Skip to main content

Roles and permissions

DoiT platform supports role-based access control (RBAC), which allows you to manage user access through the combination of roles and permissions.

Required permission

  • Users Manager

Pre-built roles

Pre-built roles grant a set of permissions that enables users to perform common business functions, simplifying user access management.

Support User

The Support User role has the minimum set of permissions, which are also included in other pre-built roles.

PermissionDescription
Issues ViewerAccess Cloud incidents information.
Support RequesterCreate and view support requests.

Standard User and Power User

The Power User role includes all Standard User permissions and additionally grants access to identity and access management, Flexsave, DataHub, and more.

PermissionDescription
Anomalies ViewerAccess Cost anomalies.
Attributions ManagerCreate, delete and manage Attributions and Attribution groups.
Budgets ManagerCreate, delete and manage Budgets.
Cloud Analytics UserCreate and access Cloud Analytics resources.
Contracts ViewerProvide access to commercial contracts.
DataHub Admin(Power User) Create, view, and manage DataHub datasets.
Flexsave Admin(Power User) Enable and manage Flexsave.
Insights ManagerAccess Insights.
Issues ViewerAccess Cloud incidents information.
Labels manager(Power User) View and manage labels of DoiT Cloud Analytics resources.
Manage Settings(Power User) Manage your DoiT console account settings.
Metrics Manager(Power User) Create, delete, and manage custom metrics for Cloud Analytics.
Perks ViewerAccess and request ISV solutions.
Sandbox Admin(Power User) Set company Sandbox policy, delete a sandbox from DoiT console.
Sandbox UserCreate Cloud Sandbox governed by company Sandbox policies.
Spot Scaling Manager(Power User) Enable and manage Spot Scaling.
Support RequesterCreate and view support requests.
Threads ManagerCreate and manage Threads.
Users Manager(Power User) Manage users and roles; view and manage Single Sign-On and auth provider settings.

Finance User

PermissionDescription
Anomalies ViewerAccess Cost anomalies.
Billing Profiles AdminCreate and manage billing profiles (including payment methods).
Budgets ManagerCreate, delete and manage Budgets.
Cloud Analytics UserCreate and access Cloud Analytics resources.
Contracts ViewerProvide access to commercial contracts.
Flexsave AdminEnable and manage Flexsave.
Insights ManagerAccess Insights.
Invoice ViewerView and pay invoices.
Issues ViewerAccess Cloud incidents information.
Perks ViewerAccess and request ISV solutions.
Ramp Plans ViewerView Ramp plans.
Support RequesterCreate and view support requests.
Threads ManagerCreate and manage Threads.

IT Manager

PermissionsCapabilities
Assets ManagerView and manage assets (including managing licenses).
Issues ViewerAccess Cloud incidents.
Perks ViewerAccess and request ISV solutions.
Support RequesterCreate new and access existing technical support requests.

Admin

The Admin role has full access to all features and can manage every aspect of your organization's account. Below are the permissions exclusive to the Admin role.

PermissionDescription
Cloud Analytics AdminView and manage all Cloud Analytics resources and custom dashboards in your organization, regardless of whether they have been shared with you.
CloudFlow ManagerDelete CloudFlow created by other users.
CloudFlow ViewerCreate, view, and manage CloudFlow.

Custom roles

Create a custom role

To create a custom user role:

  1. In the DoiT console, select the gear icon () from the top navigation bar, and then select Identity & access.

  2. Select Roles from the left-hand menu.

    You will see a list of preset roles as well as custom roles created by your team.

  3. Select Create new role.

    The Roles screen_

  4. Enter a name for the role. You can also use the file icon to add a description to the role.

  5. Choose permissions for the role.

Delete a custom role

Note

You can't delete custom roles that have been assigned to users.

To delete a custom role:

  1. Select the checkbox next to the role of interest on the Roles page.

  2. Select Delete.

    You'll be asked to confirm the deletion before the role is removed.

Default role

A default role is the role a new user on your team is auto-provisioned, until a role is explicitly set by an admin. Both pre-built and custom roles can be designated as the default role.

A default role is automatically assigned (auto-provisioned) to new users on your team until an admin explicitly sets a different role. It can be either a pre-built or a custom role.

Caution

If auto provisioning is enabled, any user with an email address from your organization's domain can sign up without being invited.

To set a role as the default role:

  1. Locate the role of interest on the Roles page.

  2. Select the role name to open its configuration page.

  3. Select MAKE DEFAULT in the upper-right corner of the page.

Role ID

To find the role ID in the DoiT console:

  1. Select the gear icon () from the top navigation bar, and then select Identity & access.

  2. Go to the Roles subsection and select the desired role.

  3. Select the Copy Role ID button in the upper-right corner of the role details screen to copy the Role ID to your system clipboard.

    Copy role Id

Summary: Pre-built Roles and Permissions

PermissionsAdminFinance UserIT ManagerPower UserStandard UserSupport User
Anomalies Viewer
Assets Manager
Attributions Manager
Billing Profile Admin
Budgets Manager
Cloud Analytics Admin
Cloud Analytics User
CloudFlow Manager
CloudFlow Viewer
Contracts Viewer
DataHub Admin
Flexsave Admin
Insights Manager
Invoice Viewer
Issues Viewer
Labels Manager
Manage Settings
Metrics Manager
Perks Viewer
Ramp Plans Viewer
Sandbox Admin
Sandbox User
Spot Scaling Manager
Support Requester
Threads Manager
Users Manager