Permission List¶
Guance supports setting permissions for custom roles within the workspace to meet the permission requirements of different users.
Note
Currently, only functional operation permissions within the workspace can be set.
Permission List¶
- √: Default roles indicate support for this permission, and custom roles indicate support for granting this permission to custom roles.
- ×: Default roles indicate no support for this permission, and custom roles indicate no support for granting this permission to custom roles.
Swipe left 👈 to see more!
Features |
Operation Permissions |
Owner | Administrator | Standard | Read-only | Custom Role |
|---|---|---|---|---|---|---|
| General | Default Access | √ | √ | √ | √ | √ |
| Explorer > Global Configuration Management | √ | √ | × | × | √ | |
| Export Management | √ | √ | √ | × | √ | |
| Workspace Management | API Key Management | √ | √ | × | × | × |
| Token View | √ | √ | × | × | × | |
| Token Replacement | √ | √ | × | × | × | |
| Client Token Management | √ | √ | √ | × | √ | |
| Member Management View | √ | √ | √ | × | √ | |
| Invite Members | √ | √ | √ | × | √ | |
| Member Management | √ | √ | × | × | √ | |
| Transfer Ownership | √ | × | × | × | × | |
| Settings Management | √ | √ | × | × | × | |
| Dissolve Workspace | √ | × | × | × | × | |
| Data Storage Policy Management | √ | × | × | × | × | |
| Workspace Status Management | √ | × | × | × | × | |
| Data Permission Management | Configuration Management | √ | √ | × | × | √ |
| Sensitive Data Scanning | Configuration Management | √ | √ | × | × | √ |
| Field Management | Field Configuration Management | √ | √ | √ | × | √ |
| Regular Expression | Regular Expression Configuration Management | √ | √ | × | × | √ |
| Cloud Account Management | Account Management | √ | √ | × | × | × |
| Integration Configuration Management | √ | √ | × | × | × | |
| Global Tags | Global Tag Configuration Management | √ | √ | × | × | √ |
| Sharing Management | Sharing Configuration Management | √ | √ | √ | × | √ |
| Snapshots | Create Snapshots | √ | √ | √ | √ | √ |
| Delete Snapshots | √ | √ | √ | × | √ | |
| Billing | Billing Read-only Permission | √ | √ | × | × | √ |
| Billing Read-Write Permission | √ | × | × | × | × | |
| Upgrade Permission | √ | × | × | × | × | |
| Scenarios | Dashboard, View View | √ | √ | √ | √ | √ |
| Dashboard Management | √ | √ | √ | × | √ | |
| View Management | √ | √ | √ | × | √ | |
| Notes, Explorer Management | √ | √ | √ | × | √ | |
| Chart Configuration Management | √ | √ | √ | × | √ | |
| Service List Management | √ | √ | √ | × | √ | |
| Chart Configuration Management | √ | √ | √ | × | √ | |
| Service List Management | √ | √ | √ | × | √ | |
| Scheduled Report View | √ | √ | √ | × | √ | |
| Scheduled Report Management | √ | √ | √ | × | √ | |
| Events | Manual Recovery | √ | √ | √ | × | √ |
| Event Data Query | √ | √ | √ | √ | √ | |
| Infrastructure | Infrastructure Configuration Management | √ | √ | × | × | √ |
| Infrastructure Data Query | √ | √ | √ | √ | √ | |
