Skip to main content

Roles and permissions

DoiT Platform supports role-based access control (RBAC), which allows you to combine roles and permissions to control a user's access to DoiT Platform's features.

Required permission
  • Users Manager

Prior to Roles, DoiT Platform users were manually assigned permissions. These legacy permissions are forward-compatible, which means you will not lose access to any functionalities you previously had access to.

Pre-built roles

The DoiT Platform provides several pre-built roles. Each role grants one or more privileges that together, allow performing a common business function. For example, one role allows managing user accounts, another role manages financial aspects, another role manages IT functions, and so on.

Support User

PermissionsCapabilities
Issues Vieweraccess Cloud incidents
Support Requestercreate and access support tickets

Standard User

PermissionsCapabilities
Anomalies Vieweraccess Cost anomalies
Attributions Managercreate, delete and manage Attributions and Attribution groups
Budgets Managercreate, delete and manage Budgets
Cloud Analyticsmanage Cloud Analytics reports and alerts
Contracts Viewerview commercial contracts and manage ramp plans
Issues Vieweraccess Cloud incidents
Perks Vieweraccess and request ISV solutions
Sandbox Usercreate disposable cloud environments (sandboxes) according to company policy
Support Requestercreate and access support tickets

Power User

PermissionsCapabilities
Anomalies Vieweraccess Cost anomalies
Attributions Managercreate, delete and manage Attributions and Attribution groups
Budgets Managercreate, delete and manage Budgets
Cloud Analyticscreate new and access existing Cloud Analytics reports
Contracts Viewerprovides access to the commercial contracts
Flexsave Adminenable and manage Flexsave
Issues Vieweraccess Cloud incidents information
Metrics Managercreate, delete, and manage custom metrics for Cloud Analytics
Perks Vieweraccess and request ISV solutions
Sandbox Adminset company Sandbox policy, delete a sandbox from DoiT Console
Sandbox Usercreate Cloud Sandbox governed by company Sandbox policies
Spot Scaling Manager enable and manage Spot Scaling
Manage Settingsmanage your DoiT Platform account settings
Support Requestercreate new and access existing technical support requests
Users Managermanage users and roles; view and manage Single Sign-On and auth provider settings

IT Manager

PermissionsCapabilities
Assets Managerview and manage assets (including managing licenses)
Issues Vieweraccess Cloud incidents
Support Requestercreate new and access existing technical support requests

Finance User

PermissionsCapabilities
Anomalies Vieweraccess Cost anomalies
Billing Profiles Admincreate and manage billing profiles (including payment methods)
Cloud Analyticscreate new and access existing Cloud Analytics reports
Contracts Vieweraccess the commercial contracts; create, edit, and delete Ramp plans
Invoice Viewerview and pay invoices
Issues Vieweraccess Cloud incidents
Perks Vieweraccess and request ISV solutions
Support Requestercreate new and access existing technical support requests

Admin

The Admin role has access to all the features in the DoiT Console and the DoiT Platform API, and can manage every aspect of your organization's account.

In addition to all those listed before, the Admin role also has the following permissions.

PermissionsCapabilities
Ramp Plans Viewerview Ramp plans
Assign CloudAnalytics Owner RoleBulk edit permissions of Alerts, Attributions, Attribution groups, Budgets, and Cloud Analytics reports.

Summary: Pre-built Roles and Permissions

PermissionsAdminFinance UserIT ManagerPower UserStandard UserSupport User
Anomalies Viewer
Assets Manager
Assign CloudAnalytics Owner Role
Attributions Manager
Billing Profile Admin
Budgets Manager
Cloud Analytics
Contracts Viewer
Flexsave Admin
Invoice Viewer
Issues Viewer
Manage Settings
Metrics Manager
Perks Viewer
Ramp Plans Viewer
Sandbox Admin
Sandbox User
Spot Scaling Manager
Support Requester
Users Manager

Custom roles

To create a custom user role:

  1. Select the gear icon () from the top navigation bar, and then select Identity & access.

  2. Select Roles from the left-hand menu.

    You will see a list of preset roles as well as custom roles created by your team.

  3. Select New next to the filter bar.

    The Roles screen_

  4. Enter a name for the new role. You can also use the file icon to give the role a description.

  5. Choose permissions for the role.

Delete a custom role

Note

You can't delete custom roles that haves been assigned to users.

To delete a custom role:

  1. Select the checkbox next to the role of interest on the Roles page.

  2. Select Delete.

    You'll be asked to confirm the deletion before the role is removed.

Default role

A default role is the role a new user on your team is auto-provisioned, until a role is explicitly set by an admin. Both pre-built and custom roles can be designated as the default role.

Caution

If auto provisioning is enabled, any user with an email address from your organization's domain can sign up without being invited.

To set a role as the default role:

  1. Locate the role of interest on the Roles page.

  2. Select the role name to open its configuration page.

  3. Select MAKE DEFAULT in the upper-right corner of the page.

Role ID

To find the role ID in the DoiT Console:

  1. Select the gear icon () from the top navigation bar, and then select Identity & access.

  2. Go to the Roles subsection and select the desired role.

  3. Select the Copy Role ID button in the upper-right corner of the role details screen to copy the Role ID to your system clipboard.

    Copy role Id