---
title: "Configure RBAC for Adaptive Traces | Grafana Cloud documentation"
description: "Describes how to use role based access control to manage permissions to Adaptive Traces."
---

# Configure RBAC for Adaptive Traces

You can use [role-based access control](/docs/grafana/latest/administration/roles-and-permissions/access-control/) (RBAC) to manage permissions for users in Adaptive Traces.

The following table shows the default role, its description, and associated actions.

Expand table

| Role  | Description                                      | Associated Actions                                                                                                                                                                                                                                                                       |
|-------|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Admin | Overall read and write access in Adaptive Traces | `grafana-adaptivetraces-app.plugin:access`, `grafana-adaptivetraces-app.recommendations:read`, `grafana-adaptivetraces-app.recommendations:apply`, `grafana-adaptivetraces-app.policies:read`, `grafana-adaptivetraces-app.policies:write`, `grafana-adaptivetraces-app.policies:delete` |

The Admin role is granted by default to users with the Grafana Admin or Admin organization role.

## Available permission actions

You can use the following permission actions to build custom roles that grant more granular access to Adaptive Traces.

Expand table

| Action                                             | Description                                                           |
|----------------------------------------------------|-----------------------------------------------------------------------|
| `grafana-adaptivetraces-app.plugin:access`         | Access the Adaptive Traces plugin UI. Required for all other actions. |
| `grafana-adaptivetraces-app.recommendations:read`  | View recommendations on the Overview page.                            |
| `grafana-adaptivetraces-app.recommendations:apply` | Apply or dismiss recommendations.                                     |
| `grafana-adaptivetraces-app.policies:read`         | View policies on the Policies page.                                   |
| `grafana-adaptivetraces-app.policies:write`        | Create and edit policies.                                             |
| `grafana-adaptivetraces-app.policies:delete`       | Delete policies.                                                      |

### Example: Create a read-only viewer role

To allow a user to view policies and recommendations without making changes, create a custom role with the following actions:

- `grafana-adaptivetraces-app.plugin:access`
- `grafana-adaptivetraces-app.recommendations:read`
- `grafana-adaptivetraces-app.policies:read`

For more information on creating custom roles, refer to [Create custom roles](/docs/grafana-cloud/account-management/authentication-and-permissions/access-control/custom-role-actions-scopes/).

## Assign users to a role

You can assign users to a role in the Grafana Cloud user interface or using the HTTP API.

For more information, refer to [Assign RBAC roles](/docs/grafana-cloud/account-management/authentication-and-permissions/access-control/assign-rbac-roles/) and [RBAC API](/docs/grafana-cloud/developer-resources/api-reference/http-api/access_control/).