Permission List¶

Guance supports setting permissions for custom roles within a workspace to meet the permission requirements of different users.

Note

Currently, only functional operation permissions within the workspace can be set.

Permission List¶

√: For default roles, it means supported for this permission; for custom roles, it means supported to grant this permission to the custom role.
×: For default roles, it means not supported for this permission; for custom roles, it means not supported to grant this permission to the custom role.

Features	Options	Owner	Administrator	Standard	Read-only	Custom Role
General	Default Access	√	√	√	√	√
	Explorer > Global Configuration Management	√	√	×	×	√
	Export Management	√	√	√	×	√
Workspace Management	API Key Management	√	√	×	×	×
	Token View	√	√	×	×	×
	Token Rotation	√	√	×	×	×
	Client Token Management	√	√	√	×	√
	Member Management View	√	√	√	×	√
	Invite Member	√	√	√	×	√
	Member Management	√	√	×	×	√
	Transfer Owner	√	×	×	×	×
	Settings Management	√	√	×	×	×
	Delete Workspace	√	×	×	×	×
	Data Storage Policy Management	√	×	×	×	×
	Workspace Status Management	√	×	×	×	×
Data Permission Management	Configuration Management	√	√	×	×	√
Sensitive Data Scanning	Configuration Management	√	√	×	×	√
Field Management	Field Configuration Management	√	√	√	×	√
Regular Expression	Regular Expression Configuration Management	√	√	×	×	√
Cloud Account Management	Account Management	√	√	×	×	×
	Integration Configuration Management	√	√	×	×	×
Global Tag	Global Tag Configuration Management	√	√	×	×	√
Share Management	Share Configuration Management	√	√	√	×	√
Snapshot	Create Snapshot	√	√	√	√	√
	Delete Snapshot	√	√	√	×	√
Billing	Billing Read-only Permission	√	√	×	×	√
	Billing Read-Write Permission	√	×	×	×	×
	Upgrade Permission	√	×	×	×	×
Scenarios	Dashboard, View View	√	√	√	√	√
	Dashboard Management	√	√	√	×	√
	View Management	√	√	√	×	√
	Note, Explorer Management	√	√	√	×	√
	Chart Configuration Management	√	√	√	×	√
	Scheduled Report View	√	√	√	×	√
	Scheduled Report Management	√	√	√	×	√
Event	Manual Recovery	√	√	√	×	√
	Event Data Query	√	√	√	√	√
Infrastructure	Infrastructure Configuration Management	√	√	×	×	√
	Infrastructure Data Query	√	√	√	√	√
Log	Log Index Management	√	√	×	×	√
	External Index Management	√	√	×	×	√
	Data Forwarding	√	√	×	×	√
	Log Data Query	√	√	√	√	√
Metrics	Metrics Description Management	√	√	√	×	√
	Metrics Data Query	√	√	√	√	√
APM	Associated Log Management	√	√	√	×	√
	APM Data Query	√	√	√	√	√
	Issue Auto Discovery	√	√	√	×	√
	Service Management	√	√	×	×	√
RUM	Application Configuration Management	√	√	√	×	√
	Trace Configuration Management	√	√	√	×	√
	RUM Data Query	√	√	√	√	√
	Session Replay View	√	√	√	√	√
	Issue Auto Discovery	√	√	√	×	√
LLM Monitoring	Application Configuration Management	√	√	√	×	√
	LLM Data Query	√	√	√	√	√
Synthetic Tests	Task Configuration Management	√	√	√	×	√
	Self-built Nodes Configuration Management	√	√	√	×	√
Monitoring	Monitor View	√	√	√	√	√
	Monitor Configuration Management	√	√	√	×	√
	External Event Reporting Management	√	√	×	×	×
	Intelligent Inspection Configuration Management	√	√	√	×	√
	SLO Configuration Management	√	√	√	×	√
	Mute Configuration Management	√	√	√	×	√
	Alert Strategy Configuration Management	√	√	√	×	√
	Notification Targets Configuration Management	√	√	×	×	√
Incident	Channel Management	√	√	√	×	√
	Channel Subscription	√	√	√	√	√
	Channel View	√	√	√	√	√
	Issue Management	√	√	√	×	√
	Issue View	√	√	√	√	√
	Reply Management	√	√	√	×	√
	Reply View	√	√	√	√	√
	Level Configuration	√	√	×	×	√
	Notification Strategy	√	√	√	×	√
	Schedule	√	√	√	×	√
	Issue Discovery	√	√	√	×	√
Pipelines	Pipelines Management	√	√	√	×	√
Blacklist	Blacklist Create, Edit	√	√	√	×	√
	Blacklist Enable, Disable	√	√	√	×	√
	Blacklist Delete	√	√	√	×	√
Generate Metrics	Generate Metrics Configuration Management	√	√	√	×	√
DCA	DCA Configuration Management	√	√	×	×	×
DataFlux Func (Automata)	Func Enable/Configuration	√	×	×	×	×
RUM (Automata)	RUM Enable/Configuration	√	×	×	×	×
	RUM Administrator	√	√	×	×	×
Cloud Bill	Cloud Bill Data Query	√	√	√	√	√
External Data Source	Data Source Configuration Management	√	√	×	×	√
	Data Source Query Permission	√	√	√	√	√
Environment Variable	Environment Variable Configuration Management	√	√	×	×	√
Operation Audit	Operation Audit View	√	√	√	√	√
Security Monitoring	CSPM Configuration Management	√	√	√	×	√
	SIEM Configuration Management	√	√	√	×	√

