This section walks you through the most essential Axiom settings.
Role-Based Access Control (RBAC) enables organizations to manage and restrict access to their data and resources efficiently. You can find and configure RBAC settings in the Access section located within the settings page in Axiom.
The Access section consists of the following components:
- API tokens
Each of these components plays an important role in defining access to Axiom.
API tokens in Axiom are used to authenticate and authorize access to datasets for querying and/or ingesting data.
Generating an API token
Navigate to Settings and select API tokens.
Click on New API token.
Enter a name and description for the token.
Choose the desired permissions: Ingest, Query, or Both.
Select the dataset access level: Allow access to any dataset, or Allow access to specific datasets only.
Copy the generated token to your clipboard. Remember, once you navigate away from the page, you won’t be able to view the token again.
For security reasons, it is recommended to assign the minimum required permissions to your API tokens. This approach reduces the impact of a compromised token.
Roles are sets of capabilities that define which actions a user can perform at both the organization and dataset levels.
Axiom provides a set of default roles for all organizations:
Owner: Assigns all capabilities across the entire Axiom platform.
Admin: Assigns administrative capabilities but not Billing capabilities, which are reserved for Owners.
User: Assigns standard access for regular users.
Read-only: Assigns read capabilities for datasets, plus read access on various resources like dashboards, monitors, notifiers, users, queries, starred queries, and virtual fields.
None: Assigns zero capabilities, useful for adopting the principle of least privilege when inviting new users. Users with this default role can have specific capabilities built up through Roles assigned to a Group.
Prerequisites for creating roles
Custom roles can be created in Axiom organizations on the Enterprise plan. Users must have the create permission for the access control capability assigned in order to create custom roles, which is enabled for the default Owner and Admin roles.
Creating a custom role
- Navigate to Roles and select New role.
- Enter the name and description of the role.
- Assign capabilities: Roles can be assigned various permissions (create, read, update, and delete) across capabilities like Access control, API tokens, dashboards, and datasets.
Assigning capabilities to roles
Role creation is split into organization-level and dataset-level capabilities. Each capability has options to assign create, read, update, or delete (CRUD) permissions.
Organization-level capabilities define access for various parts of an Axiom organization.
- Access control: Full CRUD.
- API tokens: Full CRUD.
- Apps: Full CRUD.
- Billing: Read and update only.
- Dashboards: Full CRUD.
- Datasets: Full CRUD.
- Endpoints: Full CRUD.
- Monitors: Full CRUD.
- Notifiers: Full CRUD.
- Shared Access Key: Read and update only.
- Users: Full CRUD.
Refer to the table below to learn more about these organization-level capabilities:
|Access control||User can create custom roles and groups.||User can view the list of existing roles and groups.||User can update the and description of roles and groups, and modify permissions.||User can delete custom roles or groups.|
|API tokens||User can create an API token with access to the datasets their user has access to.||User can access the list of tokens that have been in their organization.||User can regenerate a token from the list of tokens in an organization.||User can delete API tokens created in their organization.|
|Apps||User can create a new app.||Users can access the list of installed apps in their organization.||Users can modify the existing apps in their organization.||User can disconnect apps installed in their organization.|
|Billing||—||User can access billing settings.||User can change the organization plan.||—|
|Dashboards||User can create new dashboards.||User can access their own dashboards and those created by other users in their organization.||User can modify dashboard titles and descriptions. User can add, resize, and delete charts from dashboards.||User can delete a dashboard from their organization.|
|Datasets||User can create a new dataset.||Users can access the list of datasets in an organization, and their associated fields.||User can trim a dataset, and modify dataset fields.||User can delete a dataset from their organization.|
|Endpoints||User can create a new endpoint.||User can access the list of existing endpoints in an organization.||Users can rename an endpoint and modify which dataset data is ingested into.||User can delete an endpoint from their organization.|
|Monitors||User can create a monitor.||User can access the list of monitors in their organization. User can also review the monitor status.||Users can modify a monitor configuration in their organization.||Users can delete monitors that have been created in their organization.|
|Notifiers||User can create a new notifier in their organization.||User can access the list of notifiers in their organization.||User can update existing notifiers in their organization. User can snooze a notifier.||User can delete notifiers that have been created in their organization.|
|Users||Users can invite new users to an organization.||User can access the list of users that are part of their organization.||User can update user roles and information within the organization.||Users can remove other users from their organization and delete their own account.|
|Shared Access Keys||—||User can access shared access keys in their organization.||User can update shared access keys in their organization.||—|
Dataset-level capabilities provide fine-grained control over access to datasets. For flexibility, the following capabilities can be assigned for all datasets, or individual datasets.