| Logs | Log Index Management | √ | √ | × | × | √ |
| External Index Management | √ | √ | × | × | √ | |
| Data Forwarding | √ | √ | × | × | √ | |
| Log Data Query | √ | √ | √ | √ | √ | |
| Metrics | Metric Description Management | √ | √ | √ | × | √ |
| Metric Data Query | √ | √ | √ | √ | √ | |
| APM | Associated Log Management | √ | √ | √ | × | √ |
| APM Data Query | √ | √ | √ | √ | √ | |
| Issue Auto-discovery | √ | √ | √ | × | √ | |
| RUM | Application Configuration Management | √ | √ | √ | × | √ |
| Trace Configuration Management | √ | √ | √ | × | √ | |
| RUM Data Query | √ | √ | √ | √ | √ | |
| Session Replay View | √ | √ | √ | √ | √ | |
| Issue Auto-discovery | √ | √ | √ | × | √ | |
| LLM Monitoring | Application Configuration Management | √ | √ | √ | × | √ |
| LLM Data Query | √ | √ | √ | √ | √ | |
| Synthetic Tests | Task Configuration Management | √ | √ | √ | × | √ |
| Self-built Nodes Configuration Management | √ | √ | √ | × | √ | |
| Monitoring | Monitor View | √ | √ | √ | √ | √ |
| Monitor Configuration Management | √ | √ | √ | × | √ | |
| External Event Reporting Management | √ | √ | × | × | × | |
| Intelligent Inspection Configuration Management | √ | √ | √ | × | √ | |
| SLO Configuration Management | √ | √ | √ | × | √ | |
| Mute Configuration Management | √ | √ | √ | × | √ | |
| Alert Strategy Configuration Management | √ | √ | √ | × | √ | |
| Notification Target Configuration Management | √ | √ | × | × | √ | |
| Incident | Channel Management | √ | √ | √ | × | √ |
| Channel Subscription | √ | √ | √ | √ | √ | |
| Channel View | √ | √ | √ | √ | √ | |
| Issue Management | √ | √ | √ | × | √ | |
| Issue View | √ | √ | √ | √ | √ | |
| Reply Management | √ | √ | √ | × | √ | |
| Reply View | √ | √ | √ | √ | √ | |
| Level Configuration | √ | √ | × | × | √ | |
| Notification Strategy | √ | √ | √ | × | √ | |
| Schedule | √ | √ | √ | × | √ | |
| Issue Discovery | √ | √ | √ | × | √ | |
| Pipelines | Pipelines Management | √ | √ | √ | × | √ |
| Blacklist | Blacklist Create, Edit | √ | √ | √ | × | √ |
| Blacklist Enable, Disable | √ | √ | √ | × | √ | |
| Blacklist Delete | √ | √ | √ | × | √ | |
| Generate Metrics | Generate Metrics Configuration Management | √ | √ | √ | × | √ |
| DCA | DCA Configuration Management | √ | √ | × | × | × |
| DataFlux Func (Automata) | Func Enable/Configuration | √ | × | × | × | × |
| RUM (Automata) | RUM Enable/Configuration | √ | × | × | × | × |
| RUM Administrator | √ | √ | × | × | × | |
| Cloud Bill | Cloud Bill Data Query | √ | √ | √ | √ | √ |
| External Data Source | Data Source Configuration Management | √ | √ | × | × | √ |
| Data Source Query Permission | √ | √ | √ | √ | √ | |
| Environment Variables | Environment Variables Configuration Management | √ | √ | × | × | √ |
| Operation Audit | Operation Audit View | √ | √ | √ | √ | √ |
| Security Monitoring | CSPM Configuration Management | √ | √ | √ | × | √ |
| SIEM Configuration Management | √ | √ | √ | × | √ |
Permission Description Details¶
Contains detailed descriptions of each permission list.
