Permission List¶
Guance supports setting permissions for custom roles within a workspace to meet the access needs of different users.
Note
Currently, only permissions for functional operations within the workspace are supported.
Permission List¶
- √: For default roles, it means the role supports this permission; for custom roles, it means this permission can be granted to the custom role.
- ×: For default roles, it means the role does not support this permission; for custom roles, it means this permission cannot be granted to the custom role.
Features |
Permissions |
Owner | Administrator | Standard | Read-only | Custom Roles |
|---|---|---|---|---|---|---|
| General | Default Access | √ | √ | √ | √ | √ |
| Explorer > Global Configuration Management | √ | √ | × | × | √ | |
| Export Management | √ | √ | √ | × | √ | |
| Workspace Management | API Key Management | √ | √ | × | × | × |
| Token View | √ | √ | × | × | × | |
| Token Replacement | √ | √ | × | × | × | |
| Client Token Management | √ | √ | √ | × | √ | |
| Member Management View | √ | √ | √ | × | √ | |
| Invite Members | √ | √ | √ | × | √ | |
| Member Management | √ | √ | × | × | √ | |
| Transfer Ownership | √ | × | × | × | × | |
| Settings Management | √ | √ | × | × | × | |
| Delete Workspace | √ | × | × | × | × | |
| Data Storage Policy Management | √ | × | × | × | × | |
| Workspace Status Management | √ | × | × | × | × | |
| Data Permission Management | Configuration Management | √ | √ | × | × | √ |
| Sensitive Data Scanning | Configuration Management | √ | √ | × | × | √ |
| Field Management | Field Configuration Management | √ | √ | √ | × | √ |
| Regular Expressions | Regular Expression Configuration Management | √ | √ | × | × | √ |
| Cloud Account Management | Account Management | √ | √ | × | × | × |
| Integration Configuration Management | √ | √ | × | × | × | |
| Global Tags | Global Tag Configuration Management | √ | √ | × | × | √ |
| Sharing Management | Sharing Configuration Management | √ | √ | √ | × | √ |
| Snapshots | Create Snapshot | √ | √ | √ | √ | √ |
| Delete Snapshot | √ | √ | √ | × | √ | |
| Billing | Billing Read-only Permission | √ | √ | × | × | √ |
| Billing Read-Write Permission | √ | × | × | × | × | |
| Upgrade Permission | √ | × | × | × | × | |
| Scenarios | Dashboard, View View | √ | √ | √ | √ | √ |
| Dashboard Management | √ | √ | √ | × | √ | |
| Tag Permission Management | √ | √ | × | × | √ | |
| View Management | √ | √ | √ | × | √ | |
| Note, Explorer Management | √ | √ | √ | × | √ | |
| Chart Configuration Management | √ | √ | √ | × | √ | |
| Scheduled Report View | √ | √ | √ | × | √ | |
| Scheduled Report Management | √ | √ | √ | × | √ | |
| Events | Manual Recovery | √ | √ | √ | × | √ |
| Event Data Query | √ | √ | √ | √ | √ | |
| Infrastructure | Infrastructure Configuration Management | √ | √ | × | × | √ |
| Infrastructure Data Query | √ | √ | √ | √ | √ | |
| Logs | Log Index Management | √ | √ | × | × | √ |
| External Index Management | √ | √ | × | × | √ | |
| Data Forwarding | √ | √ | × | × | √ | |
| Log Data Query | √ | √ | √ | √ | √ | |
| Metrics | Metric Description Management | √ | √ | √ | × | √ |
| Metric Data Query | √ | √ | √ | √ | √ | |
| APM | Associated Log Management | √ | √ | √ | × | √ |
| APM Data Query | √ | √ | √ | √ | √ | |
| Issue Auto Discovery | √ | √ | √ | × | √ | |
| Service Management | √ | √ | × | × | √ | |
| RUM | Application Configuration Management | √ | √ | √ | × | √ |
| Trace Configuration Management | √ | √ | √ | × | √ | |
| RUM Data Query | √ | √ | √ | √ | √ | |
| Session Replay View | √ | √ | √ | √ | √ | |
| Issue Auto Discovery | √ | √ | √ | × | √ | |
| LLM Monitoring | Application Configuration Management | √ | √ | √ | × | √ |
| LLM Data Query | √ | √ | √ | √ | √ | |
| Synthetic Tests | Task Configuration Management | √ | √ | √ | × | √ |
| Self-built Nodes Configuration Management | √ | √ | √ | × | √ | |
| Monitoring | Monitor View | √ | √ | √ | √ | √ |
| Monitor Configuration Management | √ | √ | √ | × | √ | |
| External Event Reporting Management | √ | √ | × | × | × | |
| Intelligent Inspection Configuration Management | √ | √ | √ | × | √ | |
| SLO Configuration Management | √ | √ | √ | × | √ | |
| Mute Configuration Management | √ | √ | √ | × | √ | |
| Alert Strategies Configuration Management | √ | √ | √ | × | √ | |
| Notification Targets Configuration Management | √ | √ | × | × | √ | |
| Incident | Channel Management | √ | √ | √ | × | √ |
| Channel Subscription | √ | √ | √ | √ | √ | |
| Channel View | √ | √ | √ | √ | √ | |
| Issue Management | √ | √ | √ | × | √ | |
| Issue View | √ | √ | √ | √ | √ | |
| Reply Management | √ | √ | √ | × | √ | |
| Reply View | √ | √ | √ | √ | √ | |