Permission Description Details¶

Includes specific descriptions for each permission list item.

Features	Options	Description
General	Default Access Permission	The default view and operation permissions users have after entering the workspace. Includes the following permission scope.
	Explorer > Global Configuration Management	Management of workspace-level default display quick filters and acceleration field configurations Management of log explorer formatting configurations
	Export Management	Management of data export permissions within the workspace. Includes the following scope: Explorer: Export CSV file, copy as cURL Metrics Management: Export CSV file Event Details Page: Export JSON, PDF
Workspace Management	API Key Management	Operations such as creating, viewing, and deleting API Keys
	Token View	Obtain the workspace's Token
	Token Rotation	Rotate the workspace's Token. Having this permission requires also having the "Token View" permission.
	Client Token Management	Create and delete Client Tokens
	Member Management View	Includes view (read-only) permissions for the following pages. Member Management, Member Details Page SSO Management, SAML Mapping
	Invite Member
	Member Management	Workspace member management and SSO management related operations, including Member group management (add, delete, modify) Member information management (delete, modify) Role management (create, delete, modify) Invitation records Batch modify permissions SSO Management - SSO Login (enable, disable, delete) - SAML Mapping (create, delete, modify, enable, disable) - Custom Mapping (create, delete, modify)
	Transfer Owner	Transfer the current workspace ownership to another member
	Settings Management	Edit operations on the workspace settings page, including the following permission scope.
	Delete Workspace	Delete the workspace, including operations such as unbinding a Commercial Plan workspace from the Billing Center account and workspace deletion. Delete entry when the workspace is locked.
	Data Storage Policy Management	Modify Measurement storage policy (Metrics Management page) Modify general storage policy (Management > Settings page)
	Workspace Status Management	Includes some operations when the workspace is locked. Unlock immediately
Data Permission Management	Configuration Management	Sensitive fields: Disable, enable, configure (add, delete) Data authorization: Configure (add, delete)
Sensitive Data Scanning	Configuration Management	Create, edit, enable, disable, delete
Field Management	Field Configuration Management	Create, edit, delete
Regular Expression	Regular Expression Configuration Management	Create, edit, clone, delete
Cloud Account Management	Account Management	Create, edit, delete
	Integration Configuration Management	Install, uninstall, modify configuration
Global Tag	Global Tag Configuration Management	Create, edit, delete
Share Management	Share Configuration Management	Share chart, unshare chart, share snapshot, unshare snapshot
Snapshot	Create Snapshot	Create snapshot. Includes: Scenarios: Dashboard, Note, Explorer Events: Unrecovered events, Events Infrastructure: Host, Container, Process, Network, Custom Logs: All logs, Pattern APM: Service, Summary, Trace, Incident, Profile RUM: View, Explorer, Trace Synthetic Tests: Summary, Explorer CI Visualization: Summary, Explorer
	Delete Snapshot	Delete snapshot (Read-only members can only delete snapshots created by their own account). Includes: Scenarios: Dashboard, Note, Explorer Events: Unrecovered events, Events Infrastructure: Host, Container, Process, Network, Custom Logs: All logs, Pattern APM: Service, Summary, Trace, Incident, Profile RUM: View, Explorer, Trace Synthetic Tests: Summary, Explorer CI Visualization: Summary, Explorer
Billing	Billing Read-only Permission	View current workspace usage statistics and billing costs Set high consumption alerts
	Billing Read-Write Permission	Includes viewing account balance, recharge, change payment method, change Billing Center account, jump to Billing Center. Only members with the Owner role of the current workspace can view and initiate related operations.
	Upgrade Permission	The entry point to initiate the process of upgrading from the Free Plan to the Commercial Plan. Only members with the Owner role of the current workspace can initiate it.
Scenarios	Dashboard, View View	Includes visibility of the dashboard and view modules; querying dashboards and views (viewing the dashboard list page and details page); setting refresh frequency; changing query time; view permission for carousels.
	Dashboard Management	Dashboard: Create, delete, modify (with this permission, the explorer supports exporting list data to dashboard), import, export, copy, save to built-in view; Carousel: Create, modify, delete
	View Management	Built-in View > System View: Export, clone Built-in View > User View: Create, delete, modify, export, clone
	Note, Explorer Management	Note: Create, delete, modify (with this permission, the explorer supports exporting list data to note), import, export (JSON/PDF) Explorer: Create, delete, modify, export, import, copy, add to menu
	Chart Configuration Management	View variables: Add, edit, delete Chart: Add, modify, combine, clone, delete Chart group: Add, modify, delete
	Scheduled Report View	View
	Scheduled Report Management	Create, edit, delete, enable/disable
Event	Manual Recovery	Includes manual recovery operations for unrecovered events
	Event Data Query	Query all event data within the workspace, including all data for events and unrecovered events.
