Learn about the permissions in the service.

Permissions allow access control for the feature sets in VMware Aria Operations for Applications (formerly known as Tanzu Observability by Wavefront). Super Admin users and users with the Accounts permission can manage permissions for groups and accounts.

The following list gives an overview of permissions. To learn more, click the link.

  • API Tokens

    A user with the API Tokens permission can generate API tokens for their user account. Service accounts cannot have this permission because only users with the Accounts permission can generate API tokens for service accounts.

  • Accounts

    Users with the Accounts permission can manage user and service accounts. They can create groups and add accounts to groups, create roles and assign permissions to those roles, and assign roles to groups. They can generate API tokens for service accounts and manage the API tokens of all user and service accounts.

  • Alerts

    Users with the Alerts permission can create, edit, and delete alerts as well as maintenance windows, manage alert tags and view alert history, and create, edit, and delete alert targets.

  • Applications

    Users with the Applications permission, can update the threshold (T) of the Application Performance Index (Apdex) score and create sampling policies.

  • Batch Query Priority

    When an account with the Batch Query Priority permission runs queries, Operations for Applications treats every query executed by that account as if it was wrapped in the bestEffort() function.

  • Chart Embedding

    Users with the Chart Embedding permission can generate HTML snippets of charts in Operations for Applications and embed a corresponding interactive chart outside of Operations for Applications. Embedded chart URLs are associated with a specific user account. If a user embeds a chart and later that user’s account is removed, the embedded chart no longer works.

  • Dashboards

    Users with the Dashboards permission can create, manage, and delete all dashboards and charts and manage dashboard tags.

  • Derived Metrics

    Users with the Derived Metrics permission can create and manage registered queries. Derived metrics support reingesting a query.

  • Direct Data Ingestion

    An account with the Direct Data Ingestion permission can directly ingest metrics using the REST API or one of the SDKs, bypassing the proxy. Grant this permission only to users who have a deep understanding of APIs and the Operations for Applications ingestion path.

  • Events

    Users with the Events permission can create, manage, and close user events and manage event tags.

  • External Links

    Users with the External Links permission can create, update, and delete external links.

  • Ingestion Policies

    Users with the Ingestion Policies permission can create, edit, and delete ingestion policies.

  • Integrations

    Users with the Integrations permission can install and uninstall integration dashboards, alerts, etc.

  • Logs

    Users with the Logs permission can view the Logs Browser and drill into logs from charts, alerts, and traces.

  • Metrics

    Service accounts must have this permission to run queries. Only accounts with the Metrics permission can manually hide and unhide metrics and metric prefixes. Only accounts with the Metrics permission can create and modify Metrics Security Policy Rules.

  • Proxies

    Users with the Proxies permission can view, create, and manage proxies and set up external integrations with AWS and other cloud services.

  • SAML IdP Admin

    Users with this permission can set up and configure SAML SSO.

  • Source Tags

    Users with the Source Tags permission can manage sources and source tags. If you don’t have the Source Tags permission, source tags will be rejected with a 403 error.