Features |
Operation Permissions |
Description |
|---|---|---|
| General | Default Access Permission | The default view and operation permissions that users have after entering the workspace. Includes the following permission scope. |
| Explorer > Global Configuration Management | ||
| Export Management | Workspace data export permission management. Includes the following permission scope: |
|
| Workspace Management | API Key Management | API Key creation, view, deletion, etc. |
| Token View | Get workspace Token | |
| Token Replacement | Replace workspace Token, having this permission requires also having "Token View" permission | |
| Client Token Management | Client Token creation, deletion | |
| Member Management View | Includes view (read-only) permissions for the following pages. |
|
| Invite Members | ||
| Member Management | Workspace member management, SSO management related operations, including - SSO Login (enable, disable, delete) - SAML Mapping (create, delete, modify, enable, disable) - Custom Mapping (create, delete, modify) |
|
| Transfer Ownership | Transfer current workspace ownership to another member | |
| Settings Management | Workspace settings page edit operations, including the following permission scope. | |
| Dissolve Workspace | Dissolve workspace, including unbinding Commercial Plan workspace and Billing Center account and workspace deletion operations |
|
| Data Storage Policy Management | ||
| Workspace Status Management | Includes some operations in locked workspace state |
|
| Data Permission Management | Configuration Management | |
| Sensitive Data Scanning | Configuration Management | Create, edit, enable, disable, delete |
| Field Management | Field Configuration Management | Create, edit, delete |
| Regular Expression | Regular Expression Configuration Management | Create, edit, clone, delete |
| Cloud Account Management | Account Management | Create, edit, delete |
| Integration Configuration Management | Install, uninstall, modify configuration | |
| Global Tags | Global Tag Configuration Management | Create, edit, delete |
| Sharing Management | Sharing Configuration Management | Chart sharing, chart unsharing, snapshot sharing, snapshot unsharing |
| Snapshots | Create Snapshots | Snapshot creation. Includes |
| Delete Snapshots | Snapshot deletion (read-only members can only delete snapshots created by their own account). Includes |
|
| Billing | Billing Read-only Permission | |
| Billing Read-Write Permission | Includes account balance view, recharge, change payment method, change Billing Center account, jump to Billing Center, only supported by members with the current workspace owner role to view and initiate related operations | |
| Upgrade Permission | Free Plan upgrade to Commercial Plan process initiation entry, only supported by members with the current workspace owner role to initiate | |
| Scenarios | Dashboard, View View | Includes dashboard, view module visibility, dashboard, view query (view dashboard list page and details page), set refresh frequency, change query time; carousel view permission |
| Dashboard Management | ||
| View Management | ||
| Notes, Explorer Management | ||
| Chart Configuration Management | ||
| Service List Management | Edit service list configuration | |
| Scheduled Report View | View | |
| Scheduled Report Management | Create, edit, delete, enable/disable | |
| Events | Manual Recovery | Includes unrecovered event manual recovery operation |
| Event Data Query | Query all event data within the workspace, including all data of events and unrecovered events | |
| Infrastructure | Infrastructure Configuration Management | Includes host edit Label, edit object classification, add object classification, add tags, delete objects, etc. |
| Infrastructure Data Query | Query all infrastructure object related data within the workspace, including hosts, containers, K8s, processes, resource catalog data and historical 48-hour data as well as Layer 4, Layer 7 network data reported to the workspace. | |
| Logs | Log Index Management | Read-write permissions. Includes create, delete, modify, enable, disable, drag operations |
| External Index Management | Read-write permissions. Includes bind, delete operations | |
| Data Forwarding | Read-write permissions. Includes create, edit, delete, enable, disable operations | |
| Log Data Query | Query all log data within the current workspace, including Guance logs (L) default index, custom index, bound external index (ES, Opensearch, SLS standard logstore) data and backup logs (BL) data. | |
| Metrics | Metric Description Management | Edit modify metric description |
| Metric Data Query | Query all metric data within the current workspace | |
| APM | Associated Log Management | Edit log association field configuration |
| APM Data Query | Query all traces, Profile data within the current workspace | |
| Issue Auto-discovery | Error tracking data automatically discovers and generates Incident Issues based on service, version, resource, error type dimensions | |
| RUM | Application Configuration Management | Create, modify, delete application |
| Trace Configuration Management | Create, modify, delete trace configuration | |
| RUM Data Query | Query all user access data within the current workspace, including session, session replay, view, resource, error, long task, action data |
|
| Session Replay View | View all session replay data within the current workspace | |
| Issue Auto-discovery | Error data automatically discovers and generates Incident Issues based on application name, environment, version, error type dimensions | |
