Account Management > User Management and RBAC > Roles
Roles refer to a collection of users who are granted specific permissions. It is to be noted that permissions are assigned to Roles and not to individual users.
On the Roles listing page, users with appropriate permissions can create, edit, delete, and modify the permissions of Roles.
💡Note:
This will open a modal where you can enter a Role Name and select a list of users that you want to add to this group.
Also, the user role-specific homepage can be set here under Select HomePage. A specific dashboard can be set as the default landing page for this particular user role for the web app as well as for the mobile app.
Additionally, you can set the Data Access Policy to provide granular data access controls for user roles. The details on the Data Access Policy are discussed here in detail. Alternatively, you can link users to Roles from the Edit Role section. Once you have entered all the required information, click on the Save button to create the new Role.💡Note:
In vuSmartMaps, administrators now have the ability to control password change permissions for end users, ensuring tighter security measures and compliance within the platform. This user guide section outlines how to utilize this feature effectively.
Enabling Password Change Permissions:
In user management, you can set a specific homepage for each user role. This means that when a user with a specific role, logs in, they will be directed to a personalized dashboard that suits their role. You can choose a different dashboard for the web app and the mobile app if desired.
To delete specific Role(s), follow these steps in the User Management module:
User-Specific Views in vuSmartMaps ensure that users accessing the same dashboards can view data according to the policies configured for their respective roles. User-specific views are designed to provide a personalized and secure data experience tailored to individual roles within your organization. User-specific views will be applied based on the Role for Data store access control field set for the user.
User-specific views address the need for common dashboards to offer customized data displays based on user roles and their associated policies. By configuring data access policies for user roles, you can control and restrict the data visible to users, ensuring they only see information relevant to their roles and responsibilities.
To achieve this, User-Specific Views operate on two main data access policies:
There are four options under Data Set Policy, allowing administrators to finely control data access:
Category |
Table Name Prefix |
Traces |
vtraces |
RUM |
vrum |
Logs |
vlogs |
Metrics |
vmetrics |
Events |
vevents |
Transactions |
vtrans |
In addition to Data Set Policies, administrators can define access permissions at the record level through record-level policies. This feature allows for more granular control, permitting administrators to set specific access rules based on column values for tables within a data category.
Now, let’s delve into the detailed configuration and usage of User-Specific Views to optimize your dashboard experience based on roles and policies.
While creating a new role, you need to select Data Set Policy from the following 4 options:
Administrators possess the authority to grant access to the entire observability dataset for specific roles, providing meticulous control over data permissions. This facilitates precise management of observability data access in alignment with distinct roles and responsibilities, allowing seamless data access with a single click.
Example:
Consider a scenario where a user is assigned a role configured with the “Allow Access to all Observability Data” policy in the Data Access settings.
In this case, the user mapped to this role will have unrestricted access to all observability data. The resulting dashboard will display the complete dataset, showcasing the comprehensive access granted to the user based on the specified data policy.
With the “Allow access” policy, users can meticulously choose data categories and grant access to specific datasets, fostering a streamlined approach to viewing tailored data while adhering to organizational data compliance.
Users have the flexibility to select desired datasets within predefined categories such as Traces, RUM, Logs, Metrics, Events, and Transactions, or even opt for a custom dataset.
In the case of a “Custom” category selection, users can create a custom category with a designated name and choose specific tables for access.
Example:
Imagine a user assigned a role configured with the “Allow access to specific Data Sets” policy, within the “custom” data category, allowing access to the particular log table.
In this scenario, when the user accesses the Log Analytics module, the system will list only the log tables the user can view. While other log tables outside the user’s access scope will be excluded. This ensures secure and compliant access, allowing the user to view only the relevant log data as per the configured policy.
By adopting the “Deny access” policy, users can define access restrictions, enhancing security measures through a user-friendly interface within vuSmartMaps.
Upon selecting the policy, users are empowered to choose one or more data categories for denial, ensuring a tailored approach to access control. For instance, an administrator aiming to limit data access for a specific role in the APM data category can seamlessly select the APM category under the “Deny Access to specific data category” policy.
In cases where a “Custom” category is chosen, users are provided the flexibility to create a custom category with a designated name and specify tables to be denied access. vuSmartMaps diligently enforces these access restrictions, actively preventing users associated with the configured role from accessing the restricted datasets.
Example:
Consider a role configured with the “Deny access to specific Data Sets” policy, denying access to data categories such as transactions, traces, rum, events, and custom.
For a user linked to this role, the dashboard will display visible data only for permitted datasets, exemplifying the effective implementation of access restrictions based on the configured policy.
In vuSmartMaps, administrators can establish access controls at the granular level of individual records within a specific data category. This level of precision empowers administrators to define access policies tailored to their organization’s requirements.
Administrators can initiate the creation of a new access policy by clicking on the + Add Policy button, and selecting the option that leads to policy definition.
Example:
Consider a scenario where the role denies access to the “rum” data category. Record level policies are then configured to allow access for “span id 112” in “rum,” restrict access for “appname UPI” in “transactions,” and allow access for “span attribute location chennai” in “traces”.
For the user associated with this role, the resulting dashboard reflects visible and hidden data as per the defined dataset and record-level policies.
Browse through our resources to learn how you can accelerate digital transformation within your organisation.
VuNet’s Business-Centric Observability platform, vuSmartMaps™ seamlessly links IT performance to business metrics and business journey performance. It empowers SRE and IT Ops teams to improve service success rates and transaction response times, while simultaneously providing business teams with critical, real-time insights. This enables faster incident detection and response.