archive/netdata_netdata
0
0
Fork 0
mirror of https://github.com/netdata/netdata.git synced 2025-04-14 01:29:11 +00:00
Code Issues Projects Releases Wiki Activity

docs: edit Authentication and Authorization section ()

Browse source 
* update on authentication and authorization README

* update on enterprise SSO auth page

* rbac docs edit

* improve structure

---------

Co-authored-by: ilyam8 <ilya@netdata.cloud>
This commit is contained in:
Fotis Voutsas 2024-12-09 12:23:50 +02:00 committed by GitHub
parent ebfecae907
commit f65cbf718f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 152 additions and 165 deletions
docs/netdata-cloud/authentication-and-authorization
README.mdenterprise-sso-authentication.mdrole-based-access-model.md

27
docs/netdata-cloud/authentication-and-authorization/README.md
View file

@ -1,27 +1,18 @@
# Authentication & Authorization
This section contains documentation about how Netdata allows users to Authenticate with Netdata Cloud, as well as the Authorization flows that control the access and actions of their teammates in Netdata Cloud.
This documentation covers the authentication methods available in Netdata Cloud and explains how authorization controls access and permissions for team members.
## Authentication
### Email
| Method | Description | Setup Process |
|:---------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
| Email | • Standard email and password authentications<br/>• Recommended for individual user | 1. Visit Netdata Cloud<br/>2. Enter email address<br/>3. Follow verification process<br/>4. Set up password (new accounts) |
| Google OAuth | • Authentication using Google account credentials<br/>• Account will be linked to your Google email address | 1. Visit Netdata Cloud<br/>2. Click Google sign-in<br/>3. Complete Google authentication flow |
| GitHub OAuth | • Authentication using GitHub account credentials<br/>• Account will be linked to your GitHub email address | 1. Visit Netdata Cloud<br/>2. Click GitHub sign-in<br/>3. Complete GitHub authentication flow |
| Enterprise SSO | • Advanced authentication for organizations using identity providers<br/>• Features:<br/>&emsp; - Identity provider integration<br/>&emsp; - Centralized management<br/>&emsp; - Enhanced security<br/>&emsp; - Audit logging | See [Enterprise SSO documentation](/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md) |
To sign in/sign up using email, visit [Netdata Cloud](https://app.netdata.cloud/sign-in?cloudRoute=spaces?utm_source=docs&utm_content=sign_in_button_email_section), enter your email address, and click the **Sign in by email** button.
Click the **Verify** button in the email you received to start using Netdata Cloud.
### Google and GitHub OAuth
When you use Google/GitHub OAuth, your Netdata Cloud account is associated with the email address that Netdata Cloud receives through OAuth.
To sign in/sign up using Google or GitHub OAuth, visit [Netdata Cloud](https://app.netdata.cloud/sign-in?cloudRoute=spaces?utm_source=docs&utm_content=sign_in_button_google_github_section) select the method you want to use. After the verification steps, you will be signed in to Netdata Cloud.
### Enterprise SSO Authentication
Netdata integrates with SSO tools, allowing you to control how your team connects and authenticates to Netdata Cloud.
For more information, see [Enterprise SSO Authentication](/docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md).
> **Important**: When using OAuth, your Netdata Cloud account will be automatically associated with the email address provided by the OAuth provider. Ensure you have access to this email address.
## Authorization
Once logged in, you can manage role-based access in your space to give each team member the appropriate role. For more information, see [Role-Based Access model](/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md).
Once logged in, you can manage role-based access in your Space to give each team member the appropriate role. For more information, see [Role-Based Access model](/docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md).

