Each new account comes with a set of pre-defined roles. As an Account Admin, you can further configure Role Based Access Control, by defining custom roles within the tenant and assigning them to the tenant members. You can control the access policies for the roles that you create. Also, you can also map more than one role to a specific user. This provides complete flexibility and control in managing access control to your tenant members.
When a new tenant is created, few roles are added by default. Here’s the list of default role types in a tenant:
| Role Types | Access Policies |
| Account Admin | Complete access to all functions including User & Roles Management |
| Ops Admin | Full Access to all operations management functions |
| Ops Team | Limited access to all operations functions |
| Consumer | Access to Self Service Portal to order & consume apps/resources |
| Approver | Access to Self Service Portal to approve orders. Additionally, has access to Dashboards & Reports for specific tenant. |
| Finance | Access to Finance Dashboard and Chargeback Reports |
To navigate, user needs to click on 
and select ‘Roles’
Add
- Click the
button to add more - Enter the following details about the role
| Role Name | Name of the role being created. Please note that the Role Name has to be unique within a tenant, and not globally. |
| Role Type | Role Types are the ones provided by default. As an admin, you can clone the access policies from these default ones for the current role being created. |
| Cloud Accounts & Integrated Tools | Select the cloud account the new role will be associated with |
| Inventory Elements | Select the Inventory elements available |
| Role Description | Describes the role being added |
Configuring Access Policies for Custom Roles
While creating the roles, you can configure the access for the different modules such as Templates, Blueprints, Environments, etc. The different action policies are:
- Create
- Update
- Events
- Read
- Delete
- Visualizer
- Schedule
User have the privilege to provide full access or customize the access as shown in the clip below.
After completing the fields and selecting the access user can click on check mark 
available on top right hand page to save the custom role settings. Selecting the X mark cancels the entry.
Manage Roles
Upon creation, the role appears in the list as shown:
Here are the field descriptions:
| Role Name | Name of the role being created. Please note that the Role Name has to be unique within a tenant, and not globally. |
| Role Type | Role Types are the ones provided by default. |
| Status | Indicates if the role is active or disabled |
| No. of Users | Number of users currently assigned this role |
| Actions | Users can delete custom created roles |
| Date Created | Date the role was created |
Search
Use the Search bar to find particular roles from the list. The search is not case sensitive.