- Ingest: Create only.
- Query: Read only.
- Starred queries: Full CRUD.
- Virtual fields: Full CRUD.
Refer to the table below to learn more about these dataset-level capabilities:
|Ingest||User can ingest events to the specified dataset(s).||—||—||—|
|Starred queries||User can create a starred query for the specified dataset(s).||User can access the list of starred queries in their organization.||User can modify an existing starred query in their organization.||User can delete a starred query from a dataset.|
|Virtual fields||User can create a new virtual field for the specified dataset(s).||User can see the list of virtual fields for the specified dataset(s).||User can modify the definition of a virtual field for the specified dataset(s).||User can delete a virtual field from a dataset.|
|Query||—||User can query events from the specified dataset(s).||—||—|
Groups, which are available to Axiom organizations on the Enterprise plan, connect users with roles, making it easier to manage access control at scale.
Organizations might create groups for areas of their business like Security, Infrastructure, or Business Analytics, with specific roles assigned to serve the unique needs of these domains.
Since groups connect users with one or many roles, users’ complete set of capabilities are derived from the additive union of their base role, plus any roles assigned through group membership.
Creating a New Group
Navigate to Groups and select New group.
Enter the name and description of the group.
- Add users to the group. Clicking on Add users will display a list of available users.
- Add roles to the group by clicking Add roles, which will present a list of available roles.
Users in Axiom are the individual accounts that have access to an organization. Users are assigned a base role when joining an organization, which is configured during the invite step. For organizations on an Enterprise plan, additional roles can be added through Group membership.
- Navigate to Settings and select Users.
- Review and manage the list of users and assign default or custom base roles as desired.
Access for a user is the additive union of capabilities assigned through their default role, plus any capabilities included in roles assigned through group membership.
Enrich your Axiom organization with a catalogue of integrations, migrations tools, and dedicated apps, and gain complete visibility into any platform, and get alerts on your errors to stay ahead of issues.
By properly monitoring your integrations with Axiom, you can spot slowdowns, hiccups, bad requests, errored requests, and function cache performance and know which actions to take to correct these issues before there are user-facing consequences.
Manage datasets for your organization, including creating new datasets or deleting existing datasets.
Datasets are a collection of similar events. When data is sent to Axiom it is stored in a dataset.
Dataset names must be between 1-128 characters, and may only contain ASCII alphanumeric characters and the '-' character.
To create a dataset, enter the name and description of your dataset.
Once created, you can import files into your datasets in supported formats such as NDJSON, JSON, or CSV. Additionally, you have the options to trim the dataset and delete it as needed.
Endpoints allow you to easily integrate Axiom into your existing data flow using tools and libraries that you already know. With Endpoints, you can build and configure your existing tooling to send data to Axiom so you can start monitoring your logs immediately.
Manage your project billing, view your current plan, and explore the total usage of each component during your current billing period up to the last hour.
You can upgrade your organization to a free 14-day trial. Axiom will not charge you during the first 14 days of your Axiom Pro trial. You can cancel at any time during the trial period without incurring any cost.
At the end of the trial period, your account will automatically convert to a paid plan.
On the Billings dashboard you can get the total usage of each running component during the current billing period up to the last hour and beyond.
You can see the license and configurations for your organization by selecting License this lets you know:
- How much data you can ingest.
- Monthly ingest limit (GB).
- Maximum endpoints.
- Maximum datasets you can have.
- Maximum fields per dataset.
- Maximum monitors.
- Maximum number of Users.
- Maximum number of Teams.
- Maximum query window.
View your contact details, edit your timezone, view and manage your active sessions, and create your personal token from your organization profile.
To generate a Personal Token:
- Go to settings, and select Profile.
- Click on Add personal Token.
- Provide a Name and Description for your token, then click on ADD.
- Copy the generated token to your clipboard. It's important to note that once you navigate away from the Personal Token page, you won't be able to see this token again. If you need to access the token later, you will have to regenerate it or create a new Personal Token.
- Personal token grants access to all resources available to the user. It is useful for programmatic access to the Axiom API, facilitating custom integrations or usage with tools like the Axiom CLI. When using the the Personal Token, you will need the
AXIOM_ORG_IDfor programmatic access.