All users can perform certain default tasks. However, you must have the appropriate permissions to manage objects. If you do not have permission, UI menu selections and buttons required to perform management tasks are not visible.
Default Tasks
All users can:
-
View the dashboards, alerts, metrics, sources, events, maintenance windows, and alert notification pages.
Note: It’s possible that access to dashboards and alerts is limited. - Add dashboards to the list of favorites.
- View existing dashboards and charts.
- Create and interact with charts – but NOT save charts.
- Share links to dashboards and charts with other users.
- Access the user profile from the gear icon on the toolbar.
Users with the Super Admin service role have full administrative access to the service.
Operations for Applications Permissions
VMware Cloud services allows users with the VMware Cloud Organization Owner and Organization Administrator roles to perform access control for object management based on Operations for Applications permissions.
- Permissions can be assigned to roles only, and roles can be assigned to users, user groups, and server to server apps.
- For each permission, there is a corresponding built-in Operations for Applications service role with only that permission assigned.
- Permissions can be assigned to custom roles.
| Permission | Allows to |
|---|---|
| Admin | Manage the Operations for Applications organization settings: set the default display options, PromQL support, and the default way of building queries for all users of the service instance. Can define logs settings, if the logs feature is enabled. Can restrict access to new dashboards and alerts. Can manage service accounts, if enabled for the service instance. |
| Alerts | Create, edit, and delete alerts, alert targets, and maintenance windows. Also, can manage alert tags and view alert history. |
| Applications | Update the threshold (T) of the Application Performance Index (Apdex) score and create sampling policies. |
| Batch Query Priority | Queries executed by accounts with this permission are treated at a lower priority level, as if wrapped in the bestEffort() function. |
| Charts Embedding | Generate HTML snippets of charts in Operations for Applications and embed a corresponding interactive chart outside of Operations for Applications. Embedded chart URLs are associated with a specific user account. If a user embeds a chart and later that user’s account is removed, the embedded chart no longer works. |
| Dashboards | Create, manage, and delete dashboards and charts and manage dashboard tags. |
| Derived Metrics | Create and manage registered queries. Derived metrics support reingesting a query. |
| Direct Data Ingestion | Directly ingest metrics using the REST API or one of the SDKs, bypassing the proxy. Grant this permission only to users who have a deep understanding of APIs and the Operations for Applications ingestion path. |
| Events | Create, manage, and close user events and manage event tags. |
| External Links | Create, update, and delete external links. |
| Ingestion Policies | Create, edit, and delete ingestion policies. |
| Integrations | Install and uninstall integration dashboards and alerts. |
| Logs | View logs and drill into logs from charts, alerts, and traces. In combination with the Dashboards permission, you can create logs charts.
Note: Logs (Beta) is enabled only for selected customers. To participate, contact your Operations for Applications account representative. |
| Metrics | Manually hide and unhide metrics and metric prefixes. Also, can create and modify metrics security policy rules.
Important: Server to server apps must have this permission to run queries. |
| Proxies | View, create, and manage proxies and set up external integrations with AWS and other cloud services. |
| Sources | Manage sources and source tags. If you don’t have this permission, source tags will be rejected with a 403 error. |