Learn about the permissions in VMware Aria Operations for Applications on VMware Cloud services.

All users can perform certain default tasks. However, you must have the appropriate permissions to manage objects. If you do not have permission, UI menu selections and buttons required to perform management tasks are not visible.

Default Tasks

All users can:

  • View the dashboards, alerts, metrics, sources, events, maintenance windows, and alert notification pages.

  • Add dashboards to the list of favorites.
  • View existing dashboards and charts.
  • Create and interact with charts – but NOT save charts.
  • Share links to dashboards and charts with other users.
  • Access the user profile from the gear icon on the toolbar.

Users with the Super Admin service role have full administrative access to the service.

Operations for Applications Permissions

VMware Cloud services allows users with the VMware Cloud Organization Owner and Organization Administrator roles to perform access control for object management based on Operations for Applications permissions.

  • Permissions can be assigned to roles only, and roles can be assigned to users, user groups, and server to server apps.
  • For each permission, there is a corresponding built-in Operations for Applications service role with only that permission assigned.
  • Permissions can be assigned to custom roles.
Permission Allows to
Admin Manage the Operations for Applications organization settings: set the default display options, PromQL support, and the default way of building queries for all users of the service instance. Can define logs settings, if the logs feature is enabled. Can restrict access to new dashboards and alerts. Can manage service accounts, if enabled for the service instance.
Alerts Create, edit, and delete alerts, alert targets, and maintenance windows. Also, can manage alert tags and view alert history.
Applications Update the threshold (T) of the Application Performance Index (Apdex) score and create sampling policies.
Batch Query Priority Queries executed by accounts with this permission are treated at a lower priority level, as if wrapped in the bestEffort() function.
Charts Embedding Generate HTML snippets of charts in Operations for Applications and embed a corresponding interactive chart outside of Operations for Applications. Embedded chart URLs are associated with a specific user account. If a user embeds a chart and later that user’s account is removed, the embedded chart no longer works.
Dashboards Create, manage, and delete dashboards and charts and manage dashboard tags.
Derived Metrics Create and manage registered queries. Derived metrics support reingesting a query.
Direct Data Ingestion Directly ingest metrics using the REST API or one of the SDKs, bypassing the proxy. Grant this permission only to users who have a deep understanding of APIs and the Operations for Applications ingestion path.
Events Create, manage, and close user events and manage event tags.
External Links Create, update, and delete external links.
Ingestion Policies Create, edit, and delete ingestion policies.
Integrations Install and uninstall integration dashboards and alerts.
Logs View logs and drill into logs from charts, alerts, and traces. In combination with the Dashboards permission, you can create logs charts.

Note: Logs (Beta) is enabled only for selected customers. To participate, contact your Operations for Applications account representative.

Metrics Manually hide and unhide metrics and metric prefixes. Also, can create and modify metrics security policy rules.

Important: Server to server apps must have this permission to run queries.

Proxies View, create, and manage proxies and set up external integrations with AWS and other cloud services.
Sources Manage sources and source tags. If you don’t have this permission, source tags will be rejected with a 403 error.