Learn about Wavefront permissions.
Permissions allow administrators to control access to Wavefront feature sets. Administrators can manage permissions for groups or for users.
Every Wavefront user can perform certain tasks. However, you must have the appropriate permission to manage objects. If you do not have permission, UI menu selections and buttons required to perform management tasks are not visible.
Note: A service account must have permissions to perform tasks. To run queries, a service account must have Metrics permission. To manage dashboards and alerts, the service account might need both permissions and access.
The following list gives an overview of permissions. To learn more, click the link.
- Accounts, Groups & Roles - Users with Accounts, Groups & Roles permission can manage user and service accounts. They can create groups and add accounts to groups, create roles and assign permissions to those roles, and assign roles to groups.
- Alerts - Users with Alerts permission can create, edit, and delete alerts as well as maintenance windows, manage alert tags and view alert history, and create, edit, and delete alert targets.
Note: If the Security system preference is set to Creator, View access or View & Modify access to new alerts has to be granted explicitly.
- Batch Query Priority - When an account with Batch Query Priority permission runs queries, Wavefront treats every query executed by that account as if it was wrapped in the
- Dashboard - Users with Dashboard permission can create, manage, and delete all dashboards and charts and manage dashboard tags.
Note: If the Security system preference is set to Creator, View access or View & Modify access to new dashboards has to be granted explicitly.
- Direct Data Ingestion - An account with Direct Data Ingestion permission can directly ingest metrics using the Wavefront API or one of the Wavefront SDKs, bypassing the proxy. Grant Direct Data Ingestion permission only to users who have a deep understanding of APIs and the Wavefront ingestion path.
- Chart Embedding - Users with Chart Embedding permission can generate HTML snippets of Wavefront charts and embed a corresponding interactive chart outside of Wavefront. Embedded chart URLs are associated with a specific user account. If a user embeds a chart and later that user’s Wavefront account is removed, the embedded chart no longer works.
- Events - Users with Events permission can create, manage, and close user events and manage event tags.
- External Links - Users with External Links permission can create, update, and delete external links.
- Integration - Users with Integration permission can install and uninstall integration dashboards, alerts, etc.
- Metrics - Service accounts must have this permission to run queries. Only accounts with Metrics permission can manually hide and unhide metrics and metric prefixes. Only accounts with Metrics permission can create and modify Metrics Security Policy Rules.
- Proxies - Users with Proxies permission can view, create, and manage proxies and set up external integrations with AWS and other cloud services.
- Derived Metrics - Users with Derived Metrics permission can create and manage registered queries. Derived metrics support reingesting a query.
- Source Tags - Users with Source Tags permission can manage sources and source tags. If you don’t have Source Tags permission, source tags will be rejected with a 403 error.