Who: Users with the Proxies Tanzu Observability service role who must have one of the following:
- A valid VMware Cloud services API token with the Proxies service role assigned. diff --git a/pages/doc/csp_getting_started.md b/pages/doc/csp_getting_started.md index fd146d3af..2369d9714 100644 --- a/pages/doc/csp_getting_started.md +++ b/pages/doc/csp_getting_started.md @@ -81,9 +81,9 @@ See [What organization roles are available in VMware Cloud Services](https://doc ## What Are Service Roles and Custom Roles? -VMware Cloud services includes service-specific built-in roles, including [Tanzu Observability service roles](csp_users_roles.html#operations-for-applications-service-roles-built-in). A service role is required to grant certain access to the corresponding service instance in the organization. +VMware Cloud services includes service-specific built-in roles, including [Tanzu Observability service roles](csp_users_roles.html#tanzu-observability-service-roles-built-in). A service role is required to grant certain access to the corresponding service instance in the organization. -While the service roles are built-in and not editable, as a VMware Cloud **Organization Administrator** or **Organization Owner**, you can create [custom roles](csp_users_roles.html#create-edit-or-delete-a-custom-role) with service permissions of your choice, including [Operations for Application permissions](csp_permissions_overview.html#operations-for-applications-permissions). Custom roles are optional and apply to all service instances for which the target user or server to server app has at least one service role. +While the service roles are built-in and not editable, as a VMware Cloud **Organization Administrator** or **Organization Owner**, you can create [custom roles](csp_users_roles.html#create-edit-or-delete-a-custom-role) with service permissions of your choice, including [Operations for Application permissions](csp_permissions_overview.html#tanzu-observability-permissions). Custom roles are optional and apply to all service instances for which the target user or server to server app has at least one service role. ## What's a Server to Server App? diff --git a/pages/doc/csp_invite-AoA-users_tutorial.md b/pages/doc/csp_invite-AoA-users_tutorial.md index 24f03138f..712280771 100644 --- a/pages/doc/csp_invite-AoA-users_tutorial.md +++ b/pages/doc/csp_invite-AoA-users_tutorial.md @@ -58,10 +58,10 @@ If do not have the VMware Cloud **Organization Owner** or **Organization Adminis We provide a number of built-in Tanzu Observability service roles. -- A corresponding service role for each [permission](csp_permissions_overview.html#operations-for-applications-permissions). +- A corresponding service role for each [permission](csp_permissions_overview.html#tanzu-observability-permissions). - Two special service roles - one that grants full administrative access to the service, and another one that grants read-only access to the service. -For more information, see [Tanzu Observability Roles (Built-in)](csp_users_roles.html#operations-for-applications-service-roles-built-in). +For more information, see [Tanzu Observability Roles (Built-in)](csp_users_roles.html#otanzu-observability-service-roles-built-in). ### Step 1: Enter the New User Details diff --git a/pages/doc/csp_migration.md b/pages/doc/csp_migration.md index f373269d0..9c4da3aeb 100644 --- a/pages/doc/csp_migration.md +++ b/pages/doc/csp_migration.md @@ -66,7 +66,7 @@ During the process of onboarding your Tanzu Observability service to VMware Clou  * If a user is a **Super Admin** in Tanzu Observability, we assign that user with the **Super Admin** Tanzu Observability service role in VMware Cloud services. -* If a user is assigned with individual permissions in Tanzu Observability, we assign that user with the corresponding [Tanzu Observability service roles](csp_users_roles.html#operations-for-applications-service-roles-built-in) in VMware Cloud services. For example, if a user has the **Alerts** permission in Tanzu Observability, we assign that user with the **Alerts** Tanzu Observability service role in VMware Cloud services. There are the following exceptions: +* If a user is assigned with individual permissions in Tanzu Observability, we assign that user with the corresponding [Tanzu Observability service roles](csp_users_roles.html#tanzu-observability-service-roles-built-in) in VMware Cloud services. For example, if a user has the **Alerts** permission in Tanzu Observability, we assign that user with the **Alerts** Tanzu Observability service role in VMware Cloud services. There are the following exceptions: - The **Accounts** permission is replaced by the [VMware Cloud **Organization Administrator** role](csp_getting_started.html#whats-a-vmware-cloud-organization-role) plus the **Admin** Tanzu Observability service role. - The **API Tokens** permission is not replaced by any role, because this privilege is not needed in VMware Cloud services. Each VMware Cloud services user can manage their own VMware Cloud services API tokens. @@ -159,7 +159,7 @@ During the process of onboarding your Tanzu Observability service to VMware Clou During the process of onboarding your Tanzu Observability service to VMware Cloud services, the service accounts **are not** migrated to VMware Cloud services, because VMware Cloud services supports [server to server OAuth apps](csp_server_to_server_apps.html), which are equivalent to the services accounts in Tanzu Observability. -{% include warning.html content="The usage of service accounts in Tanzu Observability on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with Tanzu Observability API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. Service accounts and Tanzu Observability API tokens will be deprecated in the future."