Managing User Roles - Enterprise Users
You can assign user roles to control the actions and permissions of users. This table summarizes each user role and its supported functionality, indicated by a ✓.
|Lock and unlock services||✓|
|Create and delete applications||✓||✓|
|Create, update, and delete Insights||✓||✓|
|Create, view, and update users||✓|
|Add and delete credentials||✓||✓|
|Create and delete clusters||✓||✓|
|Download Kubernetes configuration||✓||✓|
|Create and delete repositories||✓||✓|
|Enable and update billing markets||✓|
|View billing markets||✓||✓||✓|
|View and pay invoices||✓||✓||✓|
Here are some details to consider when creating user roles:
- Company Admin – Company Admin users have access to all user privileges. We recommend limiting the number of Company Admin users to only those who require full access, but defining at least two for redundancy.
- Technical Admin – This role is for technical users who know how to create and approve orders.
- Technical Contact – This role is for technical users who know how to design and modify services but don’t have the authority to approve orders.
- Finance – Finance users should have a financial responsibility within the organization while also understanding the consequences of their actions if they delete or approve services.
Note: While creating services, direct customers can see the cost of the service before deploying. It is also possible to see the cost of deployed services by selecting a service in the Portal and viewing the Details tab.
- Financial Contact – This user role is similar to the Finance role without the ability to place and approve orders, delete services, or administer service keys.
- Read Only – Read Only is the most restrictive role. Note that a Read Only user can view service details which you might want to keep secure and private.
You can add user roles when you create a new user, or you can edit user information to change their role. For details about managing users, roles, and permissions, see Adding and Modifying Users.
To edit users, you need Company Admin privileges.