Navigation

Cloud Manager Roles

Overview

Cloud Manager roles allow you to grant users different levels of access to Cloud Manager. You can grant a user the privileges needed to perform a specific set of tasks and no more.

To assign user roles, see Edit Project Role for a User/Team. You cannot assign your own roles.

Organization Roles

Organization Role Description
Organization Owner

Grants root access to the organization, including:

  • Project Owner access to all projects in the organization, even if added to a project with a non-Owner role.
  • Privileges to administer organization settings.
  • Privileges to add/remove/edit users to the organization.
  • Privileges to delete the organization.
  • All the privileges granted by the other organization roles combined.
Organization Project Creator

Grants the following access:

  • Privileges to create projects in the organization.
  • Privileges granted by the Organization Member role.
Organization Billing Admin

Grants the following access:

  • Privileges to administer billing information for the organization.
  • Privileges granted by the Organization Member role.
Organization Read Only

Provides read-only access to everything in the organization, including all projects in the organization.

For an Organization Member, within a project, the user has the privileges as determined by the user’s project role. If a user’s project role is User Admin or Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

Organization Member

Provides read-only access to the organization (settings, users, and billing) and the projects to which they belong.

For an Organization Member, within a project, the user has the privileges as determined by the user’s project role. If a user’s project role is User Admin or Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

Project Roles

The following roles grant privileges within a project.

Project Role Description
Read Only
Grants read-only access to the most aspects of the project, including: all activity, operational data, users, and user roles. The user, however, cannot modify or delete anything.
User Admin

Provides privileges to the following actions:

  • Add an existing Cloud Manager user to a project. If the added user does not currently belong to the organization, the user will be added to the organization as well.
  • Invite a new user to a project. The invited user will be added to the organization as well.
  • Remove an existing project invitation.
  • Remove a user’s request to join a project, which can deny the user access to the project depending on the user’s role in the organization.
  • Remove a user from a project.
  • Modify a user’s role within a project.
Data Access Admin

Provides privileges to the following:

Monitoring Admin

Grants the following access:

  • Privileges granted by the Read Only role.
  • Privileges to administer alerts (create, modify, delete, enable/disable, acknowledge/unacknowledge).
  • Privileges to manage hosts (add, edit, delete, enable deactivated).
  • Download Monitoring Agent.
Backup Admin

Grants the following access:

  • Privileges granted by the Read Only role.
  • Privileges to manage backups, including the following:
    • Start, stop, and terminate backups.
    • Request restores.
    • View and edit the namespaces filter.
    • View and edit host passwords.
    • Modify backup settings.
    • Generate SSH keys.
    • Download the Backup Agent.
Automation Admin

Grants the following access:

  • Privileges granted by the Read Only role.
  • Privileges to perform the following:
    • View deployments.
    • Provision machines.
    • Edit configuration files.
    • Download the Automation Agent.
Owner

Grants the following access:

  • The privileges granted by all the other project roles.
  • Set up the Backup service.

Note

A user with Organization Owner role has project Owner access for all projects in the organization, even if added to a project with a non-Owner role.