Permissions List¶
Guance supports setting permissions for custom roles within a workspace to meet the permission requirements of different users.
Note
Currently, only permissions for functional operations within the workspace are supported.
Permissions List¶
- √: For default roles, it means supported for this permission; for custom roles, it means supported to grant this permission to the custom role.
- ×: For default roles, it means not supported for this permission; for custom roles, it means not supported to grant this permission to the custom role.
Features |
Options |
Owner | Administrator | Standard | Read-only | Custom Roles |
|---|---|---|---|---|---|---|
| General | Default Access | √ | √ | √ | √ | √ |
| Explorer > Global Configuration Management | √ | √ | × | × | √ | |
| Export Management | √ | √ | √ | × | √ | |
| Workspace Management | API Key Management | √ | √ | × | × | × |
| Token View | √ | √ | × | × | × | |
| Token Rotation | √ | √ | × | × | × | |
| Client Token Management | √ | √ | √ | × | √ | |
| Member Management View | √ | √ | √ | × | √ | |
| Invite Members | √ | √ | √ | × | √ | |
| Member Management | √ | √ | × | × | √ | |
| Transfer Owner | √ | × | × | × | × | |
| Settings Management | √ | √ | × | × | × | |
| Delete Workspace | √ | × | × | × | × | |
| Data Storage Policy Management | √ | × | × | × | × | |
| Workspace Status Management | √ | × | × | × | × | |
| Data Permissions Management | Configuration Management | √ | √ | × | × | √ |
| Sensitive Data Scanning | Configuration Management | √ | √ | × | × | √ |
| Field Management | Field Configuration Management | √ | √ | √ | × | √ |
| Regular Expressions | Regular Expression Configuration Management | √ | √ | × | × | √ |
| Cloud Account Management | Account Management | √ | √ | × | × | × |
| Integration Configuration Management | √ | √ | × | × | × | |
| Global Tags | Global Tag Configuration Management | √ | √ | × | × | √ |
| Sharing Management | Sharing Configuration Management | √ | √ | √ | × | √ |
| Snapshots | Create Snapshot | √ | √ | √ | √ | √ |
| Delete Snapshot | √ | √ | √ | × | √ | |
| Billing | Billing Read-only Permission | √ | √ | × | × | √ |
| Billing Read-Write Permission | √ | × | × | × | × | |
| Upgrade Permission | √ | × | × | × | × | |
| Scenarios | Dashboard, View Viewing | √ | √ | √ | √ | √ |
| Dashboard Management | √ | √ | √ | × | √ | |
| Tag Permission Management | √ | √ | × | × | √ | |
| View Management | √ | √ | √ | × | √ | |
| Note, Explorer Management | √ | √ | √ | × | √ | |
| Chart Configuration Management | √ | √ | √ | × | √ | |
| Scheduled Report Viewing | √ | √ | √ | × | √ | |
| Scheduled Report Management | √ | √ | √ | × | √ | |
| Events | Manual Recovery | √ | √ | √ | × | √ |
| Event Data Query | √ | √ | √ | √ | √ | |
| Infrastructure | Infrastructure Configuration Management | √ | √ | × | × | √ |
| Infrastructure Data Query | √ | √ | √ | √ | √ | |
| Logs | Log Index Management | √ | √ | × | × | √ |
| External Index Management | √ | √ | × | × | √ | |
| Data Forwarding | √ | √ | × | × | √ | |
| Log Data Query | √ | √ | √ | √ | √ | |
| Metrics | Metric Description Management | √ | √ | √ | × | √ |
| Metric Data Query | √ | √ | √ | √ | √ | |
| APM | Associated Log Management | √ | √ | √ | × | √ |
| APM Data Query | √ | √ | √ | √ | √ | |
| Issue Auto Discovery | √ | √ | √ | × | √ | |
| Service Management | √ | √ | × | × | √ | |
| RUM | Application Configuration Management | √ | √ | √ | × | √ |
| Trace Configuration Management | √ | √ | √ | × | √ | |
| RUM Data Query | √ | √ | √ | √ | √ | |
| Session Replay View | √ | √ | √ | √ | √ | |
| Issue Auto Discovery | √ | √ | √ | × | √ | |
| LLM Monitoring | Application Configuration Management | √ | √ | √ | × | √ |
| LLM Data Query | √ | √ | √ | √ | √ | |
| Synthetic Tests | Task Configuration Management | √ | √ | √ | × | √ |
| Self-built Nodes Configuration Management | √ | √ | √ | × | √ | |
| Monitoring | Monitor Viewing | √ | √ | √ | √ | √ |
| Monitor Configuration Management | √ | √ | √ | × | √ | |
| External Event Reporting Management | √ | √ | × | × | × | |
| Intelligent Inspection Configuration Management | √ | √ | √ | × | √ | |
| SLO Configuration Management | √ | √ | √ | × | √ | |
| Mute Configuration Management | √ | √ | √ | × | √ | |
| Alert Strategies Configuration Management | √ | √ | √ | × | √ | |
| Notification Targets Configuration Management | √ | √ | × | × | √ | |
