Get started with settings
This section explains how to configure Axiom settings.
Access
Role-Based Access Control (RBAC) enables organizations to manage and restrict access to their data and resources efficiently. You can find and configure RBAC settings in the Access section located within the settings page in Axiom.
The Access section consists of the following components:
- API tokens
- Groups
- Roles
- Users
Each of these components plays an important role in defining access to Axiom.
API tokens
You can use the Axiom API and CLI to programmatically ingest data and manage your organisation settings. For example, you can add new notifiers and change existing monitors with API requests. To prove that these requests come from you, you must include forms of authentication called tokens in your API requests. One form of authentication is an API token. API tokens let you control the actions that can be performed with the token. For example, you can specify that requests authenticated with a certain API token can only query data from a particular dataset. For more information, see Tokens.
Groups
Groups connect users with roles, making it easier to manage access control at scale.
Organizations might create groups for areas of their business like Security, Infrastructure, or Business Analytics, with specific roles assigned to serve the unique needs of these domains.
Since groups connect users with one or many roles, users’ complete set of capabilities are derived from the additive union of their base role, plus any roles assigned through group membership.
To create a new group:
- Navigate to Groups and select New group.
- Enter the name and description of the group.
- Add users to the group. Clicking on Add users will display a list of available users.
- Add roles to the group by clicking Add roles, which will present a list of available roles.
Roles
Roles are sets of capabilities that define which actions a user can perform at both the organization and dataset levels.
Role-based access control (RBAC) is available as an add-on if you’re on the Axiom Cloud plan, and it’s included by default on the Bring Your Own Cloud plan.
Default roles
Axiom provides a set of default roles for all organizations:
- Owner: Assigns all capabilities across the entire Axiom platform.
- Admin: Assigns administrative capabilities but not Billing capabilities, which are reserved for Owners.
- User: Assigns standard access for regular users.
- Read-only: Assigns read capabilities for datasets, plus read access on various resources like dashboards, monitors, notifiers, users, queries, starred queries, and virtual fields.
- None: Assigns zero capabilities, useful for adopting the principle of least privilege when inviting new users. Users with this default role can have specific capabilities built up through Roles assigned to a Group.
Create custom role
Users must have the create permission for the access control capability assigned in order to create custom roles, which is enabled for the default Owner and Admin roles.
- Navigate to Roles and select New role.
- Enter the name and description of the role.
- Assign capabilities: Roles can be assigned various permissions (create, read, update, and delete) across capabilities like Access control, API tokens, dashboards, and datasets.
Assign capabilities to roles
Role creation is split into organization-level and dataset-level capabilities. Each capability has options to assign create, read, update, or delete (CRUD) permissions.
Organization-level capabilities define access for various parts of an Axiom organization.
- Access control: Full CRUD.
- API tokens: Full CRUD.
- Apps: Full CRUD.
- Billing: Read and update only.
- Dashboards: Full CRUD.
- Datasets: Full CRUD.
- Endpoints: Full CRUD.
- Monitors: Full CRUD.
- Notifiers: Full CRUD.
- Shared Access Key: Read and update only.
- Users: Full CRUD.
Refer to the table below to learn more about these organization-level capabilities:
Organization | Create | Read | Update | Delete |
---|---|---|---|---|
Access control | User can create custom roles and groups. | User can view the list of existing roles and groups. | User can update the and description of roles and groups, and modify permissions. | User can delete custom roles or groups. |
API tokens | User can create an API token with access to the datasets their user has access to. | User can access the list of tokens that have been in their organization. | User can regenerate a token from the list of tokens in an organization. | User can delete API tokens created in their organization. |
Apps | User can create a new app. | Users can access the list of installed apps in their organization. | Users can modify the existing apps in their organization. | User can disconnect apps installed in their organization. |
Billing | — | User can access billing settings. | User can change the organization plan. | — |
Dashboards | User can create new dashboards. | User can access their own dashboards and those created by other users in their organization. | User can modify dashboard titles and descriptions. User can add, resize, and delete charts from dashboards. | User can delete a dashboard from their organization. |
Datasets | User can create a new dataset. | Users can access the list of datasets in an organization, and their associated fields. | User can trim a dataset, and modify dataset fields. | User can delete a dataset from their organization. |
Endpoints | User can create a new endpoint. | User can access the list of existing endpoints in an organization. | Users can rename an endpoint and modify which dataset data is ingested into. | User can delete an endpoint from their organization. |
Monitors | User can create a monitor. | User can access the list of monitors in their organization. User can also review the monitor status. | Users can modify a monitor configuration in their organization. | Users can delete monitors that have been created in their organization. |
Notifiers | User can create a new notifier in their organization. | User can access the list of notifiers in their organization. | User can update existing notifiers in their organization. User can snooze a notifier. | User can delete notifiers that have been created in their organization. |
Users | Users can invite new users to an organization. | User can access the list of users that are part of their organization. | User can update user roles and information within the organization. | Users can remove other users from their organization and delete their own account. |
Shared Access Keys | — | User can access shared access keys in their organization. | User can update shared access keys in their organization. | — |
Dataset-level capabilities provide fine-grained control over access to datasets. For flexibility, the following capabilities can be assigned for all datasets, or individual datasets.
