Changelog
Fine-grained access control (beta)
Fine-grained access control is now available in beta for all Cloud and Self-Hosted Enterprise users. Previously, only admins could manage service accounts, their API keys, and roles, which made it an all-or-nothing model. You can now create custom roles with scoped permissions and delegate those responsibilities to the right people without granting full admin access.
Create a custom role that can manage service accounts, API keys, and roles, then assign it to a user instead of making them an admin, or scope a role down to control exactly who can create, edit, or delete roles. You'll find everything under Settings → Identity & Access. See the Roles guide to get started.
Note: assigning roles to users remains admin-only for now. As this feature is in beta, we'd love your bug reports and feedback.
Self-service API keys for viewers
Building on fine-grained roles, admins can now set up a self-service flow so viewer users generate their own read-only API keys without routing every request through an admin, and without granting broad permissions. This is especially useful for giving read-only users direct access to the SigNoz MCP Server for AI tooling.
The setup is a one-time admin task: create a read-only service account, build a custom role scoped to add keys to just that account, and assign it to viewers by invite or SSO. The step-by-step guide walks through it.