Sysdig Monitor Team Roles
Standard User
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor Manage access to Advisor | Advisor | READ | Access Advisor |
| Kubernetes API | READ | Kubernetes API feature | |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts Manage access to Alerts | Alert Events | EDIT | Acknowledge an event triggered by an alert in the events feed in scope of a team |
| Alert Events | READ | Access the events generated by triggered alerts in scope of a team | |
| Alerts | EDIT | Modify alerts in scope of a team | |
| Alerts | READ | Access the alerts in scope of a team | |
| Captures / Investigate Manage access to Captures / Investigate | Captures | EDIT | Modify captures |
| Captures | READ | Access captures | |
| Captures | VIEW | View captures in the UI | |
| Dashboards Manage access to dashboards | Dashboard Metrics Data | READ | N/A |
| Dashboards | EDIT | Modify dashboards in scope of a team | |
| Dashboards | READ | Access dashboards in scope of a team | |
| Data Access Settings Manage access to Data Settings | Datastream | READ | Access data stream configuration |
| Groupings | EDIT | Create and edit custom groupings | |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data associated with a time series. | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| PromQL Metadata | READ | Access Prometheus metrics and labels | |
| Events Manage access to Events | Custom Events | EDIT | Acknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API | |
| Explore / Metrics Manage access to Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | READ | Use metric querying with Explore | |
| Integrations | Custom Integrations | EDIT | Modify custom integrations in spotlight |
| Custom Integrations | READ | Access custom integrations in spotlight | |
| Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the terraform snippet. | |
| Infrastructure | READ | View discovered infrastructure | |
| Integrations | READ | View discovered workload integrations | |
| Monitoring Integrations | EDIT | Change monitoring integration type or status | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Monitoring Integrations | VALIDATE | Change monitoring integration status to Pending Metrics | |
| Providers | READ | Related to cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Spotlight | READ | Access spotlight | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| Alert Downtimes | READ | List alert downtimes for the customer | |
| API Access Token | EDIT | Reset users API token in scope of a team | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Events Forwarder | READ | Access event forwarding configuration | |
| Global Notification Channels | READ | Access global notification channels | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Storage | READ | View Sysdig storage configuration |
View Only
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor Manage access to Advisor | Advisor | READ | Access Advisor |
| Kubernetes API | READ | Kubernetes API feature | |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts Manage access to Alerts | Alert Events | READ | Access the events generated by triggered alerts in scope of a team |
| Alerts | READ | Access the alerts in scope of a team | |
| Captures / Investigate Manage access to Captures / Investigate | Captures | READ | Access captures |
| Captures | VIEW | View captures in the UI | |
| Dashboards Manage access to dashboards | Dashboard Metrics Data | READ | N/A |
| Dashboards | READ | Access dashboards in scope of a team | |
| Data Access Settings Manage access to Data Settings | Datastream | READ | Access data stream configuration |
| Groupings | EDIT | Create and edit custom groupings | |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data associated with a time series. | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| PromQL Metadata | READ | Access Prometheus metrics and labels | |
| Events Manage access to Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Explore / Metrics Manage access to Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | READ | Metric querying with Explore | |
| Integrations | Custom Integrations | READ | Access custom integrations in spotlight |
| File Storage Config | READ | N/A | |
| Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the terraform snippet. | |
| Infrastructure | READ | View discovered infrastructure | |
| Integrations | READ | View discovered workload integrations | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Monitoring Integrations | VALIDATE | Change monitoring integration status to Pending Metrics | |
| Providers | READ | Related to cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Spotlight | READ | Access spotlight | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| Alert Downtimes | READ | List alert downtimes for the user. | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Events Forwarder | READ | Access event forwarding configuration | |
| Global Notification Channels | READ | Access global notification channels | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Storage | READ | View Sysdig storage configuration |
Team Manager
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor | Advisor | READ | Access Advisor |
| Kubernetes API | READ | Kubernetes API feature | |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts | Alert Events | EDIT | Acknowledge an event triggered by an alert in the events feed in scope of a team |