64
docs/netdata-cloud/authentication-and-authorization/enterprise-sso-authentication.md
View file

@ -1,48 +1,48 @@
# Enterprise SSO Authentication
Netdata provides you with means to streamline and control how your team connects and authenticates to Netdata Cloud. We provide
different Single Sign-On (SSO) integrations that allow you to connect with the tool that your organization is using to manage your
user accounts.
Enterprise Single Sign-On (SSO) integration enables organizations to manage Netdata Cloud access through their existing identity management solution. This simplifies user authentication and improves security through centralized access control.
> **Note** This feature focus is on the Authentication flow, it doesn't support the Authorization with managing Users and Roles.
> **Important**: Enterprise SSO handles authentication only. User and role management must be configured separately within Netdata Cloud.
## How to set it up?
## Prerequisites
If you want to set up your Netdata Space to allow user Authentication through an Enterprise SSO tool, you need to:
| Requirement | Details |
|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
| SSO Provider | Must be [supported by Netdata](https://learn.netdata.cloud/docs/netdata-cloud/authentication-&-authorization/cloud-authentication-&-authorization-integrations) |
| Account Status | Active Netdata Cloud account |
| Subscription | Business plan or higher |
| Access Level | Space Administrator permissions |
* Confirm the integration to the tool you want is available ([Authentication integrations](https://learn.netdata.cloud/docs/netdata-cloud/authentication-&-authorization/cloud-authentication-&-authorization-integrations))
* Have a Netdata Cloud account
* Have Access to Space as an administrator
* Your Space needs to be on the Business plan or higher
## Setup
Once you ensure the above prerequisites, you need to:
**Netdata Cloud Configuration**:
1. Click on the Space settings cog (located above your profile icon)
2. Click on the Authentication tab
3. Select the card for the integration youre looking for, click on Configure
4. Fill the required attributes need to establish the integration with the tool
To configure SSO in your Netdata Cloud space:
## How to authenticate to Netdata?
1. Navigate to Space Settings (gear icon above profile)
2. Select User Management → Authentication & Authorization
3. Locate your desired SSO integration
4. Click "Configure" and fill in the required integration attributes
### From Netdata Sign-up page
**Domain Verification**:
#### Requirements
Domain verification is required to establish secure SSO connectivity:
You have to update your DNS settings by adding a TXT record with the Netdata verification code as its **Value**.
The **Value** can be found by clicking the **DNS TXT record** button in your space settings under **User Management**, in the** Authentication & Authorization** tab.
1. Access the DNS TXT record:
- Go to Space Settings → User Management → Authentication & Authorization
- Click "DNS TXT record" button to reveal verification code
2. Add DNS Record:
- Log into your domain provider's DNS management
- Create a new TXT record with these specifications:
Log into your domain providers website, and navigate to the DNS records section.
Create a new TXT record with the following specifications:
| Field | Value |
|--------------------------|----------------------------------------------|
| Value/Answer/Description | `"netdata-verification=[VERIFICATION CODE]"` |
| Name/Host/Alias | Leave blank or use @ for subdomain |
| TTL (Time to Live) | 86400 (or use provider default) |
- Value/Answer/Description: `"netdata-verification=[VERIFICATION CODE]"`
- Name/Host/Alias: Leave this blank or type @ to include a subdomain.
- Time to live (TTL): "86400" (this can also be inherited from the default configuration).
**SSO Provider Configuration**: Consult your provider's documentation for detailed instructions.
#### Starting the flow from Netdata sign-in page
## How to Authenticate
1. Click on the link `Sign-in with an Enterprise Single Sign-On (SSO)`
2. Enter your email address
3. Complete the SSO flow
Note: If you're not authenticated on the Enterprise SSO tool, you'll be prompted to authenticate there
first before being allowed to proceed to Netdata Cloud.
Click on the link `Sign-in with an Enterprise Single Sign-On (SSO)` and follow the instructions. If you're not authenticated on the Enterprise SSO tool, you'll be prompted to authenticate there first before being allowed to proceed to Netdata Cloud.