| Level Configuration | √ | √ | × | × | √ | |
| Notification Strategies | √ | √ | √ | × | √ | |
| Schedules | √ | √ | √ | × | √ | |
| Issue Discovery | √ | √ | √ | × | √ | |
| Pipelines | Pipelines Management | √ | √ | √ | × | √ |
| Blacklist | Blacklist Create, Edit | √ | √ | √ | × | √ |
| Blacklist Enable, Disable | √ | √ | √ | × | √ | |
| Blacklist Delete | √ | √ | √ | × | √ | |
| Generate Metrics | Generate Metrics Configuration Management | √ | √ | √ | × | √ |
| DCA | DCA Configuration Management | √ | √ | × | × | × |
| DataFlux Func (Automata) | Func Open/Configuration | √ | × | × | × | × |
| RUM (Automata) | RUM Open/Configuration | √ | × | × | × | × |
| RUM Administrator | √ | √ | × | × | × | |
| Cloud Bill | Cloud Bill Data Query | √ | √ | √ | √ | √ |
| External Data Sources | Data Source Configuration Management | √ | √ | × | × | √ |
| Data Source Query Permission | √ | √ | √ | √ | √ | |
| Environment Variables | Environment Variable Configuration Management | √ | √ | × | × | √ |
| Operation Audit | Operation Audit View | √ | √ | √ | √ | √ |
| Security Monitoring | CSPM Configuration Management | √ | √ | √ | × | √ |
| SIEM Configuration Management | √ | √ | √ | × | √ | |
| Fault Center | Fault View | √ | √ | √ | √ | √ |
| Fault Management | √ | √ | √ | × | √ | |
| Fault Collaboration | √ | √ | √ | × | √ | |
| Fault Level Management | √ | √ | × | × | √ | |
| On-Duty Management | √ | √ | √ | × | √ | |
| Error Center | Error View | √ | √ | √ | √ | √ |
| Error Management | √ | √ | √ | × | √ | |
| Error Collaboration | √ | √ | √ | × | √ | |
| Error Delivery Rule Management | √ | √ | × | × | √ | |
| Error Delivery Rule View | √ | √ | √ | × | √ |
Permission Details¶
Contains specific descriptions for each item in the permission list.
Features |
Permissions |
Description |
|---|---|---|
| General | Default Access Permission | The default view and operation permissions a user has upon entering the workspace. Includes the following scope of permissions |
| Explorer > Global Configuration Management | ||
| Export Management | Management of data export permissions within the workspace. Includes the following scope: |
|
| Workspace Management | API Key Management | Operations such as creating, viewing, and deleting API Keys |
| Token View | Obtain the workspace's Token | |
| Token Replacement | Replace the workspace's Token. Having this permission requires also having the "Token View" permission. | |
| Client Token Management | Create, delete Client Tokens | |
| Member Management View | Includes view (read-only) permissions for the following pages. |
|
| Invite Members | ||
| Member Management | Workspace member management, SSO management related operations, including - SSO Login (enable, disable, delete) - SAML Mapping (create, delete, modify, enable, disable) - Custom Mapping (create, delete, modify) |
|
| Transfer Ownership | Transfer the current workspace ownership to another member | |
| Settings Management | Edit operations on the workspace settings page, including the following scope of permissions | |
| Delete Workspace | Delete the workspace, including operations such as unbinding a Commercial Plan workspace from the Billing Center account and deleting the workspace. |
|
| Data Storage Policy Management | ||
| Workspace Status Management | Includes some operations when the workspace is locked. |
|
| Data Permission Management | Configuration Management | |
| Sensitive Data Scanning | Configuration Management | Create, edit, enable, disable, delete |
| Field Management | Field Configuration Management | Create, edit, delete |
| Regular Expressions | Regular Expression Configuration Management | Create, edit, clone, delete |
| Cloud Account Management | Account Management | Create, edit, delete |
| Integration Configuration Management | Install, uninstall, modify configuration | |
| Global Tags | Global Tag Configuration Management | Create, edit, delete |
| Sharing Management | Sharing Configuration Management | Chart sharing, chart unsharing, snapshot sharing, snapshot unsharing |
| Snapshots | Create Snapshot | Create snapshot. Includes |
| Delete Snapshot | Delete snapshot (Read-only members can only delete snapshots created by their own account). Includes |
|
| Billing | Billing Read-only Permission | |
| Billing Read-Write Permission | Includes viewing account balance, recharge, change payment method, change Billing Center account, jump to Billing Center. Only members with the current workspace Owner role can view and initiate related operations. | |
| Upgrade Permission | Entry point to initiate the process of upgrading from the Free Plan to the Commercial Plan. Only members with the current workspace Owner role can initiate this. | |
