Authentication

CloudOps uses a role-based access control (RBAC) system to manage user permissions within a workspace. Each user is assigned a role that defines their level of access.

Role Types

CloudOps provides two workspace-level roles:

Workspace Owner

Item	Description
Summary	Full administrative role with unrestricted access to all workspace features.
User Management	Can invite new users, remove users, and change user roles.
Resource Management	Can create, modify, and delete all resources including applications, service accounts, and cloud services.
Cost & Billing	Full access to cost analysis, budget configuration, and cost reports.
Operations	Can manage organization structure, service accounts, and event rules.
Alert Management	Can configure alert services and manage alerts.

Workspace Member

Item	Description
Summary	Standard role for day-to-day operations with limited management capabilities.
User Management	Cannot invite, remove, or change roles of other users.
Resource Management	Can view resources and perform operations within the permitted scope.
Cost & Billing	Can view cost data and reports.
Operations	Can view organization structure and service account information.
Alert Management	Can view alerts and alert service configurations.

ℹ️

Both roles are managed roles provided by the system. They cannot be modified or deleted, and custom role creation is not currently supported.

Role Comparison

Feature	Workspace Owner	Workspace Member
View dashboard & home	O	O
Browse cloud resources	O	O
Create/edit applications	O	X
View cost data	O	O
Configure budgets & reports	O	X
Invite & manage users	O	X
Change user roles	O	X
Manage service accounts	O	X
Configure alert rules	O	X
View alerts	O	O

Role Assignment

When a user is invited to the workspace, they are assigned the Workspace Owner role by default.
After invitation, a Workspace Owner can change any user’s role via the IAM > Users page.