
Papertrail capabilities and log access permission levels
Papertrail capabilities include:
-
Manage users and permissions — access to all log data and capabilities, including the ability to manage users and their access to log data, modify account settings, update billing details, and modify subscription settings.
-
When Manage users and permissions is selected, all other capabilities are automatically selected at full permission levels and those other capabilities cannot be modified.
-
Change plans and payment — ability to update billing details, and modify subscription settings
-
Access to logs — ability to access log data.
Log access permissions define users' access level to the logs, which log groups they are permitted to access, and whether they can purge logs. The following log access permissions are available when Access to logs is selected:
- Access level
- Log groups
- Purge logs — grants access to the ability to purge searchable logs. This option is only available to those with full access to all log groups.
Granting access and roles to Papertrail users
When Papertrail users' access and permission levels are defined in Papertrail Members settings, capabilities and log access permissions are granted separately and log access can be restricted to specific groups. See Papertrail Access Control for more information.
When Papertrail users' access and permission levels are defined in SolarWinds Application Management common settings, capabilities and log access permissions are granted via product roles.
- Owner role
- Admin (full access) roles are given manage users and permissions access.
- Billing, purging, and all logs/alerts roles are given change plans and payment access, as well as full access to logs in all groups and the ability to purge logs.
- Billing and all logs/alerts roles are given change plans and payment access, as well as full access to logs in all groups.
- Billing and all logs roles are given change plans and payment access, as well as read-only access to logs in all groups.
- Billing and specific logs/alerts roles are given change plans and payment access, as well as full access to logs in specific groups. The specific log group(s) that the user can access are defined in Papertrail Members settings.
- Billing-only roles are given change plans and payment access.
- Purging and all logs/alerts roles are given full access to logs in all groups and the ability to purge logs.
- All logs/alerts roles are given full access to logs in all groups.
- All logs roles are given read-only access to logs in all groups.
- Specific logs/alerts roles are given full access to logs in specific groups. The specific log group(s) that the user can access are defined in Papertrail Members settings.
- Specific logs roles read-only access to logs in specific groups. The specific log group(s) that the user can access are defined in Papertrail Members settings.
If SAML role mapping is used to assign Product Roles to IdP groups, the Papertrail Members settings will be updated to reflect members' permissions as defined in SAML role mapping and only the definition of the specific log group(s) that members can access can be modified in Papertrail Members settings.
Click here for details about what access levels and features are available by product role.
| Owner | Admin (full access) | Billing, purging, and all logs/ alerts | Billing and all logs/ alerts | Billing and all logs | Billing and specific logs/ alerts | Billing-only | Purging and all logs/ alerts | All logs/ alerts | All logs | Specific logs/ alerts | Specific logs | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Manage users and their permissions | X | X | ||||||||||
| Update billing details, and modify subscription settings | X | X | X | X | X | X | X | |||||
| Full access to all logs and alerts | X | X | X | X | X | X | ||||||
|
Full access to logs and alerts in specific groups *the specific log groups are defined in Papertrail Members settings |
X | X | ||||||||||
| Read-only access to all logs | X | X | ||||||||||
|
Read-only access to logs in specific groups *the specific log groups are defined in Papertrail Members settings |
X | |||||||||||
| Purge searchable logs | X | X | X | X |
Pingdom product roles
- Viewer roles can view checks, reports, and outages.
- Editor roles can view reports, edit the public status page, and add, edit, and view checks.
- Admin roles can view reports, edit the public status page, and add, edit, and view checks, as well as change subscription information.
- Owner roles can view reports, edit the public status page, and add, edit, and view checks, as well as change subscription information
Pingdom alerts can also be sent to contacts that aren't SolarWinds Application Management users. These contacts can receive alerts, but cannot log in to the application or access additional data.
Navigation Notice: When the APM Integrated Experience is enabled, the products that make up the APM Integrated Experience share a common navigation and enhanced feature set. For documentation about features powered by AppOptics, click here. For features powered by Loggly, click here. For features powered by Pingdom, click here.