Role-based access control (RBAC) for logs

Edit online

You can use RBAC to configure which logs each user on a tenant can view.

Required privileges

Instana protects the RBAC settings. Only users who are assigned to the Instana owner group, or to a group with the required permission, can access and modify the team settings configuration.

Configure role-based access control

Assign viewing privileges to different teams to configure RBAC for logs.

To assign log access to a team, complete the following steps:
  1. From the navigation menu in the Instana UI, select Settings > Security & Access > Teams.
  2. Click New Team and enter a team name.
  3. Click the edit icon next to Team Scope.
  4. Scroll to Applications.
  5. Click Selected Application Perspectives and then click Add Application Perspectives.
  6. Filter and select the application perspectives that the team can view. Click Done.
To edit an existing team:
  1. Go to Settings > Security & Access > Teams.
  2. Select the team name from the table.
  3. Click the edit icon next to Team Scope.
  4. Scroll to Applications.
  5. Click Selected Application Perspectives and then click Add Application Perspectives.
  6. Filter and select the application perspectives that the team can view. Click Done.
Important: RBAC settings apply to the entire platform. They are not specific to Instana Logs in Context.

Users with access to multiple teams can switch between teams. Click the profile icon in the upper-right area and select the required scope from the list.

The following rules determine which logs users can view:
  • Unrestricted teams: Members of teams without defined application perspective restrictions defined can view all logs across the tenant. This access includes users in the default scope (users not assigned to any specific team).
  • Restricted teams: Members of teams with application perspective restrictions can view only logs associated with their assigned application perspectives.
  • Unassociated logs: Logs that are not associated with any application perspective are visible to all users, regardless of whether their team has application restrictions configured.