This section walks you through the most essential Axiom settings.

Access Overview

Role-Based Access Control (RBAC) enables organizations to manage and restrict access to their data and resources efficiently. You can find and configure RBAC settings in the Access section located within the settings page in Axiom.

The Access section consists of the following components:

  • API tokens
  • Groups
  • Roles
  • Users

Each of these components plays an important role in defining access to Axiom.

API tokens

You can use the Axiom API and CLI to programmatically ingest data and manage your organisation settings. For example, you can add new notifiers and change existing monitors with API requests. To prove that these requests come from you, you must include forms of authentication called tokens in your API requests. One form of authentication is an API token. API tokens let you control the actions that can be performed with the token. For example, you can specify that requests authenticated with a certain API token can only query data from a particular dataset. For more information, see Tokens.

Roles

Roles are sets of capabilities that define which actions a user can perform at both the organization and dataset levels.

Default roles

Axiom provides a set of default roles for all organizations:

  • Owner: Assigns all capabilities across the entire Axiom platform.

  • Admin: Assigns administrative capabilities but not Billing capabilities, which are reserved for Owners.

  • User: Assigns standard access for regular users.

  • Read-only: Assigns read capabilities for datasets, plus read access on various resources like dashboards, monitors, notifiers, users, queries, starred queries, and virtual fields.

  • None: Assigns zero capabilities, useful for adopting the principle of least privilege when inviting new users. Users with this default role can have specific capabilities built up through Roles assigned to a Group.

Prerequisites for creating roles

Custom roles can be created in Axiom organizations on the Enterprise plan. Users must have the create permission for the access control capability assigned in order to create custom roles, which is enabled for the default Owner and Admin roles.

Creating a custom role

  1. Navigate to Roles and select New role.
  2. Enter the name and description of the role.
  3. Assign capabilities: Roles can be assigned various permissions (create, read, update, and delete) across capabilities like Access control, API tokens, dashboards, and datasets.

Create a custom role

Assigning capabilities to roles

Role creation is split into organization-level and dataset-level capabilities. Each capability has options to assign create, read, update, or delete (CRUD) permissions.

Organization-level capabilities define access for various parts of an Axiom organization.

  • Access control: Full CRUD.
  • API tokens: Full CRUD.
  • Apps: Full CRUD.
  • Billing: Read and update only.
  • Dashboards: Full CRUD.
  • Datasets: Full CRUD.
  • Endpoints: Full CRUD.
  • Monitors: Full CRUD.
  • Notifiers: Full CRUD.
  • Shared Access Key: Read and update only.
  • Users: Full CRUD.

Refer to the table below to learn more about these organization-level capabilities:

OrganizationCreateReadUpdateDelete
Access controlUser can create custom roles and groups.User can view the list of existing roles and groups.User can update the and description of roles and groups, and modify permissions.User can delete custom roles or groups.
API tokensUser can create an API token with access to the datasets their user has access to.User can access the list of tokens that have been in their organization.User can regenerate a token from the list of tokens in an organization.User can delete API tokens created in their organization.
AppsUser can create a new app.Users can access the list of installed apps in their organization.Users can modify the existing apps in their organization.User can disconnect apps installed in their organization.
BillingUser can access billing settings.User can change the organization plan.
DashboardsUser can create new dashboards.User can access their own dashboards and those created by other users in their organization.User can modify dashboard titles and descriptions. User can add, resize, and delete charts from dashboards.User can delete a dashboard from their organization.
DatasetsUser can create a new dataset.Users can access the list of datasets in an organization, and their associated fields.User can trim a dataset, and modify dataset fields.User can delete a dataset from their organization.
EndpointsUser can create a new endpoint.User can access the list of existing endpoints in an organization.Users can rename an endpoint and modify which dataset data is ingested into.User can delete an endpoint from their organization.
MonitorsUser can create a monitor.User can access the list of monitors in their organization. User can also review the monitor status.Users can modify a monitor configuration in their organization.Users can delete monitors that have been created in their organization.
NotifiersUser can create a new notifier in their organization.User can access the list of notifiers in their organization.User can update existing notifiers in their organization. User can snooze a notifier.User can delete notifiers that have been created in their organization.
UsersUsers can invite new users to an organization.User can access the list of users that are part of their organization.User can update user roles and information within the organization.Users can remove other users from their organization and delete their own account.
Shared Access KeysUser can access shared access keys in their organization.User can update shared access keys in their organization.

