Roles and permissions

DoiT platform supports role-based access control (RBAC), which allows you to manage user access through the combination of roles and permissions.

Required permission

• Users Manager

Pre-built roles

Pre-built roles grant a set of permissions that enable users to perform common business functions, simplifying user access management.

Admin

The Admin role has full access to all features and can manage every aspect of your organization's account, including integrations.

Below are the permissions exclusive to the Admin role.

Permission	Description
Cloud Analytics Admin	View and manage all Cloud Analytics resources, custom dashboards, labels and Commitment Manager commitments in your organization, regardless of whether they have been shared with you.
CloudFlow Manager	Create, view, manage, and delete CloudFlows created by other users.
Billing Utilities Admin	Access the Billing utilities page and run data recalculations. This permission is relevant only to reseller tenants of the DoiT PartnerOps service.

IT Manager

Permissions	Description
Assets Manager	View and manage assets (including managing licenses).
Cloud Diagrams User	Create, view, and manage Cloud Diagrams.
Issues Viewer	Access Cloud incidents.
PerfectScale Commitments Read Only	View PerfectScale for Commitments pages in read-only mode.
Perks Viewer	Access and request ISV solutions.
Support Requester	Create new and access existing expert inquiries.

Partner Account Manager

Permission	Description
Cloud Analytics User	Create and access Cloud Analytics resources and Commitment Manager commitments.
Cloud Diagrams User	Create, view, and manage Cloud Diagrams.

Standard User and Power User

The Power User role includes all Standard User permissions and additionally grants access to identity and access management, Flexsave, DataHub, and more.

Permission	Description
Allocations Admin	Create, delete and manage Allocations.
Anomalies Viewer	Access Cost anomalies.
Budgets Manager	Create, delete and manage Budgets.
Cloud Analytics User	Create and access Cloud Analytics resources and Commitment Manager commitments.
Cloud Diagrams User	Create, view, and manage Cloud Diagrams.
CloudFlow Editor	(Power User) Create, view, and manage CloudFlows.
Contracts Viewer	Provide access to commercial contracts.
DataHub Admin	(Power User) Create, view, and manage DataHub data.
Flexsave Admin	(Power User) Enable and manage Flexsave.
Insights Manager	Access and execute Insights.
Issues Viewer	Access Cloud incidents.
Manage Settings	(Power User) Manage your DoiT console account settings.
Metrics Manager	(Power User) Create, delete, and manage custom metrics for Cloud Analytics.
PerfectScale Commitments Admin	(Power User) Manage PerfectScale for Commitments settings, onboarding, and purchases.
PerfectScale for Spot Manager	(Power User) Manage AWS auto-scaling groups.
Perks Viewer	Access and request ISV solutions.
Sandbox Admin	Obsolete
Sandbox User	Obsolete
Support Requester	Create and view expert inquiries.
Threads Manager	Create and manage Threads.
Users Manager	(Power User) Manage users and roles; view and manage Single Sign-On and auth provider settings.

Support User

The Support User role has the minimum set of permissions, which are also included in other pre-built roles.

Permission	Description
Issues Viewer	Access Cloud incidents information.
PerfectScale Commitments Read Only	View PerfectScale for Commitments pages in read-only mode.
Support Requester	Create and view expert inquiries.

Sales

The Sales role has view-only access to specific areas of the DoiT console without the ability to create or modify resources.

Permission	Description
Alerts Read Only	View-only access to budget alerts.
Budgets Read Only	View-only access to budgets.
Cloud Analytics Read Only	View-only access to Cloud Analytics reports and resources.
Contracts Read Only	View-only access to commercial contracts.
Invoices Read Only	View-only access to invoices.
Settings No Access	This permission hides the notifications bell and settings gear icon from the console navigation bar. It's intended for read-only roles such as Sales. Roles with this permission have no access to account settings or in-app notifications.

