A Scorecard serves as a container for various rules that collectively assess adherence to defined standards. Scorecards use rules to monitor compliance across different entities and teams, identify areas for improvement, and ensure alignment with both internal and external requirements.
Default Scorecards access
New Relic provides default access to Scorecards through these standard roles:
Action | Required role |
|---|---|
View Scorecards | |
Create, update, and delete Scorecards and rules | Organization Product Admin or a custom Scorecards role |
You might need a custom role if the default permissions don't meet your organization's needs.
Scorecards capabilities
When building a custom role for Scorecards, use the permissions below. Scorecards permissions are organization-scoped.
Capability | Permission identifier |
|---|---|
Read Scorecards (also grants |
|
Create, update, and delete Scorecards |
|
Read Scorecard rules |
|
Create, update, and delete Scorecard rules |
|
Prerequisites
Before you begin, ensure you have:
- General NerdGraph requirements
- Organization Admin with
Organization Product Adminrole to create custom roles
Conseil
You can also create a custom role for Scorecards through the UI. For the permissions to select and the scope to use, see Scorecards capabilities.
To create a custom role via the NerdGraph API, perform the following steps:
Find the required permission IDs for Scorecards
Use the customerAdministration query to retrieve a list of capabilities, their permission IDs, and related information. Filter by scope: "organization" to get Scorecards permissions.
Input parameters
Parameter | Data Type | Is it Required? | Description |
|---|---|---|---|
| String | Yes | Set the value to |
Sample request
{ customerAdministration { permissions(filter: { scope: { eq: "organization" } }) { items { feature category id product } } }}Sample response
{ "data": { "customerAdministration": { "permissions": { "items": [ { "category": "READ", "feature": "Scorecards Rules", "id": "xxxxx", "product": "New Relic One" }, { "category": "MANAGE", "feature": "Scorecards Rules", "id": "xxxxx", "product": "New Relic One" }, { "category": "READ", "feature": "Scorecards", "id": "xxxxx", "product": "New Relic One" }, { "category": "MANAGE", "feature": "Scorecards", "id": "xxxxx", "product": "New Relic One" } ] } } }}From the response, identify and copy the permission IDs where feature is "Scorecards" or "Scorecards Rules" and category matches the access level you want to grant. You'll need these IDs in the next step.
Retrieve your organization ID
Retrieve your organization ID, which you'll use in subsequent mutations.
Sample request
{ actor { organization { id } }}Sample response
{ "data": { "actor": { "organization": { "id": "YOUR_ORGANIZATION_ID" } } }}Copy your organization ID from the response. You'll need it to create the custom role.
Create the custom role
Use the customRoleCreate mutation to create your custom role for Scorecards management.
Input parameters
Parameter | Data Type | Is it Required? | Description |
|---|---|---|---|
| String | Yes | The organization ID from the previous step. |
| String | Yes | Set to |
| String | Yes | The display name for the custom role. |
| Array of Integers | Yes | The Scorecards permission IDs identified in Step 1. |
| String | Yes | Set to |
Sample request
mutation { customRoleCreate( container: { id: "YOUR_ORGANIZATION_ID", type: "organization" } name: "Scorecards manager" permissionIds: [xxxxx, xxxxx] scope: "organization" ) { id }}Sample response
{ "data": { "customRoleCreate": { "id": 9999999 } }}Save the returned role ID — you'll need it to assign this role to a user group.
Add the custom role to a user group
After creating the custom role, assign it to a user group in New Relic.
Retrieve group IDs
Use the customerAdministration query to get a list of available user groups.
Input parameters
Parameter | Data Type | Is it Required? | Description |
|---|---|---|---|
| String | Yes | The organization ID from the previous step. |
Sample request
{ customerAdministration { groups(filter: { organizationId: { eq: "YOUR_ORGANIZATION_ID" } }) { nextCursor items { id name users { items { id email } } } } }}From the response, copy the group ID for the group you want to assign the Scorecards role to.
Assign the role to the group
Use the authorizationManagementGrantAccess mutation to assign the custom role to a user group.
Input parameters
Parameter | Data Type | Is it Required? | Description |
|---|---|---|---|
| String | Yes | The custom role ID from the previous step. |
| String | Yes | The group ID retrieved above. |
Sample request
mutation { authorizationManagementGrantAccess( grantAccessOptions: { organizationAccessGrants: { roleId: "YOUR_ROLE_ID" } groupId: "YOUR_GROUP_ID" } ) { roles { id name organizationId roleId groupId displayName } }}Sample response
{ "data": { "authorizationManagementGrantAccess": { "roles": [ { "displayName": "Scorecards manager", "groupId": null, "id": "99999999", "name": "scorecards_manager", "organizationId": "YOUR_ORGANIZATION_ID", "roleId": 99999 } ] } }}Manage existing custom roles
For more information about Scorecards, see the Scorecards documentation.