%} +{% include warning.html content="The usage of service accounts in Tanzu Observability on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-tanzu-observability-api-tokens) that still authenticate with Tanzu Observability API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. Service accounts and Tanzu Observability API tokens will be deprecated in the future."%} For backward compatibility, all of your service accounts are **preserved** in Tanzu Observability as follows: @@ -176,7 +176,7 @@ You should incrementally [replace](#how-to-replace-a-service-account-with-a-serv ### How to Replace a Service Account with a Server to Server App? -Service accounts authenticate with Tanzu Observability API tokens, while server to server OAuth apps authenticate with the more secure VMware Cloud services access tokens. Service accounts are supported for a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) but will be deprecated in the future. +Service accounts authenticate with Tanzu Observability API tokens, while server to server OAuth apps authenticate with the more secure VMware Cloud services access tokens. Service accounts are supported for a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-tanzu-observability-api-tokens) but will be deprecated in the future.
- When the Super Admin mode is enabled, you have full administrative privileges for the Tanzu Observability service. See the Super Admin service role for details. +
- When the Super Admin mode is enabled, you have full administrative privileges for the Tanzu Observability service. See the Super Admin service role for details.
- When the Super Admin mode is disabled, you have only the permissions from your other roles if any.
-
Only users with the Logs permission can view the Logs Browser and drill down into logs from charts, alerts, and traces.
-
The steps to add roles and permissions differ for Onboarded and Original subscriptions. See add permissions details for Onboarded subscriptions and Original subscriptions.
+The steps to add roles and permissions differ for Onboarded and Original subscriptions. See add permissions details for Onboarded subscriptions and Original subscriptions.
{{site.data.alerts.end}}
diff --git a/pages/doc/purchase-additional-capacity.md b/pages/doc/purchase-additional-capacity.md
index 36c126af5..9c303167a 100644
--- a/pages/doc/purchase-additional-capacity.md
+++ b/pages/doc/purchase-additional-capacity.md
@@ -8,7 +8,7 @@ summary: Learn how to add capacity to your current Tanzu Observability (formerly
---
{% include note.html content="Starting July 3, 2023, VMware Tanzu Observability is a service on the VMware Cloud services platform. For information about VMware Cloud services subscriptions and original subscriptions and the differences between them, see [Subscription Types](subscriptions-differences.html). - - The OpenTelemetry collector can identify data coming from applications instrumented with Jaeger or Zipkin and convert them to Open Telemetry format. Next, the Tanzu Observability (Wavefront) trace exporter converts the data to the Operations for Applications data format. See OpenTelemetry to configure your application. + The OpenTelemetry collector can identify data coming from applications instrumented with Jaeger or Zipkin and convert them to Open Telemetry format. Next, the Tanzu Observability (Wavefront) trace exporter converts the data to the Tanzu Observability data format. See OpenTelemetry to configure your application.
-
For OpenTracing, follow the steps given below.
@@ -39,11 +39,11 @@ To get data flowing:
Each integration
1. Configures your distributed tracing system to send trace data to a Wavefront proxy. During integration setup, follow the prompts to create a new integration or use an existing integration.
-2. The proxy processes the data and sends it to your Operations for Applications service.
+2. The proxy processes the data and sends it to your Tanzu Observabilityservice.
Part of setting up the integration is to configure the Wavefront proxy to listen for the trace data on an integration-specific port.
-Using an integration is the simplest way - [but not the only way](#alternatives-to-integrations) - to send trace data to Operations for Applications from a 3rd part tracing system.
+Using an integration is the simplest way - [but not the only way](#alternatives-to-integrations) - to send trace data to Tanzu Observabilityfrom a 3rd part tracing system.