Infrastructure	Infrastructure Configuration Management	Includes operations like editing host Label, editing object classification, adding object classification, adding tags, deleting objects, etc.
	Infrastructure Data Query	Query all infrastructure object-related data within the workspace, including host, container, K8s, process, Resource Catalog data and historical 48-hour data, as well as Layer 4 and Layer 7 network data reported to the workspace.
Log	Log Index Management	Read-write permission. Includes create, delete, modify, enable, disable, drag-and-drop operations.
	External Index Management	Read-write permission. Includes bind, delete operations.
	Data Forwarding	Read-write permission. Includes create, edit, delete, enable, disable operations.
	Log Data Query	Permission to query all log data within the current workspace, including Guance logs (L) default index, custom index, bound external index (ES, Opensearch, SLS standard logstore) data, and backup log (BL) data.
Metrics	Metrics Description Management	Edit and modify metric descriptions.
	Metrics Data Query	Query all metrics data within the current workspace.
APM	Associated Log Management	Edit log association field configurations.
	APM Data Query	Query all trace and Profile data within the current workspace.
	Issue Auto Discovery	Automatically discover and generate Incident Issues based on service, version, resource, and error type dimensions from error trace data.
	Service Management	Service List management and service custom filter field configuration.
RUM	Application Configuration Management	Create, modify, delete application.
	Trace Configuration Management	Create, modify, delete trace configuration.
	RUM Data Query	Query all RUM data within the current workspace, including `session`, `session replay`, `view`, `resource`, `error`, `long task`, `action` and other data.
	Session Replay View	View permission for all session replay data within the current workspace.
	Issue Auto Discovery	Automatically discover and generate Incident Issues based on application name, environment, version, and error type dimensions from error data.
LLM Monitoring	Application Configuration Management	Create, modify, delete application.
	LLM Data Query	Query all LLM data within the current workspace.
Synthetic Tests	Task Configuration Management	Create, delete, modify, enable, disable, test.
	Self-built Nodes Configuration Management	Create, modify, delete, get configuration.
Monitoring	Monitor View	View monitor list page and view monitor configuration details page.
	Monitor Configuration Management	Create, delete, test, modify, enable, disable, import, batch export, batch delete, edit alert configuration, create from template.
	External Event Reporting Management	View the Webhook address generated by the "External Event Detection" monitor.
	SLO Configuration Management	Create, delete, modify, enable, disable.
	Mute Configuration Management	Create, delete, modify, enable, disable. Monitoring > Mute Management Infrastructure > Host Details Page > Mute Host
	Alert Strategy Configuration Management	Create, delete, edit alert configuration.
	Notification Targets Configuration Management	Create, delete, modify.
Incident	Channel Management	Channel: Create, modify, delete Notification Targets: Add, modify
	Channel Subscription
	Channel View
	Issue Management	Create, modify, delete Issue; upload attachments.
	Issue View
	Reply Management
	Reply View
	Level Configuration	Default level: Enable, disable; Custom level: Create, edit, delete.
	Notification Strategy	Create, modify, delete.
	Schedule	Create, modify, delete.
	Issue Discovery	Create, modify, delete, enable, disable.
Pipelines	Pipelines Management	Read-write permission. Includes create, modify, delete, enable, disable, import, batch export, batch delete, clone from official library. Log > Pipelines Management > Pipelines
Blacklist	Blacklist Create, Edit	Includes create, modify, import, export. Log > Blacklist Management > Blacklist
	Blacklist Enable, Disable	Includes enable, disable. Log > Blacklist Management > Blacklist
	Blacklist Delete	Delete blacklist permission. Log > Blacklist Management > Blacklist
Generate Metrics	Generate Metrics Configuration Management	Includes create, modify, delete, enable, disable operations. Log > Generate Metrics APM > Generate Metrics RUM > Generate Metrics
DCA	DCA Configuration Management	DataKit restart, collector, Pipelines, blacklist creation, deletion, modification. Configure DCA address.
DataFlux Func (Automata)	Func Enable/Configuration	Enable application, modify domain/specification, upgrade version, reset password, disable application.
RUM (Automata)	RUM Enable/Configuration	Enable application, modify service address, specification, upgrade version, disable application.
	RUM Administrator Permission	View configuration information, modify service address, specification, version, status, configuration.
Cloud Bill	Cloud Bill Data Query
External Data Source	Data Source Configuration Management	Create, edit, delete operations.
	Data Source Query Permission	Query external data source.
Environment Variable	Environment Variable Configuration Management	Create, import, export, edit, delete.
Operation Audit	Operation Audit View	Operation audit data view permission.
Security Monitoring	CSPM Configuration Management	Create, delete, test, modify, enable, disable, import, batch export, batch delete, edit alert configuration.
	SIEM Configuration Management	Create, delete, modify, enable, disable, import, batch export, batch delete, edit alert configuration.

