User roles and access levels
Organization roles define the access users have to the organization’s settings and SolarWinds Observability SaaS resources.
User roles can be defined on a per-person level in the settings. If SAML is enabled, user roles can be defined based on a user's membership in the organization's identity provider group. See Set up role mapping.
If a user or a group is assigned to multiple roles, they gain access to all features, data, settings, and other rights for all of their assigned roles.
Organization roles
Organization Roles define the access users have to the organization’s settings and SolarWinds Observability SaaS resources.
-
Viewer roles have access to viewing the organization's resources, but cannot access the organization's activity log, Agents, API Access tokens, and security settings related to the organization.
-
Member roles have access to viewing the organization’s resources, but cannot access the organization's activity log and security settings related to the organization.
-
Admin roles have full access to the organization's settings, including security settings such as SAML, MFA, and session timeout. They can also manage the organization and its users.
-
Owner roles can do anything a member or admin can do. The Organization owner role cannot be defined via role mapping; define the Organization owner role for the user(s) manually in the Users section of settings. See Edit a user's access to the organization.
-
Users must have an organization role defined before they can log into SolarWinds Observability SaaS. If SAML role mapping is enabled, ensure all users are members of a group mapped to an organization role.
-
For a detailed overview of permissions for individual organization roles, click Settings > Permissions.
Custom roles
With custom roles, you can define granular permissions for users in your organization beyond the default out-of-the-box roles. This feature allows you to create, modify, and remove custom roles based on a predefined base role that serves as the foundation for permission inheritance.
The base role is a system-defined role that uses the same permissions as the out-of-the-box Member role and serves as the foundation for all custom roles in SolarWinds Observability SaaS.
When you create a custom role, any permissions not explicitly configured in the Create role side panel default to the permissions defined in the base role. This ensures that custom roles do not unintentionally inherit permissions from built-in roles such as Viewer or Admin.
The base role is fixed across the entire SolarWinds Observability SaaS environment and cannot be modified by users, ensuring consistent and predictable permission management across all custom roles.
Create a custom role
To create new custom roles, you must be either an organization owner or admin.
-
In SolarWinds Observability SaaS, click Settings > Permissions > Create role.
-
Type the name of the new role.
The role name must be unique (printable ASCII only). SolarWinds Observability SaaS validates the name you enter and provides feedback for name uniqueness and allowed characters.
-
Find the permissions you want to configure for the new role and select the access level (Full access, Ownership access, View only, or No access).
When setting up a custom role, you can choose from a limited set of permissions.
-
Click Submit.
You can create a custom role by duplicating an existing custom role. Click the vertical ellipsis () next to the custom role you want to copy, and click Duplicate. When the Create role side panel opens, it is prefilled with the duplicated permission values, allowing you to modify them before saving. You cannot duplicate out-of-the-box roles, only other custom roles.
Update a custom role
-
In SolarWinds Observability SaaS, click Settings > Permissions.
-
Click the vertical ellipsis (
) next to the custom role you want to edit > Edit role.
-
Change the role name. SolarWinds Observability SaaS validates the name you enter and provides feedback for name uniqueness and allowed characters.
-
Add or remove permissions and click Submit.
Delete a custom role
Only custom roles with no users assigned can be deleted.
-
In SolarWinds Observability SaaS, click Settings > Permissions.
-
Click the vertical ellipsis (
) next to the custom role you want to delete > Remove role.
-
Review the confirmation message and click Delete.
If a user is assigned to the role, a warning message appears and the Delete button is inactive.