Skip to content

Permission List¶

Guance supports setting permissions for custom roles within the workspace to meet different user permission requirements.

Note: Currently, only functional operation permissions within the workspace can be set.

Permission List¶

√: Default role indicates support for this permission; custom role indicates support for granting this permission to custom roles;
×: Default role indicates no support for this permission; custom role indicates no support for granting this permission to custom roles.

Feature Module	Operation Permissions	Owner	Administrator	Standard	Read-only	Custom Role
General	Default Access Permissions	√	√	√	√	√
	Explorer - Shortcut Management	√	√	×	×	√
	Export Management	√	√	√	×	√
Workspace Management	API Key Management	√	√	×	×	×
	Token View	√	√	×	×	×
	Token Replacement	√	√	×	×	×
	Client Token Management	√	√	√	×	√
	Member Management View	√	√	√	×	√
	Invite Members	√	√	√	×	√
	Member Management	√	√	×	×	√
	Transfer Ownership	√	×	×	×	×
	Settings Management	√	√	×	×	×
	Dissolve Workspace	√	×	×	×	×
	Data Storage Policy Management	√	×	×	×	×
	Workspace Status Management	√	×	×	×	×
Data Permission Management	Configuration Management	√	√	×	×	√
Sensitive Data Scan	Configuration Management	√	√	×	×	√
Field Management	Field Configuration Management	√	√	√	×	√
Regular Expression	Regular Expression Configuration Management	√	√	×	×	√
Cloud Account Management	Account Management	√	√	×	×	×
	Integration Configuration Management	√	√	×	×	×
Global Tags	Global Tag Configuration Management	√	√	×	×	√
Share Management	Share Configuration Management	√	√	√	×	√
Snapshot	Create Snapshot	√	√	√	√	√
	Delete Snapshot	√	√	√	×	√
Billing	Billing Read-Only Permissions	√	√	×	×	√
	Billing Read/Write Permissions	√	×	×	×	×
	Upgrade Permissions	√	×	×	×	×
Scene	Scene Configuration Management	√	√	√	×	√
	Chart Configuration Management	√	√	√	×	√
	Service List Management	√	√	√	×	√
Incident	Manual Recovery	√	√	√	×	√
	Event Data Query	√	√	√	√	√
Infrastructure	Infrastructure Configuration Management	√	√	×	×	√
	Infrastructure Data Query	√	√	√	√	√
Log	Log Index Management	√	√	×	×	√
	External Index Management	√	√	×	×	√
	Data Forwarding	√	√	×	×	√
	Log Data Query	√	√	√	√	√
Metrics	Metric Description Management	√	√	√	×	√
	Metric Data Query	√	√	√	√	√
APM	Associated Log Management	√	√	√	×	√
	APM Data Query	√	√	√	√	√
	Issue Auto Discovery	√	√	√	×	√
RUM	Application Configuration Management	√	√	√	×	√
	Trace Configuration Management	√	√	√	×	√
	RUM Data Query	√	√	√	√	√
	Session Replay View	√	√	√	√	√
	Issue Auto Discovery	√	√	√	×	√
Synthetic Tests	Task Configuration Management	√	√	√	×	√
	User-defined Node Configuration Management	√	√	√	×	√
Security Check	Security Check Data Query	√	√	√	√	√
Monitoring	Monitor Configuration Management	√	√	√	×	√
	External Event Reporting Management	√	√	×	×	×
	Smart Inspection Configuration Management	√	√	√	×	√
	SLO Configuration Management	√	√	√	×	√
	Mute Configuration Management	√	√	√	×	√
	Alert Strategies Configuration Management	√	√	√	×	√
	Notification Targets Configuration Management	√	√	×	×	√
Incident	Channel Management	√	√	√	×	√
	Channel Subscription	√	√	√	√	√
	Channel View	√	√	√	√	√
	Issue Management	√	√	√	×	√
	Issue View	√	√	√	√	√
	Reply Management	√	√	√	×	√
	Reply View	√	√	√	√	√
	Level Configuration	√	√	×	×	√
	Notification Policies	√	√	√	×	√
	Schedule	√	√	√	×	√
	Issue Discovery	√	√	√	×	√
Pipelines	Pipelines Management	√	√	√	×	√
Blacklist	Blacklist Management	√	√	√	×	√
Generated Metrics	Generated Metrics Configuration Management	√	√	√	×	√
DCA	DCA Configuration Management	√	√	×	×	×
DataFlux Func (Automata)	Func Enable/Configuration	√	×	×	×	×
RUM (Automata)	RUM Enable/Configuration	√	×	×	×	×
	RUM Admin	√	√	×	×	×
Cloud Billing	Cloud Billing Data Query	√	√	√	√	√
External Data Sources	Data Source Configuration Management	√	√	×	×	√
	Data Source Query Permissions	√	√	√	√	√
Environment Variables	Environment Variable Configuration Management	√	√	×	×	√
Audit Logs	Audit Logs View	√	√	√	√	√

Detailed Permission Descriptions¶

You can understand the specific descriptions of the permission list through the following table:

Feature Module	Operation Permissions	Description
General	Default Access Permissions	View and edit Guance components without explicit permission definitions, including Dashboard, Notes, Explorer, Built-in Views: read-only permission Carousel Dashboard: read-only permission Charts: read-only permission, copy Dashboard, Notes, Explorer: favorite All personal-level shortcuts in Explorer: edit permission Display columns in all Explorers: configuration permission Creator of Dashboard, Notes, Explorer: edit permission APM > Service List: read-only permission RUM > Application Configuration: read-only permission RUM > Trace Configuration: read-only permission Synthetic Tests > Task Configuration: read-only permission Synthetic Tests > User-defined Node Configuration: read-only permission Monitors, Smart Inspections, SLOs, Mute Management, Alert Strategies, Notification Targets Configuration: read-only permission Pipelines Configuration: user pipeline, official pipeline read-only permission Blacklist Configuration: read-only permission Basic Workspace Information: read-only permission Role Management: read-only permission Field Management: read-only permission Data Permission Management: read-only permission Regular Expression: read-only permission Share Management: read-only permission Snapshot: read-only permission (view/copy) DQL Query Tool Integration Assistant Demo Workspace Ticket Management Workspace Notes (personal account level) New User Guide - Automatically pop up [New User Guide] - Avatar > View New User Guide Log Data Access Configuration View: read-only Incident: read-only channels, Issues, replies, notification policies, schedules
	Explorer > Shortcut Management	Default display shortcut options management at the workspace level Log Explorer column configuration management
	Export Management	Includes: Explorer: export CSV file, copy as cURL Metric Management: export CSV file Event Detail Page: export JSON, PDF
Workspace Management	API Key Management	Operations such as creating, viewing, deleting API Keys.
	Token View	Obtain the workspace's Token
	Token Replacement	Replace the workspace's Token; must also have "Token View" permission
	Client Token Management	Operations such as creating, deleting Client Tokens
	Member Management View	View permissions for the following pages (read-only). Member Management, Member Details Page SSO Management, SAML Mapping
	Invite Members
	Member Management	Operations related to workspace member management, SSO management, including Team Management (add, delete, modify) Member Information Management (delete, modify) Role Management (create, delete, modify) Invitation Records Batch Modify Permissions SSO Management - SSO Login (enable, disable, delete) - SAML Mapping (create, delete, modify, enable, disable) - Custom Mapping (create, delete, modify)
	Transfer Ownership	Transfer the current workspace ownership to another member
	Settings Management	Editing operations on the workspace settings page, including Modify workspace name Modify description Configuration migration (import, export) Advanced settings - Add, delete key metrics - Feature menu management View operation audit logs IP whitelist settings Data deletion - Manually delete data within the workspace, including - Deleting a specific metric set data - Resource catalog - Individual resource catalog (resource catalog detail page) - All resource catalogs (manage-settings-risky operations) - Resource catalogs under a specific object classification (manage-settings-risky operations) Enable approval join
	Dissolve Workspace	Dissolving the workspace, including unbinding Commercial Plan workspaces from billing center accounts and workspace deletion operations Dissolution entry when the workspace is locked
	Data Storage Policy Management	Modify storage policy for metric sets (Metric Management page) Modify general storage policy (Manage-Settings page)
	Workspace Status Management	Operations during the locked state of the workspace Immediate unlock
Data Permission Management	Configuration Management	Sensitive fields: disable, enable, configure (add, delete) Data authorization: configure (add, delete)
Sensitive Data Scan	Configuration Management	Create, edit, enable, disable, delete
Field Management	Field Configuration Management	Create, edit, delete
Regular Expression	Regular Expression Configuration Management	Create, edit, clone, delete
Cloud Account Management	Account Management	Create, edit, delete
	Integration Configuration Management	Install, uninstall, modify configuration
Global Tags	Global Tag Configuration Management	Create, edit, delete
Share Management	Share Configuration Management	Share charts, cancel chart shares, share snapshots, cancel snapshot shares
Snapshot	Create Snapshot	Creating snapshots. Includes Scenes: Dashboards, Notes, Explorers Events: Unresolved Events, Events Infrastructure: Hosts, Containers, Processes, Network, Custom Logs: All Logs, Pattern Analysis APM: Services, Summary, Traces, Error Tracking, Profile RUM: Views, Explorers, Traces Synthetic Tests: Summary, Explorers CI Visualization: Summary, Explorers Security Checks: Summary, Explorers
	Delete Snapshot	Deleting snapshots. Includes Scenes: Dashboards, Notes, Explorers Events: Unresolved Events, Events Infrastructure: Hosts, Containers, Processes, Network, Custom Logs: All Logs, Pattern Analysis APM: Services, Summary, Traces, Error Tracking, Profile RUM: Views, Explorers, Traces Synthetic Tests: Summary, Explorers CI Visualization: Summary, Explorers Security Checks: Summary, Explorers Read-only members can only delete snapshots they created
Billing	Billing Read-Only Permissions	View current workspace usage statistics and billing costs Set high consumption alerts
	Billing Read/Write Permissions	Includes viewing account balance, recharging, changing settlement methods, switching billing center accounts, navigating to the billing center. Only supports actions initiated by the workspace owner