## Trace Data from an Integration
@@ -55,7 +55,7 @@ The Wavefront proxy:
### Required Span Tags
-Operations for Applications requires certain [span tags](trace_data_details.html#span-tags) on well-formed spans. The following spans tags enable you to filter and visualize trace data from the different services in your instrumented application:
+Tanzu Observability requires certain [span tags](trace_data_details.html#span-tags) on well-formed spans. The following spans tags enable you to filter and visualize trace data from the different services in your instrumented application:
@@ -84,13 +84,13 @@ The proxy preserves any tags that you assigned through your distributed tracing The mandatory span tags cannot have multiple values. Ensure that your application does not send spans with multiple application or service tags. For example, a span with two span tags `service=notify` and `service=backend` is invalid. -{% include note.html content="Operations for Applications ignores span tags with empty values." %} +{% include note.html content="Tanzu Observability ignores span tags with empty values." %} ### Derived RED Metrics -Operations for Applications automatically derives RED metrics from the spans that are sent from the instrumented application services. RED metrics are measures of the request Rate, Errors, and Duration that are obtained from the reported spans. These metrics are key indicators of the health of your services, and you can use them as context to help you discover problem traces. +Tanzu Observability automatically derives RED metrics from the spans that are sent from the instrumented application services. RED metrics are measures of the request Rate, Errors, and Duration that are obtained from the reported spans. These metrics are key indicators of the health of your services, and you can use them as context to help you discover problem traces. -Operations for Applications stores the RED metrics along with the spans they are based on. For more details, see [RED Metrics](trace_data_details.html#red-metrics). +Tanzu Observability stores the RED metrics along with the spans they are based on. For more details, see [RED Metrics](trace_data_details.html#red-metrics). {% include note.html content="The level of detail for the RED metrics is affected by any sampling that is done by your 3rd party distributed tracing system. See [Trace Sampling and RED Metrics from an Integration](#trace-sampling-and-red-metrics-from-an-integration), below." %} @@ -250,11 +250,11 @@ Follow these steps: ## Alternatives to Integrations -If using the Jaeger or Zipkin integration doesn't make sense in your environment, you can still use Operations for Applications with those systems. +If using the Jaeger or Zipkin integration doesn't make sense in your environment, you can still use Tanzu Observability with those systems. ### Send Raw Trace Data -We don't support an integration for your distributed tracing system, or if you are using your own proprietary tracing system, you can use a sender SDK to send raw trace data to Operations for Applications. With a sender SDK, you can write code that obtains the component values from your spans, and assembles those values into the [Operations for Applications span format](trace_data_details.html#operations-for-applications-span-format). The sender SDK also lets you configure your application to send the trace data to a Wavefront proxy or directly to Operations for Applications. +We don't support an integration for your distributed tracing system, or if you are using your own proprietary tracing system, you can use a sender SDK to send raw trace data to Tanzu Observability. With a sender SDK, you can write code that obtains the component values from your spans, and assembles those values into the [Tanzu Observability span format](trace_data_details.html#tanzu-observability-span-format). The sender SDK also lets you configure your application to send the trace data to a Wavefront proxy or directly to Tanzu Observability. For SDK setup details, see the [Sender SDK](wavefront_sdks.html#sdks-for-sending-raw-data) for your programming language. @@ -262,7 +262,7 @@ For SDK setup details, see the [Sender SDK](wavefront_sdks.html#sdks-for-sending ### Use the Wavefront OpenCensus Go Exporter -If you have instrumented your Go application with OpenCensus, you can use the [Wavefront OpenCensus Go Exporter](https://opencensus.io/exporters/supported-exporters/go/wavefront/) to push metrics, histograms, and traces into Operations for Applications. This exporter is built on the [Sender SDK](wavefront_sdks.html#sdks-for-sending-raw-data) for Go. +If you have instrumented your Go application with OpenCensus, you can use the [Wavefront OpenCensus Go Exporter](https://opencensus.io/exporters/supported-exporters/go/wavefront/) to push metrics, histograms, and traces into Tanzu Observability. This exporter is built on the [Sender SDK](wavefront_sdks.html#sdks-for-sending-raw-data) for Go. diff --git a/pages/doc/upgrade-and-purchase.md b/pages/doc/upgrade-and-purchase.md index bd82cb11b..9c33511f8 100644 --- a/pages/doc/upgrade-and-purchase.md +++ b/pages/doc/upgrade-and-purchase.md @@ -28,7 +28,7 @@ Billing depends on the amount of data, measured in points per second (PPS), that ## Upgrade a Trial Service Instance on VMware Cloud Services -{% include note.html content="To upgrade from a trial version, you must hold the [**Organization Owner** role](csp_getting_started.html#whats-a-vmware-cloud-organization-role) in the VMware Cloud organization running the service as well as at least one [Tanzu Observability service role](csp_users_roles.html#operations-for-applications-service-roles-built-in) for the service instance. If your enterprise domain is federated, to access the organization billing account, you must have a VMware account linked to your corporate account." %} +{% include note.html content="To upgrade from a trial version, you must hold the [**Organization Owner** role](csp_getting_started.html#whats-a-vmware-cloud-organization-role) in the VMware Cloud organization running the service as well as at least one [Tanzu Observability service role](csp_users_roles.html#tanzu-observabilitys-service-roles-built-in) for the service instance. If your enterprise domain is federated, to access the organization billing account, you must have a VMware account linked to your corporate account." %} 1. Log in to your service instance. 1. On the banner showing you how many days have left from your trial period, click **Upgrade**. diff --git a/pages/doc/wavefront_data_format.md b/pages/doc/wavefront_data_format.md index c150315d5..7fd69bce3 100644 --- a/pages/doc/wavefront_data_format.md +++ b/pages/doc/wavefront_data_format.md @@ -149,7 +149,7 @@ Most of our discussion of the histogram and span data formats is on the pages li ### Span Data Format Syntax -[The span format](trace_data_details.html#operations-for-applications-span-format) supports several predefined span tags. +[The span format](trace_data_details.html#tanzu-observability-span-format) supports several predefined span tags. ``` source= diff --git a/pages/doc/wavefront_data_naming.md b/pages/doc/wavefront_data_naming.md index 4244a493c..f194283f3 100644 --- a/pages/doc/wavefront_data_naming.md +++ b/pages/doc/wavefront_data_naming.md @@ -1,14 +1,14 @@ --- -title: Wavefront Data Best Practices +title: Tanzu Observability Data Best Practices keywords: data tags: [data, best practice] sidebar: doc_sidebar permalink: wavefront_data_naming.html -summary: Best practices for naming data sent to Wavefront. +summary: Best practices for naming data sent to VMware Tanzu Observability (formerly known as VMware Aria Operations for Applications). --- You can organize your data schema into metric names, source names, and point, alert, event, and source tags. -Wavefront doesn't place any restrictions on naming. However, you benefit from following best practices when you name Wavefront objects. See [Wavefront Data Format](wavefront_data_format.html#operations-for-applications-data-format-fields) for details on valid characters for metric names and other names. +Tanzu Observability doesn't place any restrictions on naming. However, you benefit from following best practices when you name Tanzu Observability objects. See [Tanzu Observability Data Format](wavefront_data_format.html) for details on valid characters for metric names and other names. ## Metric Names Best Practices @@ -21,9 +21,9 @@ Don't include a timestamp in the metric name. ## Source Names Best Practices -Source names should reflect a unique source that is emitting metrics. Wavefront assumes that source names are unique. +Source names should reflect a unique source that is emitting metrics. Tanzu Observability assumes that source names are unique. -For example, if you have the same machine name in different data centers, and don't separate the two machines when sending data to Wavefront (for example, by prefixing the source names with the datacenter), you can get confusing query results. Time series might oscillate between different values seemingly randomly, or you might see unexpected averaging of points between multiple sources. +For example, if you have the same machine name in different data centers, and don't separate the two machines when sending data to Tanzu Observability (for example, by prefixing the source names with the datacenter), you can get confusing query results. Time series might oscillate between different values seemingly randomly, or you might see unexpected averaging of points between multiple sources. When it's not clear which name to use as the source name, use the most unique value for a source name. For higher-level pre-aggregated data, for example, a datacenter-wide metric like power usage, use the name of the datacenter as the name of the source. @@ -45,13 +45,13 @@ Tag names can contain alphanumeric (a-z, A-Z, 0-9), dash (-), underscore (_), an ### History -Wavefront does not retain the history of alert, event, and source tags. For example, the machine `web004.pax.wavefront.com` might have the source tags `java-17`, `build-24`, and `dc-pax`. If you remove the `build-24` tag from `web004.pax.wavefront.com` and replace it with `build-25`, queries filtered by `build-24` no longer match `web004.pax.wavefront.com.` In other words, only current alert, event, and source tags affect queries because these tags are tied only to those objects, not to data. +Tanzu Observability does not retain the history of alert, event, and source tags. For example, the machine `web004.pax.wavefront.com` might have the source tags `java-17`, `build-24`, and `dc-pax`. If you remove the `build-24` tag from `web004.pax.wavefront.com` and replace it with `build-25`, queries filtered by `build-24` no longer match `web004.pax.wavefront.com.