| LLM Monitoring | Application Configuration Management | Create, modify, delete application |
| LLM Data Query | Query all LLM data within the current workspace | |
| Synthetic Tests | Task Configuration Management | Create, delete, modify, enable, disable, test |
| Self-built Nodes Configuration Management | Create, modify, delete, get configuration | |
| Monitoring | Monitor View | View monitor list page and view monitor configuration details page |
| Monitor Configuration Management | Create, delete, test, modify, enable, disable, import, batch export, batch delete, alert configuration edit, create from template | |
| External Event Reporting Management | View Webhook address generated by "External Event Detection" monitor | |
| SLO Configuration Management | Create, delete, modify, enable, disable | |
| Mute Configuration Management | Create, delete, modify, enable, disable |
|
| Alert Strategy Configuration Management | Create, delete, alert configuration edit | |
| Notification Target Configuration Management | Create, delete, modify | |
| Incident | Channel Management | |
| Channel Subscription | ||
| Channel View | ||
| Issue Management | Create, modify, delete Issue; attachment upload | |
| Issue View | ||
| Reply Management | ||
| Reply View | ||
| Level Configuration | ||
| Notification Strategy | Create, modify, delete | |
| Schedule | Create, modify, delete | |
| Issue Discovery | Create, modify, delete, enable, disable | |
| Pipelines | Pipelines Management | Read-write permissions. Includes create, modify, delete, enable, disable, import, batch export, batch delete, clone from official library |
| Blacklist | Blacklist Create, Edit | Includes create, modify, import, export |
| Blacklist Enable, Disable | Includes enable, disable |
|
| Blacklist Delete | Delete blacklist permission |
|
| Generate Metrics | Generate Metrics Configuration Management | Includes create, modify, delete, enable, disable operations |
| DCA | DCA Configuration Management | |
| DataFlux Func (Automata) | Func Enable/Configuration | Enable application, modify domain/specification, upgrade version, reset password, disable application |
| RUM (Automata) | RUM Enable/Configuration | Enable application, modify service address, specification, upgrade version, disable application |
| RUM Administrator Permission | View configuration information, modify service address, specification, version, status, configuration | |
| Cloud Bill | Cloud Bill Data Query | |
| External Data Source | Data Source Configuration Management | Create, edit, delete operations |
| Data Source Query Permission | Query external data source | |
| Environment Variables | Environment Variables Configuration Management | Create, import, export, edit, delete |
| Operation Audit | Operation Audit View | Operation audit data view permission |
| Security Monitoring | CSPM Configuration Management | Create, delete, test, modify, enable, disable, import, batch export, batch delete, alert configuration edit |
| SIEM Configuration Management | Create, delete, modify, enable, disable, import, batch export, batch delete, alert configuration edit |
Default Access¶
- Dashboard, Notes, Explorer, Built-in Views: Read-only permission
- Dashboard Carousel: Read-only permission
- Charts: Read-only permission, copy
- Dashboard, Notes, Explorer: Favorite
- All Explorers: Read-only permission
- All Explorers Personal Quick Filters: Edit permission
- All Explorers Display Columns: Configure permission
- Dashboard, Notes, Explorer Creator: Edit permission
- APM > Service List: Read-only permission
- RUM > Application Configuration: Read-only permission
- RUM > Trace Configuration: Read-only permission
- Synthetic Tests > Task Configuration: Read-only permission
- Synthetic Tests > Self-built Nodes Configuration: Read-only permission
- Monitor, Intelligent Inspection, SLO, Mute Management, Alert Strategy, Notification Target Configuration: Read-only permission
- Pipelines Configuration: User pipeline, official pipeline read-only permission
- Blacklist Configuration: Read-only permission
- Workspace Basic Information: Read-only permission
- Member Management: Read-only permission
- SSO Management: Read-only permission
- Role Management: Read-only permission
- Field Management: Read-only permission
- Data Permission Management: Read-only permission
- Regular Expression: Read-only permission
- Sharing Management: Read-only permission
- Snapshots: Read-only permission (view/copy)
- DQL Query Tool
- Integration
- Obs Assistant
- Experience Demo Workspace
- Ticket Management
- Workspace Notes (Personal Account Level)
- Beginner Guide
- Automatically Pop Up "Beginner Guide"
- Avatar > View Beginner Guide
- Log Data Access Configuration View: Read-only
- Incident: Channel read-only, Issue read-only, Reply read-only, Notification Strategy read-only, Schedule read-only
Settings Management¶
- Workspace Name Modification
- Description Modification
- Configuration Migration (Import, Export)
- Advanced Settings
- Add, Delete Key Metrics
- Function Menu Management
- Operation Audit View
- IP Whitelist Settings
- Data Deletion
-
Manual data deletion operations within the workspace, including
- Delete a measurement data
- Delete custom objects
- Single custom object (Custom Object Details Page)
- All custom objects (Management > Settings > Risky Operations)
- Custom objects under a certain object classification (Management > Settings > Risky Operations)
- Enable Approval Join