| Scenarios | Dashboard, View View | Includes visibility of the dashboard and view modules, querying dashboards and views (viewing the dashboard list page and details page), setting refresh frequency, changing query time; view permission for slideshows. |
| Dashboard Management | ||
| Tag Permission Management | Management of dashboard tag permissions: add, edit, delete tags | |
| View Management | ||
| Note, Explorer Management | ||
| Chart Configuration Management | ||
| Scheduled Report View | View | |
| Scheduled Report Management | Create, edit, delete, enable/disable | |
| Events | Manual Recovery | Includes manual recovery operations for unrecovered events |
| Event Data Query | Query all event data within the workspace, including all data for events and unrecovered events | |
| Infrastructure | Infrastructure Configuration Management | Includes operations such as editing host Labels, editing object classification, adding object classification, adding tags, deleting objects, etc. |
| Infrastructure Data Query | Query all infrastructure object-related data within the workspace, including host, container, K8s, process, Resource Catalog data and historical 48-hour data, as well as Layer 4 and Layer 7 network data reported to the workspace. | |
| Logs | Log Index Management | Read-write permission. Includes create, delete, modify, enable, disable, drag-and-drop operations |
| External Index Management | Read-write permission. Includes bind, delete operations | |
| Data Forwarding | Read-write permission. Includes create, edit, delete, enable, disable operations | |
| Log Data Query | Permission to query all log data within the current workspace, including Guance logs (L) default index, custom indexes, bound external indexes (ES, Opensearch, SLS standard logstore) data, and backup log (BL) data. | |
| Metrics | Metric Description Management | Edit and modify metric descriptions |
| Metric Data Query | Query all metric data within the current workspace | |
| APM | Associated Log Management | Edit log association field configuration |
| APM Data Query | Query all trace and Profile data within the current workspace | |
| Issue Auto Discovery | Error tracking data automatically discovers and generates Incident Issues based on service, version, resource, and error type dimensions. | |
| Service Management | Service List management, service custom filter field configuration | |
| RUM | Application Configuration Management | Create, modify, delete application |
| Trace Configuration Management | Create, modify, delete trace configuration | |
| RUM Data Query | Query all user access data within the current workspace, including session, session replay, view, resource, error, long task, action and other data. |
|
| Session Replay View | View permission for all session replay data within the current workspace. | |
| Issue Auto Discovery | Error data automatically discovers and generates Incident Issues based on application name, environment, version, and error type dimensions. | |
| LLM Monitoring | Application Configuration Management | Create, modify, delete application. |
| LLM Data Query | Query all LLM data within the current workspace. | |
| Synthetic Tests | Task Configuration Management | Create, delete, modify, enable, disable, test |
| Self-built Nodes Configuration Management | Create, modify, delete, get configuration | |
| Monitoring | Monitor View | View monitor list page and view monitor configuration details page. |
| Monitor Configuration Management | Create, delete, test, modify, enable, disable, import, batch export, batch delete, edit alert configuration, create from template. | |
| External Event Reporting Management | View the Webhook address generated by the "External Event Detection" monitor. | |
| SLO Configuration Management | Create, delete, modify, enable, disable | |
| Mute Configuration Management | Create, delete, modify, enable, disable |
|
| Alert Strategies Configuration Management | Create, delete, edit alert configuration | |
| Notification Targets Configuration Management | Create, delete, modify | |
| Incident | Channel Management | |
| Channel Subscription | ||
| Channel View | ||
| Issue Management | Create, modify, delete Issue; upload attachments. | |
| Issue View | ||
| Reply Management | ||
| Reply View | ||
| Level Configuration | ||
| Notification Strategies | Create, modify, delete. | |
| Schedules | Create, modify, delete. | |
| Issue Discovery | Create, modify, delete, enable, disable. | |
| Pipelines | Pipelines Management | Read-write permission. Includes create, modify, delete, enable, disable, import, batch export, batch delete, clone from official library. |