Dataset-level capabilities provide fine-grained control over access to datasets. For flexibility, the following capabilities can be assigned for all datasets, or individual datasets.

  • Ingest: Create only.
  • Query: Read only.
  • Starred queries: Full CRUD.
  • Virtual fields: Full CRUD.

Refer to the table below to learn more about these dataset-level capabilities:

DatasetsCreateReadUpdateDelete
IngestUser can ingest events to the specified dataset(s).
Starred queriesUser can create a starred query for the specified dataset(s).User can access the list of starred queries in their organization.User can modify an existing starred query in their organization.User can delete a starred query from a dataset.
Virtual fieldsUser can create a new virtual field for the specified dataset(s).User can see the list of virtual fields for the specified dataset(s).User can modify the definition of a virtual field for the specified dataset(s).User can delete a virtual field from a dataset.
QueryUser can query events from the specified dataset(s).

Groups

Groups, which are available to Axiom organizations on the Enterprise plan, connect users with roles, making it easier to manage access control at scale.

Organizations might create groups for areas of their business like Security, Infrastructure, or Business Analytics, with specific roles assigned to serve the unique needs of these domains.

Since groups connect users with one or many roles, users’ complete set of capabilities are derived from the additive union of their base role, plus any roles assigned through group membership.

Creating a New Group

  1. Navigate to Groups and select New group.

  2. Enter the name and description of the group.

Create a group

  1. Add users to the group. Clicking on Add users will display a list of available users.

Create a group with users

  1. Add roles to the group by clicking Add roles, which will present a list of available roles.

Users

Users in Axiom are the individual accounts that have access to an organization. Users are assigned a base role when joining an organization, which is configured during the invite step. For organizations on an Enterprise plan, additional roles can be added through Group membership.

Managing Users

  1. Navigate to Settings and select Users.
  2. Review and manage the list of users and assign default or custom base roles as desired.

Create a group

Access for a user is the additive union of capabilities assigned through their default role, plus any capabilities included in roles assigned through group membership.

Data

Apps

Enrich your Axiom organization with a catalogue of migrations tools, and dedicated apps, and gain complete visibility into any platform, and get alerts on your errors to stay ahead of issues.

By properly monitoring your apps with Axiom, you can spot slowdowns, hiccups, bad requests, errored requests, and function cache performance and know which actions to take to correct these issues before there are user-facing consequences.

Check out supported Apps

Apps overview

Dataset

Manage datasets for your organization, including creating new datasets or deleting existing datasets.

Datasets are a collection of similar events. When data is sent to Axiom it is stored in a dataset.

Dataset names must be between 1-128 characters, and may only contain ASCII alphanumeric characters and the ’-’ character.

To create a dataset, enter the name and description of your dataset.

Auth overview

Once created, you can import files into your datasets in supported formats such as NDJSON, JSON, or CSV. Additionally, you have the options to trim the dataset and delete it as needed.

Datasets Auth overview

Endpoints

Endpoints allow you to easily integrate Axiom into your existing data flow using tools and libraries that you already know. With Endpoints, you can build and configure your existing tooling to send data to Axiom so you can start monitoring your logs immediately.

Endpoints

Organization

Billing

Manage your project billing, view your current plan, and explore the total usage of each component during your current billing period up to the last hour.

You can upgrade your organization to a free 14-day trial. Axiom will not charge you during the first 14 days of your Axiom Pro trial. You can cancel at any time during the trial period without incurring any cost.

At the end of the trial period, your account will automatically convert to a paid plan.

On the Billings dashboard you can get the total usage of each running component during the current billing period up to the last hour and beyond.

Billing

License

You can see the license and configurations for your organization by selecting License this lets you know:

  • How much data you can ingest.
  • Monthly ingest limit (GB).
  • Maximum endpoints.
  • Maximum datasets you can have.
  • Maximum fields per dataset.
  • Maximum monitors.
  • Maximum number of Users.
  • Maximum number of Teams.
  • Maximum query window.

Auth overview

Account

Profile

View your contact details, edit your timezone, view and manage your active sessions, and create your personal token from your organization profile.

Profile

Personal Token

You can use the Axiom API and CLI to programmatically ingest data and manage your organisation settings. For example, you can add new notifiers and change existing monitors with API requests. To prove that these requests come from you, you must include forms of authentication called tokens in your API requests. One form of authentication is a personal access token (PAT). PATs provide full control over your Axiom account. Requests authenticated with a PAT can perform every action you can perform in Axiom. For more information, see Tokens.