226
docs/netdata-cloud/authentication-and-authorization/role-based-access-model.md
View file

@ -1,156 +1,152 @@
# Role-Based Access model (RBAC)
Netdata Cloud's role-based-access mechanism allows you to control what functionalities in the app users can access. Each user can be assigned only one role, which fully specifies all the capabilities they are afforded.
Netdata Cloud's Role-Based Access mechanism allows you to control what functionalities a user can access.
## What roles are available?
## Roles
With the advent of the paid plans, we revamped the roles to cover needs expressed by Netdata users, like providing more limited access to their customers, or
being able to join any Room. We also aligned the offered roles to the target audience of each plan. The result is the following:
| **Role** | **Community** | **Homelab** | **Business** | **Enterprise On-Prem** |
|:---------------------------------------------------------------------------------------------------------------------------------------|:-------------------|:-------------------|:-------------------|:-----------------------|
| **Admins** can control Spaces, Rooms, Nodes, Users and Billing.They can also access any Room in the Space. | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Managers** can manage Rooms and Users. They can access any Room in the Space. | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Troubleshooters** can only use Netdata to troubleshoot, not manage entities. They need to be assigned to Rooms in the Space. | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Observers** can only view data in specific Rooms.<br/> 💡 Ideal for restricting your customer's access to their own dedicated Rooms. | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Billing** can handle billing options and invoices. | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Role** | **Community** | **Homelab** | **Business** | **Enterprise On-Premise** |
|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------|:-------------------|:-------------------|:--------------------------|
| **Admins**<p>Users with this role can control Spaces, Rooms, Nodes, Users and Billing.</p><p>They can also access any Room in the Space.</p> | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Managers**<p>Users with this role can manage Rooms and Users.</p><p>They can access any Room in the Space.</p> | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Troubleshooters**<p>Users with this role can use Netdata to troubleshoot, not manage entities.</p><p>They need to be assigned to Rooms in the Space.</p> | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Observers**<p>Users with this role can only view data in specific Rooms.</p>💡 Ideal for restricting your customer's access to their own dedicated rooms.<p></p> | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Billing**<p>Users with this role can handle billing options and invoices.</p> | - | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Member** ⚠️ Legacy role<p>Users with this role you can create Rooms and invite other Members.</p><p>They can only see the Rooms they belong to and all Nodes in the All Nodes Room.</p> | - | - | - | - |
## Which functionalities are available for each role?
In more detail, you can find on the following tables which functionalities are available for each role in each domain.
## Features
### Space Management
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** |
|:-----------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|
| See Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Leave Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Delete Space | :heavy_check_mark: | - | - | - | - | - |
| Change name | :heavy_check_mark: | - | - | - | - | - |
| Change description | :heavy_check_mark: | - | - | - | - | - |
| Change slug | :heavy_check_mark: | - | - | - | - | - |
| Change preferred nodes | :heavy_check_mark: | - | - | - | - | - |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:-----------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|
| See Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Leave Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Delete Space | :heavy_check_mark: | - | - | - | - |
| Change name | :heavy_check_mark: | - | - | - | - |
| Change description | :heavy_check_mark: | - | - | - | - |
| Change slug | :heavy_check_mark: | - | - | - | - |
| Change preferred nodes | :heavy_check_mark: | - | - | - | - |
### Node Management
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes |
|:------------------------------------------|:------------------:|:------------------:|:------------------:|:------------:|:-----------:|:------------------:|:-------------------------------------------|
| See all Nodes in Space (_All Nodes_ Room) | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | Members are always on the _All Nodes_ Room |
| Connect Node to Space | :heavy_check_mark: | - | - | - | - | - | - |
| Delete Node from Space | :heavy_check_mark: | - | - | - | - | - | - |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:------------------------------------------|:------------------:|:------------------:|:------------------:|:------------:|:-----------:|
| See all Nodes in Space (_All Nodes_ Room) | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Connect Node to Space | :heavy_check_mark: | - | - | - | - |
| Delete Node from Space | :heavy_check_mark: | - | - | - | - |
### User Management
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes |
|:-----------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:----------------------------------------------------------------------------------------------|
| See all Users in Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | |
| Invite new User to Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | You can't invite a user with a role you don't have permissions to appoint to (see below) |
| Delete Pending Invitation to Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | |
| Delete User from Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | You can't delete a user if he has a role you don't have permissions to appoint to (see below) |
| Appoint Administrators | :heavy_check_mark: | - | - | - | - | - | |
| Appoint Billing user | :heavy_check_mark: | - | - | - | - | - | |
| Appoint Managers | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| Appoint Troubleshooters | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| Appoint Observer | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| Appoint Member | :heavy_check_mark: | - | - | - | - | :heavy_check_mark: | Only available on Early Bird plans |
| See all Users in a Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | |
