This section walks you through the most essential Axiom settings.

Access Overview

Role-Based Access Control (RBAC) enables organizations to manage and restrict access to their data and resources efficiently. You can find and configure RBAC settings in the Access section located within the settings page in Axiom.

The Access section consists of the following components:

  • API tokens
  • Groups
  • Roles
  • Users

Each of these components plays an important role in defining access to Axiom.

API tokens

API tokens in Axiom are used to authenticate and authorize access to datasets for querying and/or ingesting data.

Generating an API token

  1. Navigate to Settings and select API tokens.

  2. Click on New API token.

  3. Enter a name and description for the token.

  4. Choose the desired permissions: Ingest, Query, or Both.

  5. Select the dataset access level: Allow access to any dataset, or Allow access to specific datasets only.

  6. Copy the generated token to your clipboard. Remember, once you navigate away from the page, you won’t be able to view the token again.

Create API Token

For security reasons, it is recommended to assign the minimum required permissions to your API tokens. This approach reduces the impact of a compromised token.


Roles are sets of capabilities that define which actions a user can perform at both the organization and dataset levels.

Default roles

Axiom provides a set of default roles for all organizations:

  • Owner: Assigns all capabilities across the entire Axiom platform.

  • Admin: Assigns administrative capabilities but not Billing capabilities, which are reserved for Owners.

  • User: Assigns standard access for regular users.

  • Read-only: Assigns read capabilities for datasets, plus read access on various resources like dashboards, monitors, notifiers, users, queries, starred queries, and virtual fields.

  • None: Assigns zero capabilities, useful for adopting the principle of least privilege when inviting new users. Users with this default role can have specific capabilities built up through Roles assigned to a Group.

Prerequisites for creating roles

Custom roles can be created in Axiom organizations on the Enterprise plan. Users must have the create permission for the access control capability assigned in order to create custom roles, which is enabled for the default Owner and Admin roles.

Creating a custom role

  1. Navigate to Roles and select New role.
  2. Enter the name and description of the role.
  3. Assign capabilities: Roles can be assigned various permissions (create, read, update, and delete) across capabilities like Access control, API tokens, dashboards, and datasets.

Creating a custom role

Assigning capabilities to roles

Role creation is split into organization-level and dataset-level capabilities. Each capability has options to assign create, read, update, or delete (CRUD) permissions.

Organization-level capabilities define access for various parts of an Axiom organization.

  • Access control: Full CRUD.
  • API tokens: Full CRUD.
  • Apps: Full CRUD.
  • Billing: Read and update only.
  • Dashboards: Full CRUD.
  • Datasets: Full CRUD.
  • Endpoints: Full CRUD.
  • Monitors: Full CRUD.
  • Notifiers: Full CRUD.
  • Shared Access Key: Read and update only.
  • Users: Full CRUD.

Refer to the table below to learn more about these organization-level capabilities:

Access controlUser can create custom roles and groups.User can view the list of existing roles and groups.User can update the and description of roles and groups, and modify permissions.User can delete custom roles or groups.
API tokensUser can create an API token with access to the datasets their user has access to.User can access the list of tokens that have been in their organization.User can regenerate a token from the list of tokens in an organization.User can delete API tokens created in their organization.
AppsUser can create a new app.Users can access the list of installed apps in their organization.Users can modify the existing apps in their organization.User can disconnect apps installed in their organization.
BillingUser can access billing settings.User can change the organization plan.
DashboardsUser can create new dashboards.User can access their own dashboards and those created by other users in their organization.User can modify dashboard titles and descriptions. User can add, resize, and delete charts from dashboards.User can delete a dashboard from their organization.
DatasetsUser can create a new dataset.Users can access the list of datasets in an organization, and their associated fields.User can trim a dataset, and modify dataset fields.User can delete a dataset from their organization.
EndpointsUser can create a new endpoint.User can access the list of existing endpoints in an organization.Users can rename an endpoint and modify which dataset data is ingested into.User can delete an endpoint from their organization.
MonitorsUser can create a monitor.User can access the list of monitors in their organization. User can also review the monitor status.Users can modify a monitor configuration in their organization.Users can delete monitors that have been created in their organization.
NotifiersUser can create a new notifier in their organization.User can access the list of notifiers in their organization.User can update existing notifiers in their organization. User can snooze a notifier.User can delete notifiers that have been created in their organization.
UsersUsers can invite new users to an organization.User can access the list of users that are part of their organization.User can update user roles and information within the organization.Users can remove other users from their organization and delete their own account.
Shared Access KeysUser can access shared access keys in their organization.User can update shared access keys in their organization.