` In other words, only current alert, event, and source tags affect queries because these tags are tied only to those objects, not to data. For more information on tags, see [Organizing with Tags](tags_overview.html). ## Other Data Best Practices -* [Wavefront and Cardinality](cardinality.html) has an introduction with a video. +* [Tanzu Observability and Cardinality](cardinality.html) has an introduction with a video. * [Optimizing the Data Shape to Improve Performance](optimize_data_shape.html) is an in-depth discussion with examples. * [Common Time Limits and Best Practices](wavefront_limits.html) shows limits, for example, when a query times out. * [Troubleshooting Missing Data](missing_data_troubleshooting.html) explains, for example, how you can toggle the Obsolete Metrics flag to see old data. diff --git a/pages/doc/wavefront_obsolescence_policy.md b/pages/doc/wavefront_obsolescence_policy.md index 8215604c6..5ecf8e772 100644 --- a/pages/doc/wavefront_obsolescence_policy.md +++ b/pages/doc/wavefront_obsolescence_policy.md @@ -189,5 +189,5 @@ Starting September 20, 2023, all **new trial** instances of Tanzu Observability In October, 2023, we start to incrementally [onboard](csp_migration.html) all **original** subscriptions, which use Tanzu Observability authentication and authorization, to VMware Cloud services. -{% include warning.html content="The Tanzu Observability authentication and authorization will be **deprecated** in the future. Therefore, after onboarding to VMware Cloud services, **replace** [your service accounts with server to server apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) and [your Tanzu Observability API tokens with VMware Cloud Services access tokens](csp_migration.html#how-to-replace-an-tanzu-observability-api-token-with-a-vmware-cloud-services-access-token), including [the Tanzu Observability API tokens of your Wavefront proxies](csp_migration.html#how-to-replace-the-operations-for-application-api-token-of-a-wavefront-proxy)." %} +{% include warning.html content="The Tanzu Observability authentication and authorization will be **deprecated** in the future. Therefore, after onboarding to VMware Cloud services, **replace** [your service accounts with server to server apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) and [your Tanzu Observability API tokens with VMware Cloud Services access tokens](csp_migration.html#how-to-replace-an-tanzu-observability-api-token-with-a-vmware-cloud-services-access-token), including [the Tanzu Observability API tokens of your Wavefront proxies](csp_migration.html#how-to-replace-the-tanzu-observability-api-token-of-a-wavefront-proxy)." %} diff --git a/pages/doc/wavefront_release_notes.md b/pages/doc/wavefront_release_notes.md index d8841a7b2..8c9a0ddf0 100644 --- a/pages/doc/wavefront_release_notes.md +++ b/pages/doc/wavefront_release_notes.md @@ -34,7 +34,7 @@ Starting September 20, 2023, all **new trial** instances of Tanzu Observability In October, 2023, we start to incrementally [**onboard**](csp_migration.html) all original subscriptions to VMware Cloud services. You will receive a notification in your Tanzu Observability UI with the date scheduled for your service onboarding to VMware Cloud services. Make sure that you get familiar with the VMware Cloud services platform and prepare for the onboarding. See [What Should I Do Before the Onboarding?](csp_migration.html#what-should-i-do-before-the-onboarding). -{% include warning.html content="The Tanzu Observability authentication and authorization will be **deprecated** in the future. Therefore, after onboarding to VMware Cloud services, **replace** [your service accounts with server to server apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) and [your Tanzu Observability API tokens with VMware Cloud Services access tokens](csp_migration.html#how-to-replace-an-operations-for-applications-api-token-with-a-vmware-cloud-services-access-token), including [the Operations for Application API tokens of your Wavefront proxies](csp_migration.html#how-to-replace-the-operations-for-application-api-token-of-a-wavefront-proxy)." %} +{% include warning.html content="The Tanzu Observability authentication and authorization will be **deprecated** in the future. Therefore, after onboarding to VMware Cloud services, **replace** [your service accounts with server to server apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) and [your Tanzu Observability API tokens with VMware Cloud Services access tokens](csp_migration.html#how-to-replace-a-tanzu-observability-api-token-with-a-vmware-cloud-services-access-token), including [the Operations for Application API tokens of your Wavefront proxies](csp_migration.html#how-to-replace-the-tanzu-observability-api-token-of-a-wavefront-proxy)." %} ## 2024-07.x Release Notes
| Service Roles | -Required for service access. Assign the Tanzu Observability service roles that correspond to the permissions of the service account that you want to replace. + | Required for service access. Assign the Tanzu Observability service roles that correspond to the permissions of the service account that you want to replace.
