Cloud Manager Roles

On this page


Cloud Manager roles allow you to grant users different levels of access to Cloud Manager. You can grant a user the privileges needed to perform a specific set of tasks and no more.

To assign user roles, see Assign Roles to Cloud Manager Users. You cannot assign your own roles.


The following roles grant privileges within a group.

Read Only

The Read Only role has the lowest level of privileges. The user can generally see everything in a group, including all activity, operational data, users, and user roles. The user, however, cannot modify or delete anything.

User Admin

The User Admin role grants access to do the following:

  • Add an existing user to a group.
  • Invite a new user to a group.
  • Remove an existing group invitation.
  • Remove a user’s request to join a group, which denies the user access to the group.
  • Remove a user from a group.
  • Modify a user’s roles within a group.
  • Update the billing email address.

Data Access Admin

The Data Access Admin role provides privileges to:

Monitoring Admin

The Monitoring Admin role grants all the privileges of the Read Only role and grants additional access to do the following:

  • Manage alerts (create, modify, delete, enable/disable, acknowledge/unacknowledge).
  • Manage hosts (add, edit, delete, enable deactivated).
  • Manage group-wide settings.
  • Download Monitoring Agent.

Backup Admin

The Backup Admin role grants all the privileges of the Read Only role and grants access to manage backups, including the following:

  • Start, stop, and terminate backups.
  • Request restores.
  • View and edit the namespaces filter.
  • View and edit host passwords.
  • Modify backup settings.
  • Generate SSH keys.
  • Download the Backup Agent.

Automation Admin

The Automation Admin role grants all the privileges of the Read Only role and grants access to the following management actions:

  • View deployments.
  • Provision machines.
  • Edit configuration files.
  • Modify settings.
  • Download the Automation Agent.


Every group must have at least one user with the Owner role. Cloud Manager does not let you remove this role from a user if no other user has it.

The Owner role has the privileges of all the other roles combined. The following additional privileges available only to Owner:

  • Set up the Backup service.
  • Update billing information.

Billing Admin

The Billing Admin role grants access to modify the account’s payment methods.