As your development and operations teams grow in size and complexity, it becomes ever more critical to give each team member only the least required permissions they need to do their job. You want to make sure everyone can perform their functions with ease, but to avoid security and governance problems, they should not be able to access anything beyond their role. For instance, a mobile developer should be able to make any needed changes to their mobile app but should not have permission to make changes to other products.
This can be achieved in several ways, and New Relic has long provided this kind of role-based access control (RBAC) via built-in base roles (Admin, User, and Restricted User). But today we are very excited to announce that we are extending the RBAC capabilities in our platform with the introduction of easy-to-use, fine-grained access-control permissions via two new types of add-on roles: custom and managed by New Relic.
Easily add admin capabilities per New Relic product
With managed add-on roles you can add Admin capability per New Relic product to the built-in base roles. So now you can grant a particular user Admin access for only a given product and restricted access for other products. For instance, if you have iOS/Android developers on your team, you can make them Admins only for New Relic Mobile and restricted users for other New Relic products. To make it easy to be aware of the exact permissions granted with your selection of base and add-on roles, we added a capabilities preview to the New Relic user interface. The capabilities preview automatically updates to show you the permissions granted for each product with the managed add-on roles and base role you select.
Managed add-on roles are maintained by New Relic and contain all of the necessary capabilities to execute any action inside each of the products in the New Relic Digital Intelligence Platform. In addition, these managed add-on roles are designed to be automatically upgraded when we deliver new product functionality.
Create custom roles based on your needs
These managed add-on roles are built to provide Admin capabilities for individual New Relic products, but we know that some customers want even more fine-grained access-control capabilities. For instance, some customers may want to give their users full autonomy to use New Relic APM, except for the ability to delete deployed applications (that capability should often be limited to the smallest number of people possible). With custom add-on roles, you can tailor access to view, modify, or delete capabilities for specific features in each product. Once you have created a custom role (with specific view, modify, or delete capabilities), you can add that custom role to the base role and provide fine-grain access. Throughout the process, the new RBAC preview capabilities view shows you exactly which capabilities are granted with the given combination of base and add-on roles.
RBAC extensions are ready to use
Starting today, both custom and managed add-on roles are available for all New Relic customers. This is a great opportunity to log into your users and roles settings and start tightening your users’ access privileges to meet your organization’s particular needs. To learn more about the new add-on roles, please refer to our documentation and join the discussion on the New Relic community site.
For a longer RBAC tutorial, check out the video below:
Going forward, we plan to add even more access control capabilities. You can find out more about our upcoming projects at FutureStack17: New York, September 13-14. Register today before the event sells out!
Note: Event dates, speakers, and schedules are subject to change without notice.
The views expressed on this blog are those of the author and do not necessarily reflect the views of New Relic. Any solutions offered by the author are environment-specific and not part of the commercial solutions or support offered by New Relic. Please join us exclusively at the Explorers Hub (discuss.newrelic.com) for questions and support related to this blog post. This blog may contain links to content on third-party sites. By providing such links, New Relic does not adopt, guarantee, approve or endorse the information, views or products available on such sites.