Dataset-level capabilities provide fine-grained control over access to datasets. For flexibility, the following capabilities can be assigned for all datasets, or individual datasets.

  • Ingest: Create only.
  • Query: Read only.
  • Starred queries: Full CRUD.
  • Virtual fields: Full CRUD.

Refer to the table below to learn more about these dataset-level capabilities:

IngestUser can ingest events to the specified dataset(s).
Starred queriesUser can create a starred query for the specified dataset(s).User can access the list of starred queries in their organization.User can modify an existing starred query in their organization.User can delete a starred query from a dataset.
Virtual fieldsUser can create a new virtual field for the specified dataset(s).User can see the list of virtual fields for the specified dataset(s).User can modify the definition of a virtual field for the specified dataset(s).User can delete a virtual field from a dataset.
QueryUser can query events from the specified dataset(s).


Groups, which are available to Axiom organizations on the Enterprise plan, connect users with roles, making it easier to manage access control at scale.

Organizations might create groups for areas of their business like Security, Infrastructure, or Business Analytics, with specific roles assigned to serve the unique needs of these domains.

Since groups connect users with one or many roles, users’ complete set of capabilities are derived from the additive union of their base role, plus any roles assigned through group membership.

Creating a New Group

  1. Navigate to Groups and select New group.

  2. Enter the name and description of the group.

Creating a group

  1. Add users to the group. Clicking on Add users will display a list of available users.

Creating a group with users

  1. Add roles to the group by clicking Add roles, which will present a list of available roles.


Users in Axiom are the individual accounts that have access to an organization. Users are assigned a base role when joining an organization, which is configured during the invite step. For organizations on an Enterprise plan, additional roles can be added through Group membership.

Managing Users

  1. Navigate to Settings and select Users.
  2. Review and manage the list of users and assign default or custom base roles as desired.

Creating a group

Access for a user is the additive union of capabilities assigned through their default role, plus any capabilities included in roles assigned through group membership.



Enrich your Axiom organization with a catalogue of integrations, migrations tools, and dedicated apps, and gain complete visibility into any platform, and get alerts on your errors to stay ahead of issues.

By properly monitoring your integrations with Axiom, you can spot slowdowns, hiccups, bad requests, errored requests, and function cache performance and know which actions to take to correct these issues before there are user-facing consequences.

Check out supported Apps

Apps Integrations overview


Manage datasets for your organization, including creating new datasets or deleting existing datasets.

Datasets are a collection of similar events. When data is sent to Axiom it is stored in a dataset.

Dataset names must be between 1-128 characters, and may only contain ASCII alphanumeric characters and the '-' character.

To create a dataset, enter the name and description of your dataset.

Auth overview

Once created, you can import files into your datasets in supported formats such as NDJSON, JSON, or CSV. Additionally, you have the options to trim the dataset and delete it as needed.

Datasets Auth overview


Endpoints allow you to easily integrate Axiom into your existing data flow using tools and libraries that you already know. With Endpoints, you can build and configure your existing tooling to send data to Axiom so you can start monitoring your logs immediately.

Learn more about configuring endpoints




Manage your project billing, view your current plan, and explore the total usage of each component during your current billing period up to the last hour.

You can upgrade your organization to a free 14-day trial. Axiom will not charge you during the first 14 days of your Axiom Pro trial. You can cancel at any time during the trial period without incurring any cost.

At the end of the trial period, your account will automatically convert to a paid plan.

On the Billings dashboard you can get the total usage of each running component during the current billing period up to the last hour and beyond.



You can see the license and configurations for your organization by selecting License this lets you know:

  • How much data you can ingest.
  • Monthly ingest limit (GB).
  • Maximum endpoints.
  • Maximum datasets you can have.
  • Maximum fields per dataset.
  • Maximum monitors.
  • Maximum number of Users.
  • Maximum number of Teams.
  • Maximum query window.

Auth overview



View your contact details, edit your timezone, view and manage your active sessions, and create your personal token from your organization profile.


Personal Token

To generate a Personal Token:

  1. Go to settings, and select Profile.
  2. Click on Add personal Token.
  3. Provide a Name and Description for your token, then click on ADD.
  4. Copy the generated token to your clipboard. It's important to note that once you navigate away from the Personal Token page, you won't be able to see this token again. If you need to access the token later, you will have to regenerate it or create a new Personal Token.

Personal Token

  • Personal token grants access to all resources available to the user. It is useful for programmatic access to the Axiom API, facilitating custom integrations or usage with tools like the Axiom CLI. When using the the Personal Token, you will need the AXIOM_ORG_ID for programmatic access.

Was this page helpful?