| Alert Events | READ | Access the events generated by triggered alerts in scope of a team | |
| Alerts | EDIT | Modify alerts in scope of a team | |
| Alerts | READ | Access the alerts in scope of a team | |
| Captures / Investigate | Captures | EDIT | Modify captures |
| Captures | READ | Access captures | |
| Captures | VIEW | View captures in the UI | |
| Dashboards | Dashboard Metrics Data | READ | N/A |
| Dashboards | EDIT | Modify dashboards in scope of a team | |
| Dashboards | READ | Access dashboards in scope of a team | |
| Data Access Settings | Groupings | EDIT | Create and edit custom groupings |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data associated with a time series. | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| PromQL Metadata | READ | Access Prometheus metrics and labels | |
| Events | Custom Events | EDIT | Acknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API | |
| Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | EDIT | N/A | |
| Explore | READ | Metric querying with Explore | |
| Shared Groupings with Team | TOGGLE | Whether the user can share a custom Explore Grouping to the team. | |
| Integrations | Custom Integrations | EDIT | Modify custom integrations in spotlight |
| Custom Integrations | READ | Access custom integrations in spotlight | |
| Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the terraform snippet. | |
| Infrastructure | READ | View discovered infrastructure | |
| Integrations | READ | View discovered workload integrations | |
| Monitoring Integrations | EDIT | Change monitoring integration type or status | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Monitoring Integrations | VALIDATE | Change monitoring integration status to Pending Metrics | |
| Providers | READ | Related to cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Spotlight | READ | Access spotlight | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| Alert Downtimes | READ | List alert downtimes for the customer | |
| API Access Token | EDIT | Reset users API token in scope of a team | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Events Forwarder | READ | Access event forwarding configuration | |
| Global Notification Channels | READ | Access global notification channels | |
| Notification Channels | EDIT | Modify notification channels in scope of a team | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | EDIT | Modify service accounts in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Storage | READ | View Sysdig storage configuration | |
| Teams | MANAGE | Modify team settings without the ability to modify team membership for users |
Advanced User
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor | Advisor | READ | Access Advisor |
| Kubernetes API | READ | Kubernetes API feature | |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts | Alert Events | EDIT | Acknowledge an event triggered by an alert in the events feed in scope of a team |
| Alert Events | READ | Access the events generated by triggered alerts in scope of a team | |
| Alerts | EDIT | Modify alerts in scope of a team | |
| Alerts | READ | Access the alerts in scope of a team | |
| Captures / Investigate | Captures | EDIT | Modify captures |
| Captures | READ | Access captures | |
| Captures | VIEW | View captures in the UI | |
| Dashboards | Dashboard Metrics Data | READ | N/A |
| Dashboards | EDIT | Modify dashboards in scope of a team | |
| Dashboards | READ | Access dashboards in scope of a team | |
| Data Settings | Groupings | EDIT | Create and edit custom groupings |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data associated with a time series. | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| PromQL Metadata | READ | Access Prometheus metrics and labels | |
| Events | Custom Events | EDIT | Acknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API | |
| Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | EDIT | N/A | |
| Explore | READ | Metric querying with Explore | |
| Shared Groupings with Team | TOGGLE | Whether the user can share a custom Explore Grouping to the team. | |
| Integrations | Custom Integrations | EDIT | Modify custom integrations in spotlight |
| Custom Integrations | READ | Access custom integrations in spotlight | |
| Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the Terraform snippet. | |
| Infrastructure | READ | View discovered infrastructure | |
| Integrations | READ | View discovered workload integrations | |
| Monitoring Integrations | EDIT | Change monitoring integration type or status | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Monitoring Integrations | VALIDATE | Change monitoring integration status to Pending Metrics | |
| Providers | READ | Related to cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Spotlight | READ | Access spotlight | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| Alert Downtimes | READ | List alert downtimes for the customer | |
| API Access Token | EDIT | Reset users API token in scope of a team | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Events Forwarder | READ | Access event forwarding configuration | |
| Global Notification Channels | READ | Access global notification channels | |
| Notification Channels | EDIT | Modify notification channels in scope of a team | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Storage | READ | View Sysdig storage configuration |