Skip to main content

Managing Roles

If you don't want to give a user full access to the Cloud Management Platform, you can let them perform only a subset of tasks by assigning a role. Roles make it easy to assign multiple permissions and manage users more efficiently in your organization.

note

Required permission to manage and assign roles: User Manager

caution

If someone from your organization (as determined by their email address) signs up without being invited, their user account will be assigned your organization's default role (or the Basic Role if no default is configured).

note

Prior to Roles, CMP users were manually assigned permissions. These legacy permissions are forward-compatible, so you will not lose access to any functionalities you previously had access to.

Pre-built roles

There are a few pre-built roles in your account for your convenience. The easiest way to give user privileges is to assign pre-built roles. Each role grants one or more privileges that together, allow performing a common business function. For example, one role allows managing user accounts, another role manages financial aspects, another role manages IT functions, and so on.

Basic Role

PrivilegesOnly users with privilege can:
Supportcreate new and access existing technical support requests

IT Manager

PrivilegesOnly users with privilege can:
SupportCreate new and access existing technical support requests
Issues ViewerAccess to cloud outage information
Assets ManagerView and manage assets (including managing licenses)

Finance User

PrivilegesOnly users with privilege can:
Supportcreate new and access existing technical support requests
Billing Profiles Admincreate new and manage existing billing profiles, including payment method
Invoice Vieweraccess invoices
Cloud Analyticscreate new and access existing Cloud Analytics reports
Contracts Viewerprovides access to the commercial contracts
Perks Vieweraccess and request Perks
Anomalies Vieweraccess Cost and Usage Anomalies

Standard User

PrivilegesOnly users with privilege can:
Supportcreate new and access existing technical support requests
Cloud Analyticscreate new and access existing Cloud Analytics reports
Sandbox Usercreate disposable cloud environments (sandboxes) according to company policy
Contracts Viewerprovides access to the commercial contracts
Perks Vieweraccess and request Perks
Anomalies Vieweraccess Cost and Usage Anomalies
Issues Vieweraccess to cloud outage information
Budgets Managercreate, delete and manage budgets
Attributions Managercreate, delete and manage attributions

Power User

PrivilegesOnly users with privilege can:
Supportcreate new and access existing technical support requests
Cloud Analyticscreate new and access existing Cloud Analytics reports
Sandbox Usercreate disposable cloud environments (sandboxes) governed by a company Sandbox policy
Sandbox Adminset company Sandbox policy for other users
Flexsave Adminpurchase and manage flexible reservations
Settings Managermanage your Cloud Management Platform account settings
Contracts Viewerprovides access to the commercial contracts
Perks Vieweraccess and request Perks
Anomalies Vieweraccess Cost and Usage Anomalies
Issues Vieweraccess to cloud outage information
Budgets Managercreate, delete and manage budgets
Attributions Managercreate, delete and manage attributions

Admin

Has access to all features in the Cloud Management Platform and the CMP API, and can manage every aspect of your organization's account.

Summary: Pre-built Roles and Permissions

PermissionsAdminFinance UserIT ManagerPower UserStandard User
Anomalies Viewer
Assets Manager
Attributions Manager
Billing Profile Admin
Budgets Manager
Cloud Analytics
Contracts Viewer
Flexible RI Admin
Invoice Viewer
Issues Viewer
Settings Manager
Sandbox Admin
Sandbox User
Spot0
Support Requester
Users Manager

Custom Roles

If one of the built-in roles doesn't work for you, you can create a custom role with your own set of permissions. To create a custom user role, select the Settings icon (a gear) from the top menu bar, then select Identity and access.

From there, select Roles from the left-hand menu:

You will see a list of preset roles as well as any other custom roles created by your team.

Create a new role by selecting the NEW button in the top right-hand of the screen. Doing this will take you to the New role screen, with a list of permissions available for you to group into the new role:

To get started:

  1. Give your new User Role a good name.
  2. Optional: Give the role a description to give additional context around who the role is for.
  3. Select the permissions you'd like the role to contain.

Deleting a custom role

To delete the custom role, you will need to make sure there are no users configured with this role. You cannot delete a role until this condition is satisfied.

Select the role you'd like to delete and click the "Remove" button. You will need to confirm your action and the role will be removed.

note

You can't remove built-in roles.

Setting a default role

A default role is the role a new user on your team is auto-provisioned, until a role is explicitly set by an admin. Both pre-built and custom roles can be designated as a default role.

To set a role as the default role for your team, select the role, then select the MAKE DEFAULT button in the top right-hand corner of the screen.