End of life notice: Synthetics Permissions (June 2020)

Background

Prior to supporting Role Based Access Control (RBAC), Synthetics permissions were used to add an additional layer of security to the Synthetics product.

What is Happening?

As previously announced here, beginning on June 8th, 2020, Synthetics permissions will end of life and will no longer be available in Synthetics. RBAC users and roles will be automatically applied in Synthetics when Synthetics permissions are no longer available. We recommend taking some time to review and update your RBAC users and roles to make sure this change will have limited to no impact on your account (steps to configure RBAC).

Why?

As previously noted, Synthetics customers have been asking for RBAC for a while in order to take advantage of the benefits associated with a flexible automated permission system. The New Relic RBAC functionality provides the same level of user permissions as Synthetics permissions. Additionally, RBAC sub-accounts are able to inherit users created at the parent account and capture changes when user, roles, and permissions changes are made in RBAC.

Also, in order to view monitors in New Relic ONE, a Pro Synthetics account must be using RBAC.

What do I need to do?

Validate the RBAC settings for your account. RBAC users and roles are available to edit for Synthetics. RBAC will not be applied until Synthetics permissions are disabled.

Keep in mind that Synthetics permissions cannot be re-enabled once disabled. You’ll want to double check the RBAC settings for your account prior to disabling Synthetics permissions. See below for detailed steps for disabling Synthetics permissions and configuring RBAC.

FAQ

What happens if I don’t make any changes to my account?

Beginning June 8th, RBAC user and role permissions will be applied to all Synthetics accounts. Synthetics permissions will be disabled for all accounts and RBAC will be applied.

RBAC users and roles need to be set up to ensure that users permissions levels are not changed when Synthetics permissions is removed.

Does my account use Synthetics Permissions?

To check this, log in to Synthetics. If an account is using Synthetics permissions, there will be an option to select “Permissions”: between “Private locations” and “Monitors downtimes”.

How do I configure RBAC for Synthetics?

RBAC roles and permissions can be setup using the RBAC views under “Account settings” within your New Relic platform. More details can be found on the New Relic docs.

How do I disable Synthetics permissions for my account?

Navigate to the Synthetics permissions page. Replace your numeric account ID value with the [Account_ID] text in the URL.

Finding my account ID

From this page select the gear icon in the upper right-hand corner and select “Disable permissions”.

Disable%20permissions

This will disable Synthetics permissions and any existing RBAC settings will be applied to the account.

IMPORTANT Once Synthetics permissions are disabled, they cannot be re-enabled for an account.

Can I make it so only a few users can view/edit a group of Synthetics monitors with RBAC?

This is possible with RBAC, you’ll need to create a sub-account and limit the users who can access the sub-account using RBAC.

1 Like

When RBAC is applied how can i give monitor access to users category wise. Please provide the procedure to do the same. As now in Permission based access I have created groups category wise. I want to do the same in RBAC also.

Hi @ssirsikar - as described in the post, you have to create a separate sub account, which is not an ideal solution as you could potentially lose the visibility for APM or Browser tracing from failed synthetics which are running in a different account .

Thanks for answering that for @ssirsikar, Stefan :slight_smile:

Not an ideal solution, I agree, there are feature requests internally for similar grouping functionality within RBAC though, so for now Sub-Accounts are the best option.

1 Like