- Ingest: Create only.
- Query: Read only.
- Starred queries: Full CRUD.
- Virtual fields: Full CRUD.
Refer to the table below to learn more about these dataset-level capabilities:
Datasets | Create | Read | Update | Delete |
---|---|---|---|---|
Ingest | User can ingest events to the specified dataset(s). | — | — | — |
Starred queries | User can create a starred query for the specified dataset(s). | User can access the list of starred queries in their organization. | User can modify an existing starred query in their organization. | User can delete a starred query from a dataset. |
Virtual fields | User can create a new virtual field for the specified dataset(s). | User can see the list of virtual fields for the specified dataset(s). | User can modify the definition of a virtual field for the specified dataset(s). | User can delete a virtual field from a dataset. |
Query | — | User can query events from the specified dataset(s). | — | — |
Access to datasets
The datasets that individual users have access to determine the following:
- The data they see in dashboards. If a user has access to a dashboard but only to some of the datasets referenced in the dashboard’s elements, the user only sees data from the datasets they have access to.
- The monitors they see. A user only sees the monitors that reference the datasets that the user has access to. If a user has access to the monitors of an organization but only to some of the datasets referenced in the monitors, the user only sees the monitors that reference the datasets they have access to. If a monitor joins several datasets, a user can only see the monitor if the user has access to all of the datasets.
Users
Users in Axiom are the individual accounts that have access to an organization. Users are assigned a base role when joining an organization which is configured during the invite step. For organizations with the role-based access control (RBAC) add-on, additional roles can be added through group membership.
To manage users:
- Navigate to Settings and select Users.
- Review and manage the list of users and assign default or custom base roles as desired.
Access for a user is the additive union of capabilities assigned through their default role, plus any capabilities included in roles assigned through group membership.
Directory Sync
Directory Sync automatically mirrors user account data between a central directory, such as Active Directory, and connected applications. When the status of an employee changes, all systems are automatically updated.
For this feature, Axiom relies on WorkOS. For more information, see Directory Sync and Enterprise Single Sign-On in the WorkOS documentation.
Directory Sync is available as an add-on if you’re on the Axiom Cloud plan, and it’s included by default on the Bring Your Own Cloud plan.
Data
Apps
Enrich your Axiom organization with a catalog of migrations tools, and dedicated apps, and gain complete visibility into any platform, and get alerts on your errors to stay ahead of issues.
By properly monitoring your apps with Axiom, you can spot slowdowns, hiccups, bad requests, errored requests, and function cache performance and know which actions to take to correct these issues before there are user-facing consequences.
Datasets
Manage datasets for your organization, including creating new datasets or deleting existing datasets.
Endpoints
Endpoints allow you to easily integrate Axiom into your existing data flow using tools and libraries that you already know. With Endpoints, you can build and configure your existing tooling to send data to Axiom so you can start monitoring your logs immediately.
General organization settings
View organization ID
To determine the organization ID, click Settings > General, and then find the ID section.
View organization region
To determine the region your organization uses, click Settings > General, and then find the Region section.
For more information, see Regions.
Turn Axiom AI on or off
Features powered by Axiom AI allow you to get insights from your data faster. These features are powered by leading foundation models through trusted enterprise providers including Amazon Bedrock and Google Gemini. Your inputs and outputs are never used to train generative models.
AI features are turned on by default for most customers. You can turn them on or off anytime for the whole organization, for example, for regulatory and compliance reasons.
To turn Axiom AI on or off:
- Click
Settings > General.
- Click Turn on Axiom AI or Turn off Axiom AI.
Delete organization
This is a destructive action. After you delete your organization, you lose access to all data within that org.
To delete your organization:
- Back up your data. You will now be able to access the data after deleting the org.
- Click
Settings > General
- Click Delete organization.
Usage and billing
Billing
The Billing page gives you details about your current plan and allows you to upgrade to a higher plan.
Usage
The Usage page gives you information about your organization’s total usage of Axiom.
Profile
In the Profile page, you can configure the following:
- Change your name.
- View your contact details and role.
- Change your timezone.
- Change the editor mode.
- Select the default method for null values. When you run a query with a visualization, you can select how Axiom treats null values in the chart options. For more information, see Configure chart options. When you select a default method to deal with null values, Axiom uses this method in every new chart you create.
- Create and delete personal access tokens. For more information, see Personal access tokens.
- View and manage your active sessions.
- Delete your account.