Finance User

Permission	Description
Anomalies Viewer	Access Cost anomalies.
Billing Profile Admin	Create and manage billing profiles (including payment methods) and connections to third-party platforms.
Budgets Manager	Create, delete and manage Budgets.
Cloud Analytics User	Create and access Cloud Analytics resources and Commitment Manager commitments.
Cloud Diagrams User	Create, view, and manage Cloud Diagrams.
Contracts Viewer	Provide access to commercial contracts.
Flexsave Admin	Enable and manage Flexsave.
Insights Manager	Access Insights.
Invoice Viewer	View and pay invoices.
Issues Viewer	Access Cloud incidents information.
PerfectScale Commitments Admin	Manage PerfectScale for Commitments settings, onboarding, and purchases.
Perks Viewer	Access and request ISV solutions.
Support Requester	Create and view expert inquiries.
Threads Manager	Create and manage Threads.

Custom roles

Create a custom role

To create a custom user role:

1. In the DoiT console, select the gear icon () from the top navigation bar, and then select Users and access.

2. Select Roles from the left-hand menu.

   You will see a list of preset roles as well as custom roles created by your team.

3. Select Create new role.

   

4. Enter a name for the role. You can also use the file icon to add a description to the role.

5. Choose permissions for the role.

Delete a custom role

Note

You can't delete custom roles that have been assigned to users.

To delete a custom role:

1. Select the checkbox next to the role of interest on the Roles page.

2. Select Delete.

   You'll be asked to confirm the deletion before the role is removed.

Default role

A default role is the role a new user on your team is auto-provisioned, until a role is explicitly set by an admin. Both pre-built and custom roles can be designated as the default role.

A default role is automatically assigned (auto-provisioned) to new users on your team until an admin explicitly sets a different role. It can be either a pre-built or a custom role.

Caution

If auto provisioning is enabled, any user with an email address from your organization's domain can sign up without being invited.

To set a role as the default role:

1. Locate the role of interest on the Roles page.

2. Select the role name to open its configuration page.

3. Select MAKE DEFAULT in the upper-right corner of the page.

Role ID

To find the role ID in the DoiT console:

1. Select the gear icon () from the top navigation bar, and then select Users and access.

2. Go to the Roles subsection and select the desired role.

3. Select the Copy Role ID button in the upper-right corner of the role details screen to copy the Role ID to your system clipboard.

   

Summary: Pre-built Roles and Permissions

Permissions	Admin	Finance User	IT Manager	Partner Account Manager	Power User	Standard User	Sales	Support User
Alerts Read Only	✓						✓
Allocations Admin	✓				✓	✓
Anomalies Viewer	✓	✓			✓	✓
Assets Manager	✓		✓
Billing Profile Admin	✓	✓
Billing Utilities Admin	✓
Budgets Manager	✓	✓			✓	✓
Budgets Read Only	✓						✓
Cloud Analytics Admin	✓
Cloud Analytics Read Only	✓						✓
Cloud Analytics User	✓	✓		✓	✓	✓
Cloud Diagrams User	✓	✓	✓	✓	✓	✓
CloudFlow Manager	✓
CloudFlow Editor	✓				✓
Contracts Read Only	✓						✓
Contracts Viewer	✓	✓			✓	✓
DataHub Admin	✓				✓
Flexsave Admin	✓	✓			✓
Insights Manager	✓	✓			✓	✓
Invoice Viewer	✓	✓
Invoices Read Only	✓						✓
Issues Viewer	✓	✓	✓		✓	✓		✓
Manage Settings	✓				✓
Metrics Manager	✓				✓
PerfectScale Commitments Admin	✓	✓			✓
PerfectScale Commitments Read Only	✓		✓					✓
PerfectScale for Spot Manager	✓				✓
Perks Viewer	✓	✓	✓		✓	✓
Settings No Access							✓
Support Requester	✓	✓	✓		✓	✓		✓
Threads Manager	✓	✓			✓	✓
Users Manager	✓				✓