| Invite existing user to Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | User already invited to the Space |
| Remove user from Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:-----------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|
| See all Users in Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Invite new User to Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Delete Pending Invitation to Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Delete User from Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Appoint Administrators | :heavy_check_mark: | - | - | - | - |
| Appoint Billing user | :heavy_check_mark: | - | - | - | - |
| Appoint Managers | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Appoint Troubleshooters | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Appoint Observer | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Appoint Member | :heavy_check_mark: | - | - | - | - |
| See all Users in a Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Invite existing user to Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Remove user from Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
### Room Management
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes |
|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:-----------------------------------------------------------------------------------|
| See all Rooms in a Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| Join any Room in a Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | By joining a Room you will be enabled to get notifications from nodes on that Room |
| Leave Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | |
| Create a new Room in a Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | |
| Delete Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| Change Room name | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | If not the _All Nodes_ Room |
| Change Room description | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | |
| Add existing Nodes to Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | Node already connected to the Space |
| Remove Nodes from Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | :heavy_check_mark: | |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|
| See all Rooms in a Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Join any Room in a Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Leave Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Create a new Room in a Space | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Delete Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Change Room name | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Change Room description | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Add existing Nodes to Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Remove Nodes from Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
### Notifications Management
### Notification Management
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes |
|:--------------------------------------------------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| See all configured notifications on a Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | |
| Add new configuration | :heavy_check_mark: | - | - | - | - | - | |
| Enable/Disable configuration | :heavy_check_mark: | - | - | - | - | - | |
| Edit configuration | :heavy_check_mark: | - | - | - | - | - | Some exceptions apply depending on [service level](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/manage-notification-methods.md#available-actions-per-notification-method-based-on-service-level) |
| Delete configuration | :heavy_check_mark: | - | - | - | - | - | |
| Edit personal level notification settings | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | [Manage user notification settings](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/manage-notification-methods.md#manage-user-notification-settings) |
| See space alert notification silencing rules | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | - | |
| Add new space alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| Enable/Disable space alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| Edit space alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| Delete space alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | |
| See, add, edit or delete personal level alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | Notes |
|:--------------------------------------------------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| See all configured notifications on a Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | |
| Add new configuration | :heavy_check_mark: | - | - | - | - | |
| Enable/Disable configuration | :heavy_check_mark: | - | - | - | - | |
| Edit configuration | :heavy_check_mark: | - | - | - | - | Some exceptions apply depending on [service level](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/manage-notification-methods.md#available-actions-per-notification-method-based-on-service-level) |
| Delete configuration | :heavy_check_mark: | - | - | - | - | |
| Edit personal level notification settings | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | [Manage user notification settings](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/manage-notification-methods.md#manage-user-notification-settings) |
| See Space Alert notification silencing rules | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | |
| Add new Space Alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | |
| Enable/Disable Space Alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | |
| Edit Space Alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | |
| Delete Space Alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | - | - | - | |
| See, add, edit or delete personal level Alert notification silencing rule | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | |
> **Note**
>
> Enable, Edit and Add actions over specific notification methods will only be allowed if your plan has access to those ([service classification](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/centralized-cloud-notifications-reference.md#service-classification))
> Enable, Edit and Add actions over specific notification methods will only be allowed if your plan has access to those (see [service classification](/docs/alerts-and-notifications/notifications/centralized-cloud-notifications/centralized-cloud-notifications-reference.md#service-classification))
### Dashboards
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** |
|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|
| See all dashboards in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: |