| Blacklist | Blacklist Create, Edit | Includes create, modify, import, export. |
| Blacklist Enable, Disable | Includes enable, disable. |
|
| Blacklist Delete | Delete blacklist permission. |
|
| Generate Metrics | Generate Metrics Configuration Management | Includes create, modify, delete, enable, disable operations. |
| DCA | DCA Configuration Management | |
| DataFlux Func (Automata) | Func Open/Configuration | Open application, modify domain/specification, upgrade version, reset password, disable application. |
| RUM (Automata) | RUM Open/Configuration | Open application, modify service address, specification, upgrade version, disable application. |
| RUM Administrator Permission | View configuration information, modify service address, specification, version, status, configuration. | |
| Cloud Bill | Cloud Bill Data Query | |
| External Data Sources | Data Source Configuration Management | Create, edit, delete operations. |
| Data Source Query Permission | Query external data sources. | |
| Environment Variables | Environment Variable Configuration Management | Create, import, export, edit, delete. |
| Operation Audit | Operation Audit View | Operation audit data view permission. |
| Security Monitoring | CSPM Configuration Management | Create, delete, test, modify, enable, disable, import, batch export, batch delete, edit alert configuration. |
| SIEM Configuration Management | Create, delete, modify, enable, disable, import, batch export, batch delete, edit alert configuration. | |
| Fault Center | Fault View | Fault view permission. |
| Fault Management | Fault level change, claim, comment, attachment upload. | |
| Fault Collaboration | Fault comment, attachment upload. | |
| Fault Level Management | ||
| On-Duty Management | Create on-duty, modify on-duty, delete on-duty. | |
| Error Center | Error View | View error list, error details, error distribution, associated context information. |
| Error Management | Error status change, claim, assign responsible person, comment, attachment upload. | |
| Error Collaboration | Error comment, attachment upload. | |
| Error Delivery Rule Management | Create, modify, delete error delivery rules. | |
| Error Delivery Rule View | View error delivery rules and their configuration scope. |
Default Access¶
- Dashboard, Note, Explorer, Built-in Views: Read-only permission
- Dashboard Slideshow: Read-only permission
- Charts: Read-only permission, copy
- Dashboard, Note, Explorer: Favorite
- All Explorers: Read-only permission
- All Explorer personal quick filters: Edit permission
- All Explorer display columns: Configuration permission
- Dashboard, Note, Explorer creator: Edit permission
- APM > Service List: Read-only permission
- RUM > Application Configuration: Read-only permission
- RUM > Trace Configuration: Read-only permission
- Synthetic Tests > Task Configuration: Read-only permission
- Synthetic Tests > Self-built Nodes Configuration: Read-only permission
- Monitor, Intelligent Inspection, SLO, Mute Management, Alert Strategies, Notification Targets Configuration: Read-only permission
- Pipelines Configuration: User pipeline, official pipeline read-only permission
- Blacklist Configuration: Read-only permission
- Workspace Basic Information: Read-only permission
- Member Management: Read-only permission
- SSO Management: Read-only permission
- Role Management: Read-only permission
- Field Management: Read-only permission
- Data Permission Management: Read-only permission
- Regular Expressions: Read-only permission
- Sharing Management: Read-only permission
- Snapshots: Read-only permission (view/copy)
- DQL Query Tool
- Integration
- Guance Assistant
- Experience Demo Workspace
- Ticket Management
- Workspace Notes (personal account level)
- Beginner's Guide
- Automatically pop up "Beginner's Guide"
- Avatar > View Beginner's Guide
- Log Data Access Configuration View: Read-only
- Incident: Channel read-only, Issue read-only, Reply read-only, Notification Strategies read-only, Schedules read-only
Settings Management¶
- Workspace name modification
- Description modification
- Configuration migration (import, export)
- Advanced Settings
- Add, delete key metrics
- Function menu management
- Operation Audit view
- IP whitelist settings
- Data deletion
-
Manual data deletion operations within the workspace, including
- Delete data for a specific Measurement
- Delete custom object
- Single custom object (Custom Object Details page)
- All custom objects (Management > Settings > Risky Operations)
- Custom objects under a specific object classification (Management > Settings > Risky Operations)
- Enable approval to join