Skip to content

Whats new logs fine grained access post #22167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Nov 19, 2025
Merged

Whats new logs fine grained access post #22167

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
1a74cdc
Adding Logs FGA What's New Via Upload
mrytower05 Nov 11, 2025
3023208
feat(whats-new): add logs fga images
mrytower05 Nov 11, 2025
9d89854
Fix image syntax and add caption in logs FGA
mrytower05 Nov 11, 2025
69f0b8e
Fix image path in 'whats-new-11-10-logs-fga.md'
mrytower05 Nov 11, 2025
a56ef1f
Fix image syntax in logs FGA documentation
mrytower05 Nov 11, 2025
5fd3396
Update whats-new-11-10-logs-fga.md
adutta-newrelic Nov 14, 2025
8b3a4f6
feat(whats-new): Logs FGA updating image path
mrytower05 Nov 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
title: 'Fine Grained Access for Logs'
summary: 'Restrict user access to specific log data partitions for better security and compliance.'
releaseDate: '2025-11-04'

Check warning on line 4 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale-linter 

[vale] reported by reviewdog 🐶
[new-relic.RangeFormat] Use an en dash in a range of numbers.

Raw Output:
{"message": "[new-relic.RangeFormat] Use an en dash in a range of numbers.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 4, "column": 15}}}, "severity": "WARNING"}

Check warning on line 4 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md#L4 

[new-relic.RangeFormat] Use an en dash in a range of numbers.
Raw output 
{"message": "[new-relic.RangeFormat] Use an en dash in a range of numbers.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 4, "column": 15}}}, "severity": "WARNING"}
learnMoreLink: 'https://docs.newrelic.com/es/docs/accounts/accounts-billing/new-relic-one-user-management/data-access-control/'
getStartedLink: 'https://docs.newrelic.com/es/docs/accounts/accounts-billing/new-relic-one-user-management/data-access-control/#create-policies'
---

As your organization scales, managing who can access specific log data is vital for security, compliance, and data governance. Your security teams may need to monitor critical logs that contain sensitive information (PII), while development teams should only see logs relevant to their specific services.

Check warning on line 9 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale-linter 

[vale] reported by reviewdog 🐶
[new-relic.ComplexWords] Consider using 'check' or 'watch' instead of 'monitor'.

Raw Output:
{"message": "[new-relic.ComplexWords] Consider using 'check' or 'watch' instead of 'monitor'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 9, "column": 160}}}, "severity": "INFO"}

Check notice on line 9 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md#L9 

[new-relic.ComplexWords] Consider using 'check' or 'watch' instead of 'monitor'.
Raw output 
{"message": "[new-relic.ComplexWords] Consider using 'check' or 'watch' instead of 'monitor'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 9, "column": 160}}}, "severity": "INFO"}

We're excited to introduce **fine grained access** for log data. This new capability, available for Pro and Enterprise accounts, gives Administrator's fine-grained control over which users can view specific log data.

### How it works

With Fine Grained Access control for Logs, you create policies that define exactly which log partitions users can access. These policies are assigned to access grants and allow you to:

Check warning on line 15 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale-linter 

[vale] reported by reviewdog 🐶
[Microsoft.Passive] 'are assigned' looks like passive voice.

Raw Output:
{"message": "[Microsoft.Passive] 'are assigned' looks like passive voice.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 15, "column": 138}}}, "severity": "INFO"}

Check notice on line 15 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md#L15 

[Microsoft.Passive] 'are assigned' looks like passive voice.
Raw output 
{"message": "[Microsoft.Passive] 'are assigned' looks like passive voice.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 15, "column": 138}}}, "severity": "INFO"}

* **Allow access:** Grant access *only* to a specific set of partitions.
* **Deny access:** Block access to specific partitions, like those containing sensitive data.
* **Use wildcards:** Easily manage multiple partitions at once (e.g., `log_prod%` matches all partitions starting with "log_prod").

Check failure on line 19 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale-linter 

[vale] reported by reviewdog 🐶
[Microsoft.Foreign] Use 'for example' instead of 'e.g.,'.