| Incident | Channel Management | √ | √ | √ | × | √ |
| Channel Subscription | √ | √ | √ | √ | √ | |
| Channel Viewing | √ | √ | √ | √ | √ | |
| Issue Management | √ | √ | √ | × | √ | |
| Issue Viewing | √ | √ | √ | √ | √ | |
| Reply Management | √ | √ | √ | × | √ | |
| Reply Viewing | √ | √ | √ | √ | √ | |
| Level Configuration | √ | √ | × | × | √ | |
| Notification Strategies | √ | √ | √ | × | √ | |
| Schedules | √ | √ | √ | × | √ | |
| Issue Discovery | √ | √ | √ | × | √ | |
| Pipelines | Pipelines Management | √ | √ | √ | × | √ |
| Blacklist | Blacklist Create, Edit | √ | √ | √ | × | √ |
| Blacklist Enable, Disable | √ | √ | √ | × | √ | |
| Blacklist Delete | √ | √ | √ | × | √ | |
| Generate Metrics | Generate Metrics Configuration Management | √ | √ | √ | × | √ |
| DCA | DCA Configuration Management | √ | √ | × | × | × |
| DataFlux Func (Automata) | Func Activation/Configuration | √ | × | × | × | × |
| RUM Hosted | RUM Activation/Configuration | √ | × | × | × | × |
| RUM Administrator | √ | √ | × | × | × | |
| Cloud Billing | Cloud Billing Data Query | √ | √ | √ | √ | √ |
| External Data Sources | Data Source Configuration Management | √ | √ | × | × | √ |
| Data Source Query Permission | √ | √ | √ | √ | √ | |
| Environment Variables | Environment Variable Configuration Management | √ | √ | × | × | √ |
| Operation Audit | Operation Audit Viewing | √ | √ | √ | √ | √ |
| Security Monitoring | CSPM Configuration Management | √ | √ | √ | × | √ |
| SIEM Configuration Management | √ | √ | √ | × | √ |
Permission Description Details¶
Includes specific descriptions for each item in the permissions list.
Features |
Options |
Description |
|---|---|---|
| General | Default Access Permission | The default viewing and operation permissions users have upon entering the workspace. Includes the following permission scope |
| Explorer > Global Configuration Management | ||
| Export Management | Management of data export permissions within the workspace. Includes the following scope: |
|
| Workspace Management | API Key Management | Operations such as creating, viewing, and deleting API Keys |
| Token View | Obtain the workspace's Token | |
| Token Rotation | Rotate the workspace's Token. Having this permission requires also having the "Token View" permission. | |
| Client Token Management | Create, delete Client Tokens | |
| Member Management View | Includes view (read-only) permissions for the following pages. |
|
| Invite Members | ||
| Member Management | Workspace member management, SSO management related operations, including - SSO Login (enable, disable, delete) - SAML Mapping (create, delete, modify, enable, disable) - Custom Mapping (create, delete, modify) |
|
| Transfer Owner | Transfer the current workspace ownership to another member | |
| Settings Management | Edit operations on the workspace settings page, including the following permission scope | |
| Delete Workspace | Delete the workspace, including unbinding Commercial Plan workspaces from the Billing Center account and workspace deletion operations. |
|
| Data Storage Policy Management | ||
| Workspace Status Management | Includes some operations when the workspace is locked. |
|
| Data Permissions Management | Configuration Management | |
| Sensitive Data Scanning | Configuration Management | Create, edit, enable, disable, delete |
| Field Management | Field Configuration Management | Create, edit, delete |
| Regular Expressions | Regular Expression Configuration Management | Create, edit, clone, delete |
| Cloud Account Management | Account Management | Create, edit, delete |
| Integration Configuration Management | Install, uninstall, modify configuration | |
| Global Tags | Global Tag Configuration Management | Create, edit, delete |
| Sharing Management | Sharing Configuration Management | Chart sharing, chart unsharing, snapshot sharing, snapshot unsharing |
| Snapshots | Create Snapshot | Create snapshot. Includes: |
| Delete Snapshot | Delete snapshot (Read-only members can only delete snapshots created by their own account). Includes: |
|
| Billing | Billing Read-only Permission | |
| Billing Read-Write Permission | Includes viewing account balance, recharge, change payment method, change Billing Center account, jump to Billing Center. Only members with the Owner role of the current workspace can view and initiate related operations. | |
