Permissions Reference | VMware Aria Operations for Applications Documentation

Learn about the permissions in the service.

Permissions allow access control for the feature sets in VMware Aria Operations for Applications (formerly known as Tanzu Observability by Wavefront). Super Admin users and users with the Accounts permission can manage permissions for groups and accounts.

Note: Every user can perform certain tasks. However, you must have the appropriate permission to manage objects. If you do not have permission, UI menu selections and buttons required to perform management tasks are not visible.

Note: A service account must have permissions to perform tasks. To run queries, a service account must have Metrics permission. To manage dashboards and alerts, the service account might need both permissions and access.

The following list gives an overview of permissions. To learn more, click the link.

API Tokens

A user with the API Tokens permission can generate API tokens for their user account. Service accounts cannot have this permission because only users with the Accounts permission can generate API tokens for service accounts.
Accounts

Users with the Accounts permission can manage user and service accounts. They can create groups and add accounts to groups, create roles and assign permissions to those roles, and assign roles to groups. They can generate API tokens for service accounts and manage the API tokens of all user and service accounts.
Alerts

Users with the Alerts permission can create, edit, and delete alerts as well as maintenance windows, manage alert tags and view alert history, and create, edit, and delete alert targets.

Note: If the Security organization setting is set to Object Creator, View access or View & Modify access to new alerts has to be granted explicitly.
Applications

Users with the Applications permission, can update the threshold (T) of the Application Performance Index (Apdex) score and create sampling policies.
Batch Query Priority

When an account with the Batch Query Priority permission runs queries, Operations for Applications treats every query executed by that account as if it was wrapped in the bestEffort() function.
Chart Embedding

Users with the Chart Embedding permission can generate HTML snippets of charts in Operations for Applications and embed a corresponding interactive chart outside of Operations for Applications. Embedded chart URLs are associated with a specific user account. If a user embeds a chart and later that user’s account is removed, the embedded chart no longer works.
Dashboards

Users with the Dashboards permission can create, manage, and delete all dashboards and charts and manage dashboard tags.

Note: If the Security organization setting is set to Object Creator, View access or View & Modify access to new dashboards has to be granted explicitly.
Derived Metrics

Users with the Derived Metrics permission can create and manage registered queries. Derived metrics support reingesting a query.
Direct Data Ingestion

An account with the Direct Data Ingestion permission can directly ingest metrics using the REST API or one of the SDKs, bypassing the proxy. Grant this permission only to users who have a deep understanding of APIs and the Operations for Applications ingestion path.
Events

Users with the Events permission can create, manage, and close user events and manage event tags.
External Links

Users with the External Links permission can create, update, and delete external links.
Ingestion Policies

Users with the Ingestion Policies permission can create, edit, and delete ingestion policies.
Integrations

Users with the Integrations permission can install and uninstall integration dashboards, alerts, etc.
Logs

Important: Logs is enabled only for selected customers. To participate, contact your Operations for Applications account representative.

Users with the Logs permission can view the Logs Browser and drill into logs from charts, alerts, and traces.
Metrics

Service accounts must have this permission to run queries. Only accounts with the Metrics permission can manually hide and unhide metrics and metric prefixes. Only accounts with the Metrics permission can create and modify Metrics Security Policy Rules.
Proxies

Users with the Proxies permission can view, create, and manage proxies and set up external integrations with AWS and other cloud services.
SAML IdP Admin

Users with this permission can set up and configure SAML SSO.
Source Tags

Users with the Source Tags permission can manage sources and source tags. If you don’t have the Source Tags permission, source tags will be rejected with a 403 error.