When we launched our New Relic Synthetics monitoring product, we wanted to make it as easy as possible for teams to work together and share their monitors, data, and reports. As larger and more distributed teams work together with Synthetics, our customers have asked for new ways to manage the collaboration between team members and access to resources, especially in fast-moving DevOps environments.
Today, we’re pleased to announce a new permissions system for Synthetics. Available now, the permissions feature is designed to give teams of every size better ways to control access to monitors, scripts, and private locations.
Why permissions are important
Operating at scale requires controls. Whether it’s managing large volumes of performance data, large numbers of monitors, or the teams that have access to them, controlling access is critically important.
First, you want to make sure teams don’t get overwhelmed sifting through data that isn’t relevant to them. Just as important, sensitive information like login credentials in monitor scripts should be shown only to those who are supposed to see it. If an office in Paris launches a private location to test its apps locally, staffers may not want the New York City office using that capacity without checking with them first, which can help with better resource management or internal cost accounting. Finally, teams using large numbers of monitors may want to keep the monitors for staging apps logically separate from production apps in order to keep results from intermixing.
All in all, having better control over how teams engage with Synthetics can make it easier for team members to collaborate and be more effective in understanding application experiences.
How Synthetics permissions works
The Synthetics permission system works by granting groups of users access over resources, such as globally distributed monitors or private-location monitors. Permissions can be used to grant read-only access or full control of the resource. If no permissions are granted to a particular resource, then that user has no access to that resource.
The following matrix shows the levels of access offered for each resource type:
A few additional behaviors are worth noting when working with permissions in Synthetics:
- The most permissive access wins. So, if Bob is part of Group A, which grants him access to edit all monitors and then he gets added to Group B, which gives him just read-only access to Monitor #4259, Bob will still have edit access over Monitor #4259.
- These permissions affect only New Relic Synthetics. Since all Synthetics data is available through New Relic Insights, users will still have access to the data generated by monitors through Insights.
Getting started with Synthetics permissions
By default, all accounts allow full access to all users. When you’re ready to define more granular permissions, there are just a few steps you need to take:
1. Log into New Relic as a user who is either an account owner or account admin, and then navigate to Synthetics.
2. Click on the Permissions tab and opt in by pressing the pretty purple button. Note that this removes access for all users to all monitors and any private locations you may have. That’s a good thing, since you can now start granting specific permissions to user groups.
3. Start building the permissions you want for your team:
- Create a group.
- Add one or more users to that group.
- Set the permissions you want that group to have over resources like monitors and private locations (Note: Any one group can set default permissions to a resource or specific permissions to instances of that resource, but not both.)
Try out the new permissions feature yourself! It’s available today for all New Relic Synthetics Pro customers. For more details, please refer to the documentation page.