| Upgrade Permission | The entry point to initiate the process of upgrading from the Free Plan to the Commercial Plan. Only members with the Owner role of the current workspace can initiate it. | |
| Scenarios | Dashboard, View Viewing | Includes visibility of the dashboard and view modules, querying dashboards and views (viewing the dashboard list page and details page), setting refresh frequency, changing query time; viewing permissions for carousels. |
| Dashboard Management | ||
| Tag Permission Management | Management of dashboard tag permissions: tag addition, editing, deletion | |
| View Management | ||
| Note, Explorer Management | ||
| Chart Configuration Management | ||
| Scheduled Report Viewing | View | |
| Scheduled Report Management | Create, edit, delete, enable/disable | |
| Events | Manual Recovery | Includes manual recovery operations for unrecovered events |
| Event Data Query | Query all event data within the workspace, including all data for Events and Unrecovered Events. | |
| Infrastructure | Infrastructure Configuration Management | Includes operations like editing Host Labels, editing object classification, adding object classification, adding tags, deleting objects, etc. |
| Infrastructure Data Query | Query all infrastructure object-related data within the workspace, including host, container, K8s, process, Resource Catalog data and historical 48-hour data, as well as Layer 4 and Layer 7 network data reported to the workspace. | |
| Logs | Log Index Management | Read-write permissions. Includes create, delete, modify, enable, disable, drag-and-drop operations |
| External Index Management | Read-write permissions. Includes bind, delete operations | |
| Data Forwarding | Read-write permissions. Includes create, edit, delete, enable, disable operations | |
| Log Data Query | Permission to query all log data within the current workspace, including Guance logs (L) default index, custom index, bound external index (ES, Opensearch, SLS standard logstore) data, and backup log (BL) data. | |
| Metrics | Metric Description Management | Edit and modify metric descriptions |
| Metric Data Query | Query all metric data within the current workspace. | |
| APM | Associated Log Management | Edit log association field configuration |
| APM Data Query | Query all trace and Profile data within the current workspace. | |
| Issue Auto Discovery | Automatically discover and generate Incident Issues based on service, version, resource, and error type dimensions from error tracking data. | |
| Service Management | Service List management, service custom filter field configuration. | |
| RUM | Application Configuration Management | Create, modify, delete application |
| Trace Configuration Management | Create, modify, delete trace configuration | |
| RUM Data Query | Query all RUM data within the current workspace, including session, session replay, view, resource, error, long task, action and other data. |
|
| Session Replay View | Permission to view all session replay data within the current workspace. | |
| Issue Auto Discovery | Automatically discover and generate Incident Issues based on application name, environment, version, and error type dimensions from error data. | |
| LLM Monitoring | Application Configuration Management | Create, modify, delete application. |
| LLM Data Query | Query all LLM data within the current workspace. | |
| Synthetic Tests | Task Configuration Management | Create, delete, modify, enable, disable, test |
| Self-built Nodes Configuration Management | Create, modify, delete, get configuration | |
| Monitoring | Monitor Viewing | View the monitor list page and view monitor configuration details page. |
| Monitor Configuration Management | Create, delete, test, modify, enable, disable, import, batch export, batch delete, edit alert configuration, create from template. | |
| External Event Reporting Management | View the Webhook address generated by the "External Event Detection" monitor. | |
| SLO Configuration Management | Create, delete, modify, enable, disable | |
| Mute Configuration Management | Create, delete, modify, enable, disable |
|
| Alert Strategies Configuration Management | Create, delete, edit alert configuration | |
| Notification Targets Configuration Management | Create, delete, modify | |
| Incident | Channel Management | |
| Channel Subscription | ||
| Channel Viewing | ||
