Manage Roles

If you don't want to give a user full access to the Cloud Management Platform, you can let them perform only a subset of tasks by assigning a role. Roles make it easy to assign multiple permissions and manage users more efficiently in your organization.
Required permission to manage and assign roles: User Manager
If someone from your organization (as determined by their email address) signs up without being invited, their user account will be assigned your organization's default role (or the Basic Role if no default is configured).
Prior to Roles, CMP users were manually assigned permissions. These legacy permissions are forward-compatible, so you will not lose access to any functionalities you previously had access to.
Pre-built roles
There are a few pre-built roles in your account for your convenience. The easiest way to give user privileges is to assign pre-built roles. Each role grants one or more privileges that together, allow performing a common business function. For example, one role allows managing user accounts, another role manages financial aspects, another role manages IT functions, and so on.
Basic Role
Privileges
Only users with privilege can:
Support
create new and access existing technical support requests
IT Manager
Privileges
Only users with privilege can:
Support
Create new and access existing technical support requests
Issues Viewer
Access to cloud outage information
Assets Manager
View and manage assets (including managing licenses)
Finance User
Privileges
Only users with privilege can:
Support
create new and access existing technical support requests
Billing Profiles Admin
create new and manage existing billing profiles, including payment method
Invoice Viewer
access invoices
Cloud Analytics
create new and access existing Cloud Analytics Reports​
Contracts Viewer
provides access to the commercial contracts
Perks Viewer
access and request Perks
Anomalies Viewer
access Cost and Usage Anomalies
Standard User
Privileges
Only users with privilege can:
Support
create new and access existing technical support requests
Cloud Analytics
create new and access existing Cloud Analytics Reports​
Sandbox User
create disposable cloud environments (sandboxes) according to company policy
Contracts Viewer
provides access to the commercial contracts
Perks Viewer
access and request Perks
Anomalies Viewer
access Cost and Usage Anomalies
Issues Viewer
access to cloud outage information
Budgets Manager
create, delete and manage budgets
Attributions Manager
create, delete and manage attributions
Power User
Privileges
Only users with privilege can:
Support
create new and access existing technical support requests
Cloud Analytics
create new and access existing Cloud Analytics Reports​
Sandbox User
​create disposable cloud environments (sandboxes) governed by a company Sandbox policy
Sandbox Admin
set company Sandbox policy for other users
Flexsave Admin
purchase and manage flexible reservations​
Settings Manager
manage your Cloud Management Platform account settings
Contracts Viewer
provides access to the commercial contracts
Perks Viewer
access and request Perks
Anomalies Viewer
access Cost and Usage Anomalies
Issues Viewer
access to cloud outage information
Budgets Manager
create, delete and manage budgets
Attributions Manager
create, delete and manage attributions
Admin
Has access to all features in the Cloud Management Platform and the CMP API, and can manage every aspect of your organization's account.
Summary: Pre-built Roles and Permissions
Permissions
Admin
Finance User
IT Manager
Power User
Standard User
Anomalies Viewer
✓
✓
✓
✓
​
Assets Manager
✓
​
✓
​
​
Attributions Manager
✓
​
​
✓
✓
Billing Profile Admin
✓
✓
​
​
​
Budgets Manager
✓
​
​
✓
✓
Cloud Analytics
✓
✓
​
✓
✓
Contracts Viewer
✓
✓
​
✓
✓
Flexible RI Admin
✓
​
​
✓
​
Invoice Viewer
✓
✓
​
​
​
Issues Viewer
✓
✓
✓
✓
✓
Settings Manager
✓
​
​
✓
​
Sandbox Admin
✓
​
​
✓
​
Sandbox User
✓
​
​
✓
✓
Spot0
✓
​
​
✓
​
Support Requester
✓
✓
✓
✓
✓
Users Manager
✓
​
​
✓
​
Custom Roles
If one of the built-in roles doesn't work for you, you can create a custom role with your own set of permissions. To create a custom user role, select the Settings icon (a gear) from the top menu bar, then select Identity and access.
A screenshot of the Identity and access screen
From there, select Roles from the left-hand menu:
A screenshot showing the Roles screen_
You will see a list of preset roles as well as any other custom roles created by your team.
Create a new role by selecting the NEW button in the top right-hand of the screen. Doing this will take you to the New role screen, with a list of permissions available for you to group into the new role:
A screenshot showing the New role screen_
To get started:
1.Give your new User Role a good name.
2.Optional: Give the role a description to give additional context around who the role is for.
3.Select the permissions you'd like the role to contain.
Deleting a custom role
To delete the custom role, you will need to make sure there are no users configured with this role. You cannot delete a role until this condition is satisfied.
Select the role you'd like to delete and click the "Remove" button. You will need to confirm your action and the role will be removed.
You can't remove built-in roles.
Setting a default role
A default role is the role a new user on your team is auto-provisioned, until a role is explicitly set by an admin. Both pre-built and custom roles can be designated as a default role.
To set a role as the default role for your team, select the role, then select the MAKE DEFAULT button in the top right-hand corner of the screen.