Cloudability Roles and permissions in Cloudability

Roles give users permission to access specific views and functions within Cloudability.

By default, all user roles have access to some basic features in Cloudability including cost analytics for reporting, dashboards and TrueCost Explorer. Additional features can be accessed by assigning permissions to the role.

Roles in Cloudability

The following roles can be assigned to users of Cloudability :

Role name	Role permissions
Cloudability Admin	This role can grant access to views within Cloudability to other users.
Cloudability View Management	This role can manage views. This role replaces the Cloudability restrict flag.
Cloudability User	This role can access Cloudability through Access Administration
Cloudability Non-restricted User	This role has the same permissions as the Cloudability User role and the Cloudability View Management role.

Roles in Access Administration affecting Cloudability

The following Access Administration roles are mapped to corresponding roles in Cloudability :

Role name	Role permissions
Admin :	This role can add, edit, or delete users in Access Administration . This role functions across all Apptio applications, including Cloudability.
Administrator	This role has full access to Cloudability. This role is granted to users who log in to Cloudability with either the Admin or Cloudability Admin role on Access Administration .
User	This role has limited access to Cloudability. This role is granted to users who log in to Cloudability with the Cloudability user Access Administration role.

Role name

Role permissions

Admin :

This role can add, edit, or delete users in Access Administration . This role functions across all Apptio applications, including Cloudability.

Administrator

This role has full access to Cloudability.

This role is granted to users who log in to Cloudability with either the Admin or Cloudability Admin role on Access Administration .

User

This role has limited access to Cloudability.

This role is granted to users who log in to Cloudability with the Cloudability user Access Administration role.

Getting Started with Apptio Frontdoor

Identity and access control

In Cloudability , Identity and Access management (IAM) and Enterprise Access Control (EAC) are used to provide identity and access control over the roles users have permission to access.

IAM and EAC support permissions that control Cloudability features, persona-aligned custom role creation, and identity provider (IdP) role mapping to Cloudability standard and custom roles.

Note: Specific roles assigned to a user in Access Administration will overwrite roles from IdP role mapping.

Personas and use cases

IAM and EAC permissions are based on roles, allowing users to access features based on their role, or persona. The following table shows examples of use cases and corresponding personas.

Persona	Use Case	Cloudability Use
Power User	Cloud Center of Excellence (CCoE) Focus: deep understanding of cloud cost management, platform administration, colleague enablement	Daily
Program Manager or Product Owner	Focus: cloud costs in the context of project or product they own	Ad hoc; weekly; depending on need
DevOps User	Cloud operations Focus: usage optimization and automation	Ad hoc; weekly
Finance User	Analysis and cadence reporting at organization level Focus: planning, budgeting, and forecasting	Weekly; monthly; quarterly
Executive	Senior management Focus: financial overview and direction	Ad hoc; quarterly

You cannot delete a role unless all users assigned to the role have been deleted.

Using identity and access control

Note:

You must be a Access Administration administrator to access identity and access controls.

You can use the Access Administration Access Administration portal to access the functions for granting user roles and permissions in Cloudability.

Managing user permissions and roles

Supported permissions

When a user logs into Cloudability , permissions assigned via the Access Administration Access Administration portal controls access to the features the user can access, based on their assigned permissions.

Supported permissions in Cloudability are shown in the following table:

Permission Name	Description
AccountGroupManagementFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Account Groups menu.
AccountGroupManagementFeatureViewOnlyAccess	Users can view Account Groups menu but cannot endit any account group
AnomalyDetectionFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Anomaly Detection menu.
AutomationFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Automation menu.
BudgetsAndForecastFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Current Month , Forecast , and Budgets menus.
BusinessMappingsFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Business Mappings menu.
BusinessMappingsFeatureViewOnlyAccess	Users can view Business Mappings menu but cannot edit any business mapping
CommitmentPreferencesFeatureFullAccess	Enable users assigned to a role with this permission to access all functionality (view, create, update) under the Cloudability Commitment Preferences feature menu item.
CommitmentPreferencesFeatureViewOnly	Enable users assigned to a role with this permission to access functionality to view information surfaced under the Cloudability Commitment Preferences feature menu item.
ContainersFeatureFullAccess	Users can view information in the Cloudability Containers menu. Users can also create or update the Cloudability Containers Agent.
ContainersFeatureViewOnly	Users can view information in the Cloudability Containers menu.
OrgCurrencyFeatureAccess	Users can access Currency screen and change the default base currency of an org.
ReservationPortfolioFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Reservation Portfolio menu.
ReservedInstancePlannerFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Reserved Instance Planner menu.
RightsizingFeatureCanSnooze	Enable users assigned to a role with this permission to access all functionality (view, create, update) that allows snoozing of rightsizing recommendations.
RightsizingFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Rightsizing menu.
RightsizingFeatureViewOnly	Enable users assigned to a role with this permission to access functionality to view information surfaced for snoozed rightsizing recommendations.
RightsizingPoliciesFeatureFullAccess	Enable users assigned to a role with this permission to access all functionality (view, create, update) under the Cloudability Rightsizing Policies feature menu item.
RightsizingPoliciesFeatureViewOnly	Enable users assigned to a role with this permission to access functionality to view information surfaced under the Cloudability Rightsizing Policies feature menu item.
RightsizingPreferencesFeatureFullAccess	Enable users assigned to a role with this permission to access all functionality (view, create, update) under the Cloudability Rightsizing Preferences feature menu item.
RightsizingPreferencesFeatureViewOnly	Enable users assigned to a role with this permission to access functionality to view information surfaced under the Cloudability " Rightsizing Preferences " feature menu item.
RightsizingROIFeatureFullAccess	Enable users assigned to a role with this permission to access all functionality (view, create, update) under the Cloudability Rightsizing ROI feature menu item.
SavingsPlansFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Savings Plans menu.
ScorecardsFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Scorecards menu.
TagExplorerFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Tag Explorer menu.
TagsAndLabelsFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Tags menu.
TagsAndLabelsFeatureViewOnlyAccess	Users can view Tags & Labels menu but cannot edit any tags or labels
UserManagementFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Users menu.
VendorCredentialsFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Vendor Credentials menu.
ViewsFeatureFullAccess	Users can access all functionality (view, create, update) in the Cloudability Views menu.
ViewsFeatureCreateOwnViewsAccess	Users can create, edit and delete their own Views but cannot edit or delete other users’ Views
WorkloadPlanningFeatureCanAccess	Users can access all functionality (view, create, update) in Workload Planning to manage their workloads.
WorkloadPlanningFeatureFullAccess	Users can access Workload Planning Preferences (view, update), workloads created by them from their organization (view only) in Workload Planning and all functionality (view, create, update) to manage their workloads.
WorkloadPlanningPreferencesViewOnly	Enable users assigned to a role with this permission to access functionality to view information surfaced under the Cloudability Workload Planning Preferences menu item.