| Issue Management | Create, modify, delete Issue; upload attachments. | |
| Issue Viewing | ||
| Reply Management | ||
| Reply Viewing | ||
| Level Configuration | ||
| Notification Strategies | Create, modify, delete | |
| Schedules | Create, modify, delete | |
| Issue Discovery | Create, modify, delete, enable, disable | |
| Pipelines | Pipelines Management | Read-write permissions. Includes create, modify, delete, enable, disable, import, batch export, batch delete, clone from official library. |
| Blacklist | Blacklist Create, Edit | Includes create, modify, import, export |
| Blacklist Enable, Disable | Includes enable, disable |
|
| Blacklist Delete | Delete blacklist permission |
|
| Generate Metrics | Generate Metrics Configuration Management | Includes create, modify, delete, enable, disable operations. |
| DCA | DCA Configuration Management | |
| DataFlux Func (Automata) | Func Activation/Configuration | Activate application, modify domain/specification, upgrade version, reset password, deactivate application. |
| RUM Hosted | RUM Activation/Configuration | Activate application, modify service address, specification, upgrade version, deactivate application. |
| RUM Administrator Permission | View configuration information, modify service address, specification, version, status, configuration. | |
| Cloud Billing | Cloud Billing Data Query | |
| External Data Sources | Data Source Configuration Management | Create, edit, delete operations. |
| Data Source Query Permission | Query external data sources. | |
| Environment Variables | Environment Variable Configuration Management | Create, import, export, edit, delete. |
| Operation Audit | Operation Audit Viewing | Operation audit data viewing permission. |
| Security Monitoring | CSPM Configuration Management | Create, delete, test, modify, enable, disable, import, batch export, batch delete, edit alert configuration. |
| SIEM Configuration Management | Create, delete, modify, enable, disable, import, batch export, batch delete, edit alert configuration. |
Default Access¶
- Dashboard, Note, Explorer, Built-in Views: Read-only permission
- Dashboard Carousel: Read-only permission
- Charts: Read-only permission, copy
- Dashboard, Note, Explorer: Favorite
- All Explorers: Read-only permission
- All Explorer personal quick filters: Edit permission
- All Explorer display columns: Configuration permission
- Dashboard, Note, Explorer creator: Edit permission
- APM > Service List: Read-only permission
- RUM > Application Configuration: Read-only permission
- RUM > Trace Configuration: Read-only permission
- Synthetic Tests > Task Configuration: Read-only permission
- Synthetic Tests > Self-built Nodes Configuration: Read-only permission
- Monitor, Intelligent Inspection, SLO, Mute Management, Alert Strategies, Notification Targets configuration: Read-only permission
- Pipelines Configuration: User pipeline, official pipeline read-only permission
- Blacklist Configuration: Read-only permission
- Workspace Basic Information: Read-only permission
- Member Management: Read-only permission
- SSO Management: Read-only permission
- Role Management: Read-only permission
- Field Management: Read-only permission
- Data Permissions Management: Read-only permission
- Regular Expressions: Read-only permission
- Sharing Management: Read-only permission
- Snapshots: Read-only permission (view/copy)
- DQL Query Tool
- Integrations
- Observer Assistant
- Experience Demo Workspace
- Ticket Management
- Workspace Notes (personal account level)
- New User Guide
- Automatically pop up "New User Guide"
- Avatar > View New User Guide
- Log Data Access Configuration View: Read-only
- Incident: Channel read-only, Issue read-only, Reply read-only, Notification Strategies read-only, Schedules read-only
Settings Management¶
- Modify workspace name
- Modify description
- Configuration migration (import, export)
- Advanced Settings
- Add, delete key metrics
- Feature Menu Management
- Operation Audit Viewing
- IP Whitelist Settings
- Data Deletion
-
Manual data deletion operations within the workspace, including
- Delete data of a specific Measurement
- Delete custom object
- Single custom object (Custom Object Details Page)
- All custom objects (Management > Settings > Risky Operations)
- Custom objects under a specific object classification (Management > Settings > Risky Operations)
- Enable approval to join