User role descriptions

Applies to NAM 2018

Important: This is a list of user roles available starting with Dynatrace NAM 2018. For roles available in earlier releases, see User role descriptions - earlier releases.

Role: Guest

Every user starts with this basic role because every user is a member of the "everybody" group, and all members of "everybody" are assigned the "Guest" role automatically.

A Guest can

  • Browse reports and dashboards assigned to this user.

DMI

  • Report execution
  • Report favorite
  • Remote dashboards

Configuration

  • My profile

Role: Reporting user

A Reporting user can

  • Browse reports and dashboards assigned to this user.
  • Create reports and dashboards, and save static versions of the reports and dashboards (as pdf or mht files).
  • Save reports and dashboards for this user only. (This user's dashboards and reports are not visible to other users.)

DMI

  • Report execution
  • Report favorite
  • Report editing + favorites column
  • Report saving in own section, without preload, user/groups, email
  • Distributed reports visibility
  • Remote dashboards

Configuration

  • My profile

Role: Packet capture user

A Packet capture User can capture packets and has broad reporting access:

  • Can view reports assigned to this user.
  • Can view the default dashboards, but cannot make changes to any component or feature.
  • Can access custom dashboards and any drill-down reports assigned to this user.
  • Can use the DMI to create and view reports.
  • Can use the packet data mining tool to capture packets.
  • Can not save report definitions – changes are not persistent from session to session. However, this user can save a static version of a report as a .pdf or .mht file.

Role: Reporting power user

A Reporting power user can

  • Browse all reports and dashboards.
  • Create reports and dashboards, and save static versions of the reports and dashboards (as pdf or mht files).
  • Save reports and dashboards for all users. (This user's dashboards and reports are visible to other users.)

DMI

  • Report execution
  • Report favorite
  • Report editing + favorites column
  • Global aliases
  • Report saving in own section, without preload, user/groups, email
  • Saving report in new location
  • Overwriting another person's report
  • Assigning a report to users
  • Scheduling a report (send by e-mail, preload)
  • Import a report (logs)
  • Export a report (logs)
  • REST API for DMI (read only)
  • Distributed reports visibility
  • All reports visibility
  • Granting privileges to a section
  • Remote dashboards

Configuration

  • My profile

Role: Reporting administrator

A Reporting administrator can

  • Browse all reports and dashboards.
  • Create reports and dashboards, and save static versions of the reports and dashboards (as pdf or mht files).
  • Save reports and dashboards for all users. (This user's dashboards and reports are visible to other users.)
  • Use all DMI features.
  • Access screens to add local users and assign roles and user groups.

DMI

  • Report execution
  • Report favorite
  • Report editing + favorites column
  • Global aliases
  • Report saving in own section, without preload, user/groups, email
  • Saving report in new location
  • Overwriting another person's report
  • Assigning a report to users
  • Scheduling a report (send by e-mail, preload)
  • Import a report (logs)
  • Export a report (logs)
  • REST API for DMI (read only)
  • Partner export
  • Distributed reports visibility
  • All reports visibility
  • Granting privileges to a section
  • Diagnostic/advanced views (properties); Section parameters view + Diagnostics application
  • Multitenancy (not affected by)
  • Remote dashboards
  • Module status
  • Notification bar

Configuration

  • Location configuration
  • BUC configuration
  • My profile
  • Alarms configuration
  • Business hours configuration
  • Maintenance access
  • Licenses

Diagnostics

  • Log
  • Configuration history
  • Export config

Role: Synthetic console user

A Synthetic console user can sign in to the Enterprise Synthetic Console and access all available console features there.

Role: Mobile application user

A Mobile application user can use the MobileAPM application for Guest-level access to reports assigned to that user.

DMI

  • Report execution
  • Report favorite

Role: Security administrator

A Security administrator can configure user accounts and multitenancy.

DMI

  • Report execution
  • Report favorite
  • Multitenancy (not affected by)
  • Notification bar

Configuration

  • User configuration screens
  • My profile
  • Multitenancy configuration

Role: Deployment administrator

A Deployment administrator can deploy probes/NAM Probes and configure farms.

DMI

  • Report execution
  • Report favorite
  • Multitenancy (not affected by)
  • Notification bar

Configuration

  • Probe/NAM Probe configuration
  • DPN configuration
  • Farm configuration
  • Data server configuration
  • My profile
  • Licenses

Diagnostics

  • Log
  • Configuration history

Role: Alarms administrator

An Alarms administrator can configure alarms.

DMI

  • Report execution
  • Report favorite
  • Multitenancy (not affected by)
  • Notification bar

Configuration

  • My profile
  • Alarms configuration

Diagnostics

  • Log
  • Configuration history

Role: Monitoring administrator

A Monitoring administrator can configure, import, and export business units.

DMI

  • Report execution
  • Report favorite
  • Multitenancy (not affected by)
  • Notification bar

Configuration

  • BUC configuration
  • My profile
  • Technical configuration (including software services)
  • Business hours configuration
  • Licenses
  • Operation sequences

Diagnostics

  • Log
  • Configuration history

Role: Maintenance and support administrator

A Maintenance and support administrator can import/export business units, run full diagnostics, and use reports.

DMI

  • Report execution
  • Report favorite
  • Report editing + favorites column
  • Report saving in own section, without preload, user/groups, email
  • Distributed reports visibility
  • Diagnostic/advanced views (properties); Section parameters view + Diagnostics application
  • Multitenancy (not affected by)
  • Remote dashboards
  • Module status
  • Notification bar

Configuration

  • BUC Import
  • BUC Export
  • My profile
  • userProperties, rtmproperties* Configuration
  • Maintenance access
  • Licenses

Diagnostics

  • SQL
  • Groovy
  • File config
  • Log
  • Configuration history
  • Patch
  • Diagnostic Console*
  • Rtmdebug
  • Export config

Role: User name access

A User name access user/administrator can hash and encrypt/decrypt user names.

DMI

  • Report execution
  • Report favorite

Configuration

  • My profile

Diagnostics

  • Hash and/or encrypt/decrypt user name function (delivered by NAM Probe)

Role: Public API user

A Public API user can access internal NAM Server/NAM Console read-only functionality and DMI read-only functionality.

DMI

  • REST API for DMI (read only)
  • Partner export
  • Multitenancy (not affected by)

Configuration

  • userProperties, rtmproperties* Configuration

Console REST API

  • ESM 2.0 public API
  • Version

Role: Locations administrator

A Locations administrator can configure sites, areas, regions, and UDLs, with access to the network reports workflow.

Role: System administrator without packet capture

A System administrator without packet capture has all privileges except packet capture and the ability to grant packet capture privileges.

The aim of this role is to enable full system administration while protecting client data. Assign this role to someone who should be able to deploy, configure, and manage the entire software suite, but who should not have access to captured data.

  • This role does not grant the ability to access captured data.
  • This role does not grant the ability to change role assignments that would enable anyone to access captured data.

Role: System administrator

A System administrator has all privileges, including packet capture and ability to grant packet capture privileges to others.

This person has complete access to system functionality, including everything the above roles can do, plus user management, LDAP, and database configuration.