Database Performance Monitor has the concept of an environment, which is a set of hosts. You can use this to organize your hosts around logical divisions such as development, staging, and production. The environment selector is located at the top left of the page (the SolarWinds logo), and allows you to switch between environments.
Users of the web application and API use tokens to authenticate to DPM’s systems. API tokens are associated with one and only one environment, so there is strong isolation at the API level. Environments are isolated and there is no way to access more than one environment at a time, either from the APIs or from the web application. The web application’s access to our systems is via the same APIs, so there is no exception or special-case to the API token isolation.
API tokens are normally associated with a single user, but there is also an environment token, which can be found in the New Host dialog (it is easiest to find by selecting “Containerized”):
This token is normally the one you should use in your agent configuration file and during installation. Because this token is not associated to an individual user, you can revoke a team member’s access to DPM and invalidate their token, without interfering with the flow of data from agents.
Environments belong to organizations. When you sign up for DPM, we create an organization for you. However, users can be affiliated with one or many organizations and environments within those organizations. This supports the common use case of a user who consults with many customers. In this scenario, the customers would grant the consultant access to their environments, and the consultant would need only a single user account, and would be able to switch between customers’ organizations and environments without needing to log out and log in again.
You can manage the users who have access to an environment by accessing the Settings page and going to the Teams tab. You can add or remove teams from there.
For clients not using automated provisioning there are two ways to invite your coworkers to DPM. You can go to Settings, and then under “Organization Settings” select People. You can also click the Add icon (the plus) at the bottom of the left-hand nav in the app and click “Invite Coworkers.” Note that for accounts using RBAC, you must have sufficient privileges in order to add people to the application.
When new users are added to the application they are automatically assigned to the Everyone team (see below). If the Everyone team is not assigned to at least one Environment, you will also need to select at least one other Environment to assign the user to. This is to ensure that a new user accessing DPM will have access to an Environment.
You can also re-invite a user whose invitation has expired from the People page.
To remove a user from the application, click the trash can icon next to their name. Note, again, that you must have sufficient privileges to edit the users who have access to the application. Accounts using provisioning provided by an Identity Provider (One Login, Okta, or Azure) will remove users from the application using the IdP.
Teams are groups of people in your organization. You can add as many teams as you need in order to manage privileges more efficiently.
To manage the teams of your organization, go to the Settings page, and click on the Teams tab under the Organization Settings section.
You can manage the list of members in a team by clicking the edit icon that follows the team’s name in the list. An alternative way to remove a member from a team is by setting the mouse pointer over the member’s avatar and clicking on the trash bin icon that replaces its image.
You can also rename or delete a team by clicking on the gear icon at the extreme right of the screen.
There are two special teams that are pre-created for all accounts.
The Everyone Team
The Everyone team contains all the people of your organization. It is automatically populated, and cannot be deleted, renamed, or updated. It can be affiliated with an environment though; doing so will allow you to grant new users access to an environment by default.
The Owners Team
The Owners team cannot be deleted or renamed, but users can be added or removed from it. Users in the Owners team are granted access to all environments by default. For Premium-tier organizations, it is the team of people that have permissions to do anything in the account. Among other things, this includes setting up billing, removing people from teams, and even shutting down the account.
To change the single designated account owner, please contact Support.
Environments and Teams
In order to manage access to an environment, you need to assign a set of teams to it. To do this go to the Settings page, to the Teams tab under the Environment Settings section.
For Premium-tier organizations, teams can be assigned roles with different permissions. For information about how permissions work, refer to Role-Based Access Control.