Raw Output:
{"message": "[Microsoft.Foreign] Use 'for example' instead of 'e.g.,'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 19, "column": 65}}}, "severity": "ERROR"}

Check warning on line 19 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale-linter 

[vale] reported by reviewdog 🐶
[new-relic.ComplexWords] Consider using 'many' instead of 'multiple'.

Raw Output:
{"message": "[new-relic.ComplexWords] Consider using 'many' instead of 'multiple'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 19, "column": 36}}}, "severity": "INFO"}

Check warning on line 19 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale-linter 

[vale] reported by reviewdog 🐶
[new-relic.Adverbs] Consider removing 'Easily'.

Raw Output:
{"message": "[new-relic.Adverbs] Consider removing 'Easily'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 19, "column": 22}}}, "severity": "INFO"}

Check notice on line 19 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md#L19 

[new-relic.Adverbs] Consider removing 'Easily'.
Raw output 
{"message": "[new-relic.Adverbs] Consider removing 'Easily'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 19, "column": 22}}}, "severity": "INFO"}

Check notice on line 19 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md#L19 

[new-relic.ComplexWords] Consider using 'many' instead of 'multiple'.
Raw output 
{"message": "[new-relic.ComplexWords] Consider using 'many' instead of 'multiple'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 19, "column": 36}}}, "severity": "INFO"}

Check failure on line 19 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md#L19 

[Microsoft.Foreign] Use 'for example' instead of 'e.g.,'.
Raw output 
{"message": "[Microsoft.Foreign] Use 'for example' instead of 'e.g.,'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 19, "column": 65}}}, "severity": "ERROR"}

This enables you to restrict logs access to only the data a user should need. When a user belongs to multiple grants for an account, any deny policy will always override an allow policy.

Check warning on line 21 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale-linter 

[vale] reported by reviewdog 🐶
[new-relic.ComplexWords] Consider using 'many' instead of 'multiple'.

Raw Output:
{"message": "[new-relic.ComplexWords] Consider using 'many' instead of 'multiple'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 21, "column": 102}}}, "severity": "INFO"}

Check notice on line 21 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md#L21 

[new-relic.ComplexWords] Consider using 'many' instead of 'multiple'.
Raw output 
{"message": "[new-relic.ComplexWords] Consider using 'many' instead of 'multiple'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 21, "column": 102}}}, "severity": "INFO"}

![A screenshot that shows how to add a data access policy](/images/add-data-policy.webp "A screenshot that shows how to add a data access policy.")

<figcaption>Create policies to allow or deny access to specific log partitions from the Access Management UI.</figcaption>

### Automate with the NerdGraph API

In addition to the UI, you can now manage your data access policies using our NerdGraph API. This is ideal for automating your security workflows and integrating with your existing identity and access management systems. You can use NerdGraph to programmatically:

Check warning on line 29 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale-linter 

[vale] reported by reviewdog 🐶
[Microsoft.Wordiness] Consider using 'also' instead of 'In addition'.

Raw Output:
{"message": "[Microsoft.Wordiness] Consider using 'also' instead of 'In addition'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 29, "column": 1}}}, "severity": "INFO"}

Check notice on line 29 in src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md#L29 

[Microsoft.Wordiness] Consider using 'also' instead of 'In addition'.
Raw output 
{"message": "[Microsoft.Wordiness] Consider using 'also' instead of 'In addition'.", "location": {"path": "src/content/whats-new/2025/11/whats-new-11-10-logs-fga.md", "range": {"start": {"line": 29, "column": 1}}}, "severity": "INFO"}

* Create, query, and update policies
* Delete policies
* Assign policies to access grants

[Learn more about managing policies via NerdGraph](https://docs.newrelic.com/docs/apis/nerdgraph/examples/nerdgraph-data-access-control).

To get started in the UI, users with the Authentication domain manager role can navigate to **[Administration > Access Management > Data access policies](https://one.newrelic.com/admin-portal)**.
Loading