	Upgrade Permissions	Entry point to upgrade Free Plan to Commercial Plan, only supports actions initiated by the current workspace owner
Scene	Scene Configuration Management	Dashboard: create, delete, modify (supports exporting list data to dashboard if this permission is granted), import, export, copy, save to built-in view, set refresh frequency Scheduled Reports: create, modify, delete Carousel: create, modify, delete Notes: create, delete, modify (supports exporting list data to notes if this permission is granted), import, export (JSON/PDF) Explorer: create, delete, modify, export, import, copy Built-in View > System View: export, clone Built-in View > User View: create, delete, modify, export, clone
	Chart Configuration Management	View Variables: add, edit, delete Charts: add, modify, combine, clone, delete Chart Groups: add, modify, delete
	Service List Management	Edit service list configuration
Incident	Manual Recovery	Includes manual recovery operations for unresolved events
	Event Data Query	Query all event data within the workspace, including resolved and unresolved event data (Namespace = E or UE)
Infrastructure	Infrastructure Configuration Management	Includes editing host labels, object classifications, adding object classifications, adding tags, deleting objects
	Infrastructure Data Query	Query all infrastructure-related data within the workspace, including hosts, containers, K8s, processes, resource catalog data, historical 48-hour data, and fourth-layer, seventh-layer network data reported to the workspace.
Log	Log Index Management	Read/write permissions. Includes create, delete, modify, enable, disable, drag-and-drop, operations
	External Index Management	Read/write permissions. Includes binding, delete, operations
	Data Forwarding	Read/write permissions. Includes create, edit, delete, enable, disable, operations
	Log Data Query	Query all log data within the current workspace, including Guance logs (L) default index, custom indexes, bound external indexes (ES, Opensearch, SLS standard logstore) data, and backup logs (BL) data.
Metrics	Metric Description Management	Edit and modify metric descriptions
	Metric Data Query	Query all metric data within the current workspace
APM	Associated Log Management	Edit log association field configurations
	APM Data Query	Query all trace and Profile data within the current workspace
	Issue Auto Discovery	Automatically discover and generate Incident based on error tracking data according to service, version, resource, error type dimensions
RUM	Application Configuration Management	Create, modify, delete applications
	Trace Configuration Management	Create, modify, delete trace configurations
	RUM Data Query	Query all user access data within the current workspace, including `session`, `session replay`, `view`, `resource`, `error`, `long task`, `action` data
	Session Replay View	View all session replay data within the current workspace
	Issue Auto Discovery	Automatically discover and generate Incident based on error data according to application name, environment, version, error type dimensions
Synthetic Tests	Task Configuration Management	Create, delete, modify, enable, disable, test
	User-defined Node Configuration Management	Create, modify, delete, obtain configuration
Security Check	Security Check Data Query	Query all security check-related data within the current workspace
Monitoring	Monitor Configuration Management	Create, delete, test, modify, enable, disable, import, batch export, batch delete, alert configuration editing, create from template
	External Event Reporting Management	View Webhook addresses generated by the [External Event Detection] monitor
	Smart Inspection Configuration Management	Create, delete, test, modify, enable, disable, export
	SLO Configuration Management	Create, delete, modify, enable, disable
	Mute Configuration Management	Create, delete, modify, enable, disable Monitoring > Mute Management Infrastructure > Host Detail Page > Mute Host
	Alert Strategies Configuration Management	Create, delete, alert configuration editing
	Notification Targets Configuration Management	Create, delete, modify
Incident	Channel Management	Channels: create, modify, delete; Notification targets: add, modify
	Channel Subscription	Channel subscription
	Issue Management	Issue creation, modification, deletion, attachment upload
	Level Configuration	Default levels: enable, disable; Custom levels: create, edit, delete
	Notification Policies	Creation, modification, deletion of notification policies
	Schedule	Creation, modification, deletion of schedules
	Issue Discovery	Creation, modification, deletion, enabling, disabling of Issues
Pipelines	Pipelines Management	Read/write permissions. Includes create, modify, delete, enable, disable, import, batch export, batch delete, clone from official library Logs > Pipelines Management > Pipelines
Blacklist	Blacklist Management	Read/write permissions. Includes create, modify, delete, import, batch export, batch delete Logs > Blacklist Management > Blacklist
Generated Metrics	Generated Metrics Configuration Management	Includes create, modify, delete, enable, disable operations Logs > Generated Metrics APM > Generated Metrics RUM > Generated Metrics Security Check > Generated Metrics
DCA	DCA Configuration Management	Restart DataKit, collectors, pipelines, blacklist creation, deletion, modification Configure DCA address
DataFlux Func (Automata)	Func Enable/Configuration	Enable application, modify domain/specification, upgrade version, reset password, deactivate application
RUM (Automata)	RUM Enable/Configuration	Enable application, modify service address, specification, upgrade version, deactivate application
	RUM Admin Permissions	View configuration information, modify service address, specification, version, status, configuration
External Data Sources	Data Source Configuration Management	Create, edit, delete external data sources
	Data Source Query Permissions	Query external data sources
Audit Logs	Audit Logs View	View operation audit logs