Roles and permissions
DoiT platform supports role-based access control (RBAC), which allows you to manage user access through the combination of roles and permissions.
Required permissionβ
- Users Manager
Pre-built rolesβ
Pre-built roles grant a set of permissions that enables users to perform common business functions, simplifying user access management.
Support Userβ
The Support User role has the minimum set of permissions, which are also included in other pre-built roles.
| Permission | Description |
|---|---|
| Issues Viewer | Access Cloud incidents information. |
| Support Requester | Create and view expert inquiries. |
Standard User and Power Userβ
The Power User role includes all Standard User permissions and additionally grants access to identity and access management, Flexsave, DataHub, and more.
| Permission | Description |
|---|---|
| Anomalies Viewer | Access Cost anomalies. |
| Allocations Admin | Create, delete and manage Allocations. |
| Budgets Manager | Create, delete and manage Budgets. |
| Cloud Analytics User | Create and access Cloud Analytics resources and Commitment Manager commitments. |
| Cloud Diagrams User | Create, view, and manage Cloud Diagrams. |
| CloudFlow Editor | (Power User) Create, view, and manage CloudFlows. |
| Contracts Viewer | Provide access to commercial contracts. |
| DataHub Admin | (Power User) Create, view, and manage DataHub datasets. |
| Flexsave Admin | (Power User) Enable and manage Flexsave. |
| Insights Manager | Access Insights. |
| Issues Viewer | Access Cloud incidents information. |
| Manage Settings | (Power User) Manage your DoiT console account settings. |
| Metrics Manager | (Power User) Create, delete, and manage custom metrics for Cloud Analytics. |
| Perks Viewer | Access and request ISV solutions. |
| Sandbox Admin | Obsolete |
| Sandbox User | Obsolete |
| Support Requester | Create and view expert inquiries. |
| Threads Manager | Create and manage Threads. |
| Users Manager | (Power User) Manage users and roles; view and manage Single Sign-On and auth provider settings. |
Finance Userβ
| Permission | Description |
|---|---|
| Anomalies Viewer | Access Cost anomalies. |
| Billing Profiles Admin | Create and manage billing profiles (including payment methods) and connections to third-party platforms. |
| Budgets Manager | Create, delete and manage Budgets. |
| Cloud Analytics User | Create and access Cloud Analytics resources and Commitment Manager commitments. |
| Cloud Diagrams User | Create, view, and manage Cloud Diagrams. |
| Contracts Viewer | Provide access to commercial contracts. |
| Flexsave Admin | Enable and manage Flexsave. |
| Insights Manager | Access Insights. |
| Invoice Viewer | View and pay invoices. |
| Issues Viewer | Access Cloud incidents information. |
| Perks Viewer | Access and request ISV solutions. |
| Support Requester | Create and view expert inquiries. |
| Threads Manager | Create and manage Threads. |
IT Managerβ
| Permissions | Capabilities |
|---|---|
| Assets Manager | View and manage assets (including managing licenses). |
| Cloud Diagrams User | Create, view, and manage Cloud Diagrams. |
| Issues Viewer | Access Cloud incidents. |
| Perks Viewer | Access and request ISV solutions. |
| Support Requester | Create new and access existing expert inquiries. |
Adminβ
The Admin role has full access to all features and can manage every aspect of your organization's account, including integrations.
Permissions exclusive to the Admin roleβ
Below are the permissions exclusive to the Admin role.
| Permission | Description |
|---|---|
| Cloud Analytics Admin | View and manage all Cloud Analytics resources, custom dashboards, labels and Commitment Manager commitments in your organization, regardless of whether they have been shared with you. |
| CloudFlow Manager | Create, view, manage, and delete CloudFlows created by other users. |
Billing Profile Admin permissionβ
While the permissions listed above are exclusive, the Admin role also includes the Billing Profiles Admin permission. The Billing Profiles Admin permission enables creation and management of billing profiles (including payment methods) and connections to third-party platforms.
The Finance role also has access to the Billing Profile Admin permissions.
Custom rolesβ
Create a custom roleβ
To create a custom user role:
-
In the DoiT console, select the gear icon () from the top navigation bar, and then select Users and access.
-
Select Roles from the left-hand menu.
You will see a list of preset roles as well as custom roles created by your team.
-
Select Create new role.
-
Enter a name for the role. You can also use the file icon to add a description to the role.
-
Choose permissions for the role.
Delete a custom roleβ
You can't delete custom roles that have been assigned to users.
To delete a custom role:
-
Select the checkbox next to the role of interest on the Roles page.
-
Select Delete.
You'll be asked to confirm the deletion before the role is removed.
Default roleβ
A default role is the role a new user on your team is auto-provisioned, until a role is explicitly set by an admin. Both pre-built and custom roles can be designated as the default role.
A default role is automatically assigned (auto-provisioned) to new users on your team until an admin explicitly sets a different role. It can be either a pre-built or a custom role.
If auto provisioning is enabled, any user with an email address from your organization's domain can sign up without being invited.
To set a role as the default role:
-
Locate the role of interest on the Roles page.
-
Select the role name to open its configuration page.
-
Select MAKE DEFAULT in the upper-right corner of the page.
Role IDβ
To find the role ID in the DoiT console:
-
Select the gear icon () from the top navigation bar, and then select Identity & access.
-
Go to the Roles subsection and select the desired role.
-
Select the Copy Role ID button in the upper-right corner of the role details screen to copy the Role ID to your system clipboard.
Summary: Pre-built Roles and Permissionsβ
| Permissions | Admin | Finance User | IT Manager | Power User | Standard User | Support User |
|---|---|---|---|---|---|---|
| Anomalies Viewer | β | β | β | β | ||
| Assets Manager | β | β | ||||
| Allocations Admin | β | β | β | |||
| Billing Profile Admin | β | β | ||||
| Budgets Manager | β | β | β | β | ||
| Cloud Analytics Admin | β | |||||
| Cloud Analytics User | β | β | β | β | ||
| Cloud Diagrams User | β | β | β | β | β | |
| CloudFlow Manager | β | |||||
| CloudFlow Editor | β | β | ||||
| Commitment Manager | β | β | ||||
| Contracts Viewer | β | β | β | β | ||
| DataHub Admin | β | β | ||||
| Flexsave Admin | β | β | β | |||
| Insights Manager | β | β | β | β | ||
| Invoice Viewer | β | β | ||||
| Issues Viewer | β | β | β | β | β | β |
| Manage Settings | β | β | ||||
| Metrics Manager | β | β | ||||
| Perks Viewer | β | β | β | β | β | |
| Sandbox Admin | β | β | ||||
| Sandbox User | β | β | β | |||
| PerfectScale for Spot Manager | β | β | ||||
| Support Requester | β | β | β | β | β | β |
| Threads Manager | β | β | β | β | ||
| Users Manager | β | β |