If you already assigned a custom role, you must assign at least the Viewer Tanzu Observability service role. |
As a result:
|
diff --git a/pages/doc/csp_users_roles.md b/pages/doc/csp_users_roles.md
index 5fba4575d..5478b18b3 100644
--- a/pages/doc/csp_users_roles.md
+++ b/pages/doc/csp_users_roles.md
@@ -41,7 +41,7 @@ The VMware Cloud Services Console **Roles** page lists all service roles and cus
### Tanzu Observability Service Roles (Built-in)
The VMware Cloud Services Console **Roles** page includes the following built-in Tanzu Observability service roles:
-- A corresponding Tanzu Observability service role for each [Tanzu Observability permission](csp_permissions_overview.html#operations-for-applications-permissions), that is, each of the following service roles has only one permission assigned:
+- A corresponding Tanzu Observability service role for each [Tanzu Observability permission](csp_permissions_overview.html#tanzu-observability-permissions), that is, each of the following service roles has only one permission assigned:
* **Admin**
* **Alerts**
@@ -87,7 +87,7 @@ The VMware Cloud Services Console **Roles** page includes the following built-in
### Create, Edit, or Delete a Custom Role
-Custom roles let you combine service permissions of your choice, for example, [Tanzu Observability permissions](csp_permissions_overview.html#operations-for-applications-permissions). A custom role can have permissions for one or multiple services in your organization. For example, you can have a custom role that grants administrative permissions for one service and read-only permissions for another service.
+Custom roles let you combine service permissions of your choice, for example, [Tanzu Observability permissions](csp_permissions_overview.html#tanzu-observability-permissions). A custom role can have permissions for one or multiple services in your organization. For example, you can have a custom role that grants administrative permissions for one service and read-only permissions for another service.
{% include important.html content="The Tanzu Observability permissions in a custom role apply to **all** Tanzu Observability service instances to which the target user account or server to server app has access. Therefore, to obtain the Tanzu Observability permissions from a custom role for a given Tanzu Observability service instance, the user account or server to server app assigned with that custom role must have at least one Operations to Applications service role for that service instance, for example, the **Viewer** service role."%}
@@ -115,7 +115,7 @@ For a [federated domain](csp_authentication.html#federated-domain-authentication
## Manage User Groups
-For efficient user management, you can create groups of users and assign roles to these groups. You can add new and existing users to a group. You can assign [service roles](#operations-for-applications-service-roles-built-in) and [custom roles](#create-edit-or-delete-a-custom-role) to a group.
+For efficient user management, you can create groups of users and assign roles to these groups. You can add new and existing users to a group. You can assign [service roles](#tanzu-observability-service-roles-built-in) and [custom roles](#create-edit-or-delete-a-custom-role) to a group.
See [How do I work with groups](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-0BD8A07B-C3C0-4220-8CD0-18FA070D3DAD.html) in the VMware Cloud services documentation.
diff --git a/pages/doc/documentation_getting_started.md b/pages/doc/documentation_getting_started.md
index 43962f0e2..c3ba2c7f0 100644
--- a/pages/doc/documentation_getting_started.md
+++ b/pages/doc/documentation_getting_started.md
@@ -81,7 +81,7 @@ Our documentation includes reference documentation for API, query language, and
|
 |