| Add new dashboard to Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: |
| Edit any dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: |
| Edit own dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: |
| Delete any dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: |
| Delete own dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|
| See all dashboards in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Add new dashboard to Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Edit any dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - |
| Edit own dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Delete any dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - |
| Delete own dashboard in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
### Functions
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes |
|:-------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:---------------------------------------------------------------------|
| See all functions in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | :: |
| Run any function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | :: |
| Run read-only function in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | :: |
| Run sensitive function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - | There isn't any function on this category yet, so subject to change. |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:-------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|
| See all functions in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Run any function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Run read-only function in Room | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Run sensitive function in Room | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
### Events feed
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes |
|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|:-----------------------------------------------|
| See Alert or Topology events | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: | |
| See Auditing events | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | These are coming soon, not currently available |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:-----------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|
| See Alert or Topology events | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| See Auditing events | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
### Billing
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** | Notes |
|:---------------------------|:------------------:|:-----------:|:------------------:|:------------:|:------------------:|:----------:|:----------------------------------------------------------------|
| See Plan & Billing details | :heavy_check_mark: | - | - | - | :heavy_check_mark: | - | Current plan and usage figures |
| Update plans | :heavy_check_mark: | - | - | - | - | - | This includes cancelling current plan (going to Community plan) |
| See invoices | :heavy_check_mark: | - | - | - | :heavy_check_mark: | - | |
| Manage payment methods | :heavy_check_mark: | - | - | - | :heavy_check_mark: | - | |
| Update billing email | :heavy_check_mark: | - | - | - | :heavy_check_mark: | - | |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | Notes |
|:---------------------------|:------------------:|:-----------:|:------------------:|:------------:|:------------------:|:----------------------------------------------------------------|
| See Plan & Billing details | :heavy_check_mark: | - | - | - | :heavy_check_mark: | Current plan and usage figures |
| Update plans | :heavy_check_mark: | - | - | - | - | This includes cancelling current plan (going to Community plan) |
| See invoices | :heavy_check_mark: | - | - | - | :heavy_check_mark: | |
| Manage payment methods | :heavy_check_mark: | - | - | - | :heavy_check_mark: | |
| Update billing email | :heavy_check_mark: | - | - | - | :heavy_check_mark: | |
### Dynamic Configuration Manager
Netdata Cloud paid subscription required for all action except "List All".
> **Note**
>
> Netdata Cloud paid subscription required for all actions except "List All".
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** |
|:--------------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|
| List All (see all configurable items) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Enable/Disable | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - |
| Add | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - |
| Update | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - |
| Remove | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - |
| Test | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - |
| View | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - |
| View File Format | :heavy_check_mark: | :heavy_check_mark: | - | - | - | - |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:--------------------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|
| List All (see all configurable items) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Enable/Disable | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Add | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Update | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Remove | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| Test | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| View | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
| View File Format | :heavy_check_mark: | :heavy_check_mark: | - | - | - |
### Other permissions
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** | **Member** |
|:---------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|:------------------:|
| See Bookmarks in Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: |
| Add Bookmark to Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: |
| Delete Bookmark from Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - | :heavy_check_mark: |
| See Visited Nodes | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: |
| Update Visited Nodes | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | :heavy_check_mark: |
| **Functionality** | **Admin** | **Manager** | **Troubleshooter** | **Observer** | **Billing** |
|:---------------------------|:------------------:|:------------------:|:------------------:|:------------------:|:-----------:|
| See Bookmarks in Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Add Bookmark to Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - |
| Delete Bookmark from Space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - | - |
| See Visited Nodes | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |
| Update Visited Nodes | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | - |