Roles and permissions

DoiT Platform supports role-based access control (RBAC), which allows you to combine roles and permissions to control a user's access to DoiT Platform's features.

Required permission

• Users Manager

Prior to Roles, DoiT Platform users were manually assigned permissions. These legacy permissions are forward-compatible, which means you will not lose access to any functionalities you previously had access to.

Pre-built roles

The DoiT Platform provides several pre-built roles. Each role grants one or more privileges that together, allow performing a common business function. For example, one role allows managing user accounts, another role manages financial aspects, another role manages IT functions, and so on.

Support User

Permissions	Capabilities
Issues Viewer	Access Cloud incidents.
Support Requester	Create and access support tickets.

Standard User

Permissions	Capabilities
Anomalies Viewer	Access Cost anomalies.
Attributions Manager	Create, delete and manage Attributions and Attribution groups.
Budgets Manager	Create, delete and manage Budgets.
Cloud Analytics	Manage Cloud Analytics reports and alerts.
Contracts Viewer	View commercial contracts and manage ramp plans.
Insights Manager	Access Insights.
Issues Viewer	Access Cloud incidents.
Perks Viewer	Access and request ISV solutions.
Sandbox User	Create disposable cloud environments (sandboxes) according to company policy.
Support Requester	Create and access support tickets.

Power User

Permissions	Capabilities
Anomalies Viewer	Access Cost anomalies.
Attributions Manager	Create, delete and manage Attributions and Attribution groups.
Budgets Manager	Create, delete and manage Budgets.
Cloud Analytics	Create new and access existing Cloud Analytics reports.
Contracts Viewer	Provides access to the commercial contracts.
Flexsave Admin	Enable and manage Flexsave.
Insights Manager	Access Insights.
Issues Viewer	Access Cloud incidents information.
Metrics Manager	Create, delete, and manage custom metrics for Cloud Analytics.
Perks Viewer	Access and request ISV solutions.
Sandbox Admin	Set company Sandbox policy, delete a sandbox from DoiT Console.
Sandbox User	Create Cloud Sandbox governed by company Sandbox policies.
Spot Scaling Manager	Enable and manage Spot Scaling.
Manage Settings	Manage your DoiT Platform account settings.
Support Requester	Create new and access existing technical support requests.
Users Manager	Manage users and roles; view and manage Single Sign-On and auth provider settings.

IT Manager

Permissions	Capabilities
Assets Manager	View and manage assets (including managing licenses).
Issues Viewer	Access Cloud incidents.
Support Requester	Create new and access existing technical support requests.

Finance User

Permissions	Capabilities
Anomalies Viewer	Access Cost anomalies.
Billing Profiles Admin	Create and manage billing profiles (including payment methods).
Cloud Analytics	Create new and access existing Cloud Analytics reports.
Contracts Viewer	Access the commercial contracts; create, edit, and delete Ramp plans.
Insights Manager	Access Insights.
Invoice Viewer	View and pay invoices.
Issues Viewer	Access Cloud incidents.
Perks Viewer	Access and request ISV solutions.
Support Requester	Create new and access existing technical support requests.

Admin

The Admin role has access to all the features in the DoiT Console and the DoiT Platform API, and can manage every aspect of your organization's account.

In addition to all those listed before, the Admin role also has the following permissions.

Permissions	Capabilities
Assign CloudAnalytics Owner Role	Bulk edit permissions of Alerts, Attributions, Attribution groups, Budgets, and Cloud Analytics reports.
Labels manager	View and manage labels of DoiT Cloud Analytics content objects.
Ramp Plans Viewer	View Ramp plans.

Summary: Pre-built Roles and Permissions

Permissions	Admin	Finance User	IT Manager	Power User	Standard User	Support User
Anomalies Viewer	✓	✓	✓	✓	✓
Assets Manager	✓		✓
Assign CloudAnalytics Owner Role	✓
Attributions Manager	✓			✓	✓
Billing Profile Admin	✓	✓
Budgets Manager	✓			✓	✓
Cloud Analytics	✓	✓		✓	✓
Contracts Viewer	✓	✓		✓	✓
Flexsave Admin	✓			✓
Insights Manager	✓	✓		✓	✓
Invoice Viewer	✓	✓
Issues Viewer	✓	✓	✓	✓	✓	✓
Labels Manager	✓
Manage Settings	✓			✓
Metrics Manager	✓			✓
Perks Viewer	✓	✓		✓	✓
Ramp Plans Viewer	✓
Sandbox Admin	✓			✓
Sandbox User	✓			✓	✓
Spot Scaling Manager	✓			✓
Support Requester	✓	✓	✓	✓	✓	✓
Users Manager	✓			✓

Custom roles

To create a custom user role:

1. Select the gear icon () from the top navigation bar, and then select Identity & access.

2. Select Roles from the left-hand menu.

   You will see a list of preset roles as well as custom roles created by your team.

3. Select New next to the filter bar.

   

4. Enter a name for the new role. You can also use the file icon to give the role a description.

5. Choose permissions for the role.

Delete a custom role

Note

You can't delete custom roles that haves been assigned to users.

To delete a custom role:

1. Select the checkbox next to the role of interest on the Roles page.

2. Select Delete.

   You'll be asked to confirm the deletion before the role is removed.

Default role

A default role is the role a new user on your team is auto-provisioned, until a role is explicitly set by an admin. Both pre-built and custom roles can be designated as the default role.

Caution

If auto provisioning is enabled, any user with an email address from your organization's domain can sign up without being invited.

To set a role as the default role:

1. Locate the role of interest on the Roles page.

2. Select the role name to open its configuration page.

3. Select MAKE DEFAULT in the upper-right corner of the page.

Role ID

To find the role ID in the DoiT Console:

1. Select the gear icon () from the top navigation bar, and then select Identity & access.

2. Go to the Roles subsection and select the desired role.

3. Select the Copy Role ID button in the upper-right corner of the role details screen to copy the Role ID to your system clipboard.