Default Access¶

Dashboard, Note, Explorer, Built-in View: Read-only permission
Dashboard Carousel: Read-only permission
Chart: Read-only permission, copy
Dashboard, Note, Explorer: Favorite
All Explorers: Read-only permission
All Explorer personal quick filters: Edit permission
All Explorer display columns: Configuration permission
Dashboard, Note, Explorer creator: Edit permission
APM > Service List: Read-only permission
RUM > Application Configuration: Read-only permission
RUM > Trace Configuration: Read-only permission
Synthetic Tests > Task Configuration: Read-only permission
Synthetic Tests > Self-built Nodes Configuration: Read-only permission
Monitor, Intelligent Inspection, SLO, Mute Management, Alert Strategy, Notification Targets Configuration: Read-only permission
Pipelines Configuration: User pipeline, official pipeline read-only permission
Blacklist Configuration: Read-only permission
Workspace Basic Information: Read-only permission
Member Management: Read-only permission
SSO Management: Read-only permission
Role Management: Read-only permission
Field Management: Read-only permission
Data Permission Management: Read-only permission
Regular Expression: Read-only permission
Share Management: Read-only permission
Snapshot: Read-only permission (View/Copy)
DQL Query Tool
Integration
Guance Assistant
Experience Demo Workspace
Ticket Management
Workspace Notes (Personal Account Level)
Beginner's Guide
Automatically pop up "Beginner's Guide"
Avatar > View Beginner's Guide
Log Data Access Configuration View: Read-only
Incident: Channel read-only, Issue read-only, Reply read-only, Notification Strategy read-only, Schedule read-only

Settings Management¶

Workspace Name Modification
Description Modification
Configuration Migration (Import, Export)
Advanced Settings
Add, Delete Key Metrics
Function Menu Management
Operation Audit View
IP Whitelist Settings
Data Deletion
Manual data deletion operations within the workspace, including
- Delete data from a specific Measurement
- Delete custom object
- Single custom object (Custom Object Details Page)
- All custom objects (Management > Settings > Risky Operations)
- Custom objects under a specific object classification (Management > Settings > Risky Operations)
- Enable approval to join

Permission List¶

Permission List¶

Permission Description Details¶

Default Access¶

Settings Management¶

Is this page helpful? ×