Navigation

Cloud Manager Roles

Overview

Cloud Manager roles allow you to grant users different levels of access to Cloud Manager. You can grant a user the privileges needed to perform a specific set of tasks and no more.

To assign user roles, see Edit Project User’s Role. You cannot assign your own roles.

Organization Roles

Organization Role Description
Organization Owner

Grants root access to the organization, including:

  • Project Owner access to all projects in the organization, even if added to a project with a non-Owner role.
  • Privileges to administer organization settings.
  • Privileges to add/remove/edit users to the organization.
  • Privileges to delete the organization.
  • All the privileges granted by the other organization roles combined.
Organization Project Creator

Grants the following access:

  • Privileges to create projects in the organization.
  • Privileges granted by the Organization Member role.
Organization Billing Admin

Grants the following access:

  • Privileges to administer billing information for the organization.
  • Privileges granted by the Organization Member role.
Organization Read Only

Provides read-only access to everything in the organization, including all projects in the organization.

For an Organization Member, within a project, the user has the privileges as determined by the user’s project role. If a user’s project role is User Admin or Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

Organization Member

Provides read-only access to the organization (settings, users, and billing) and the projects to which they belong.

For an Organization Member, within a project, the user has the privileges as determined by the user’s project role. If a user’s project role is User Admin or Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

Project Roles

The following roles grant privileges within a project.

Project Role Description
Read Only
Grants read-only access to the most aspects of the project, including: all activity, operational data, users, and user roles. The user, however, cannot modify or delete anything.
User Admin

Provides privileges to the following actions:

  • Add an existing Cloud Manager user to a project. If the added user does not currently belong to the organization, the user will be added to the organization as well.
  • Invite a new user to a project. The invited user will be added to the organization as well.
  • Remove an existing project invitation.
  • Remove a user’s request to join a project, which can deny the user access to the project depending on the user’s role in the organization.
  • Remove a user from a project.
  • Modify a user’s role within a project.
Data Access Admin

Provides privileges to the following:

Monitoring Admin

Grants the following access:

  • Privileges granted by the Read Only role.
  • Privileges to administer alerts (create, modify, delete, enable/disable, acknowledge/unacknowledge).
  • Privileges to manage hosts (add, edit, delete, enable deactivated).
  • Download Monitoring Agent.
Backup Admin

Grants the following access:

  • Privileges granted by the Read Only role.
  • Privileges to manage backups, including the following:
    • Start, stop, and terminate backups.
    • Request restores.
    • View and edit the namespaces filter.
    • View and edit host passwords.
    • Modify backup settings.
    • Generate SSH keys.
    • Download the Backup Agent.
Automation Admin

Grants the following access:

  • Privileges granted by the Read Only role.
  • Privileges to perform the following:
    • View deployments.
    • Provision machines.
    • Edit configuration files.
    • Download the Automation Agent.
Owner

Grants the following access:

  • The privileges granted by all the other project roles.
  • Set up the Backup service.

Note

A user with Organization Owner role has project Owner access for all projects in the organization, even if added to a project with a non-Owner role.