# Add user access to Security Monitoring dashboards
Type of document: How-to guide
Product: NGINX Instance Manager
> Grant users access to Security Monitoring dashboards in F5 NGINX Instance Manager using role-based access control.
---
## Overview
Security Monitoring tracks activity on F5 WAF for NGINX instances. The dashboards and logs show insights, detect threats, and help improve security policies.
This guide explains how to create a role to give users access to Security Monitoring and assign it to users or groups.
**Note:**
This guide follows the principle of least privilege, so users only get access to Security Monitoring. You can create roles with different permissions if needed.
---
## Before you begin
Make sure you have the following:
- Your account must have access to User Management in F5 NGINX Instance Manager. Minimum permissions are:
- **Module**: Settings
- **Feature**: User Management
- **Access**: `READ`, `CREATE`, `UPDATE`
- Use the following table to find the permissions you need:
| Module(s) | Feature(s) | Access | Description |
|-----------------------------------|-----------------------|----------------------------|----------------------------------------------------------------------------------------------------------|
| Instance Manager
Security Monitoring | Analytics
Security Monitoring | `READ`
`READ` | Gives read-only access to Security Monitoring dashboards. Users cannot access NGINX Instance Manager or Settings. |
| Instance Manager
Security Monitoring
Settings | Analytics
Security Monitoring
User Management | `READ`
`READ`
`CREATE`, `READ`, `UPDATE` | Users can view dashboards and manage accounts and roles.
[icon: lightbulb] Best for "super-users" who manage dashboard access. Doesn't allow deleting accounts. |
---
## Create a role
Roles in NGINX Instance Manager are a critical part of [role-based access control (RBAC)](/nim/admin-guide/rbac/overview-rbac.md). By creating roles, you define the access levels and permissions for different user groups that correspond to groups in your Identity Provider (IdP).
NGINX Instance Manager includes a built-in administrator role called `admin`. You can create additional roles as needed.
The `admin` user or any user with `CREATE` permission for the **User Management** feature can create a role.
Follow these steps to create a role and set its permissions:
1. In a web browser, go to the FQDN for your NGINX Instance Manager host and log in.
1. Select the **Settings** (gear) icon in the upper-right corner.
1. From the left navigation menu, select **Roles**.
1. Select **Create**.
1. On the **Create Role** form, provide the following details:
- **Name**: The name to use for the role.
- **Display Name**: An optional, user-friendly name to show for the role.
- **Description**: An optional, brief description of the role.
1. To add permissions:
1. Select **Add Permission**.
2. Select the NGINX Instance Manager module you're creating the permission for from the **Module** list.
3. Select the feature you're granting permission for from the **Feature** list. To learn more about features, see [Get started with RBAC](/nim/admin-guide/rbac/overview-rbac.md).
4. Select **Add Additional Access** to choose a CRUD (Create, Read, Update, Delete) access level.
- Select the access level(s) you want to grant from the **Access** list.
5. Select **Save**.
1. Repeat step 6 if you need to add more permissions for other features.
1. When you've added all the necessary permissions, select **Save** to create the role.
#### Example scenario
Suppose you need to create an "app-developer" role. With this role, users can create and edit applications but not delete them or do administrative tasks. Name the role `app-developer`, select the relevant features, and grant permissions that align with the application development process while restricting administrative functions.
---
## Assign the role
Assign the Security Monitoring role to users or groups.
---
### Assign the role to users
To assign roles to a user in NGINX Instance Manager, follow these steps:
1. In a web browser, go to the FQDN for your NGINX Instance Manager host and log in.
2. Select the **Settings** gear icon in the upper-right corner.
3. From the left navigation menu, select **Users**.
4. Select a user from the list, then select **Edit User**.
5. In the **Roles** list, select the role(s) you want to assign to the user.
6. Select **Save**.
---
### Assign the role to user groups
**Note:** User groups require an external identity provider set up for OpenID Connect (OIDC) authentication, as described in [Getting started with OIDC](/nim/admin-guide/authentication/oidc/getting-started.md). You can't assign roles directly to users from an external identity provider in NGINX Instance Manager. Instead, they inherit roles based on their group membership.
To assign roles to a user group, follow these steps:
1. In a web browser, go to the FQDN for your NGINX Instance Manager host and log in.
2. Select the **Settings** gear icon in the upper-right corner.
3. From the left navigation menu, select **User Groups**.
4. Select a user group from the list, then select **Edit**.
5. In the **Roles** list, select the role(s) you want to assign to the group.
6. Select **Save**.