Permission Sets and Permissions in CloudCheckr CMx

Permission sets and permissions are components of CloudCheckr's Role Based Access Control (RBAC), which is a method for managing access based on the roles assigned to users.

The Permission Sets tab in Access Management is where you can view, search for, modify, or create a permission set or view permissions associated with a selected permission set.

This topic provides more details about permission sets and permisions and shows you the actions you can perform using them in CloudCheckr CMx.


Definitions

A permission set is a template that contains a collection of permissions which you can apply to a role globally. For example, you might want a View Only permission set that contains permissions which allow users to view, but not create or edit, data in CloudCheckr. A permission set eliminates the need to add or remove permissions separately, which can be time-consuming and inefficient—especially if you have a large and diverse cloud deployment.

To make this terminology relatable to your CloudCheckr experience, lets say all members of your finance team use the same role. This role is assigned to a permission set that grants each member access to Cost and Billing reports. When a new team member joins, you can add them to the role so that they inherit the same permissions as their peers.

CloudCheckr allows you to choose from a range of default permission sets or you can create new permission sets based on your specific business requirements.

Permissions enable any user with that permission to perform a certain function or task such as viewing cost alerts or managing account groups.

Click the text boxes to view the list of our default permission sets and permissions:

Permission Set Name

Description

Full Access Management

Allows you to manage who can access the system and all authorization-related resources—including users, clients, roles, permission sets.

To apply this permission set, you must have full access to the customer (access to all of their accounts).

User and Client Access Management

Allows you to manage users and clients, but only allows you to view roles and permission sets.

To apply this permission set, you must have full access to the customer (access to all of their accounts).

Audit Access Management

Allows you to audit access to the system and view all authorization-related resources.

To apply this permission set, you must have full access to the customer (access to all of their accounts).

Manage Accounts (General accounts)

Allows you to manage general cloud provider accounts such as AWS, Azure, or Google Cloud accounts.

To apply this permission set, you must have full access to the customer (access to all of their accounts).

Manage Accounts (Groups)

Allows you to manage account groups.

Manage Accounts (MAVs)

Allows you to manage Multi-Account Views (MAVs).

Manage Automation reports

Allows you to add, edit, or delete data in the Automation reports.

Manage Best Practice reports

Allows you to add, edit, or delete data in the Best Practice reports.

Manage Billing reports

Allows you to add, edit, or delete data in the Billing reports.

Manage Cost reports

Allows you to add, edit, or delete data in the Cost reports.

Manage Resources reports

Allows you to add, edit, or delete data in the Resource (Inventory) reports.

Manage Savings reports

Allows you to add, edit, or delete data in the Billing reports.

Manage Security reports

Allows you to add, edit, or delete data in the Security reports.

View Automation tasks

Allows you to view Automation reports.

View Best Practice reports

Allows you to view Best Practice reports.

View Billing reports

Allows you to view Billing reports.

View Compliance reports

Allows you to view Compliance reports.

View Cost reports

Allows you to view Cost reports.

View Resources reports

Allows you to view Resources (Inventory) reports.

View Savings reports

Allows you to view Savings reports.

View Security reports

Allows you to view Security reports.

Type

Permission Name

Description

Administration/Account Management

Manage dashboards

Edit any Cost dashboards.

Administration/Account Management

Manage general accounts

Create, edit, or delete general accounts such as AWS, Azure, and Google accounts.

Administration/Account Management

Manage MAV accounts

Create, edit, or delete multi-account views (MAVs).

This permission requires access to all accounts.

Administration/Account Management

Manage account groups

Create, edit, or delete account groups in the account hierarchy.

Administration/Account Management

Update account credentials

Add or edit provider credentials on a general account.

Administration/Account Management

Manage account billing Configuration

Manage the configuration details necessary for retrieving cost data from cloud providers.

Administration/Account Management

View spend in account hierarchy

View aggregated spend in the account hierarchy.

The account hierarchy only displays actual cost (unblended cost).

Administration/Account Management

Manage all L2 customers

Manage all related child (L2) customers if applicable.

Administration/App Configuration

Manage customer theme settings

Manage customer theme settings such as your logo and navigation colors.

Administration/App Configuration

Manage dashboards

Create new or edit/delete existing content on dashboards

Administration/App Configuration

Manage email settings

Manage the email settings in your CloudCheckr CMx enviroment.

Administration/App Configuration

Manage integrations

Manage how you configure integrations with the application.

Administration/App Configuration

View account notifications

View account notifications in the application.

Reporting/Automation

Approve automation tasks

Approve requested automation tasks.

Reporting/Automation

View automation tasks

View any Automation reports.

Reporting/Best Practice Checks & Compliance

Manage best practice reports

Add, edit, or delete any Best Practice reports.

Reporting/Best Practice Checks & Compliance

View best practice reports

View any Best Practice reports.

Reporting/Best Practice Checks & Compliance

View compliance reports

View any Compliance reports.

Reporting/Billing

Manage billing configuration

Manage any billing customization and configuration actions such as defining List cost.

Reporting/Billing

Manage invoicing

Manage and generate invoices.

Reporting/Billing

View billing partner reports

View the Billing reports available in the Partner Tools menu.

Reporting/Cost

Manage advanced grouping

Create, edit, or delete saved filters in the Advanced Grouping report.

Reporting/Cost

View advanced grouping

View the Advanced Grouping report.

Reporting/Cost

Manage cost alerts

Create, edit, or delete any Cost alerts.

Reporting/Cost

View cost alerts

View the results of any Cost alerts executed by the application.

Reporting/Cost

View cost summary reports

View any Cost Summary reports.

Reporting/Cost

View reserved usage reports

View any Reserved Usage reports.

Reporting/Cost

View spend analysis reports

View any Spend Analysis reports.

Reporting/Cost

Manage tags reports

Create, edit, or delete any tagging rules or tag mappings in your deployment.

Reporting/Cost

View tags reports

View any Tag Mapping reports.

Reporting/Cost

View savings reports

View any Savings reports.

Reporting/Cost Types

View actual cost

View actual costs—Unblended, Blended, or Standard—for all cloud providers within your Cost reports.

Reporting/Cost Types

View retail cost

View Retail costs within your Cost reports.

This permission only applies to Azure accounts.

Reporting/Cost Types

View list cost

View List costs in your Cost reports.

Reporting/Resources

Manage resource reports

View and modify any Resource reports.

Reporting/Resources

View resource reports

View any Resource reports.

Reporting/Resources

View right-sizing reports

View any Right-Sizing reports.

Reporting/Resources

View trending reports

View any Trending reports.

Reporting/Resources

Manage any Utilization alerts executed by the application.

Create, edit, or delete any Utilization alerts.

Reporting/Resources

View utilization alerts

View any Utilization alert results executed by the application.

Reporting/Resources

Manage utilization reports

View and edit any Utilization reports.

Reporting/Resources

View utilization reports

View any Utilization reports.

Reporting/Security

View custom best practice checks

View any custom Best Practice checks.

Reporting/Security

Manage secure configuration reports

Edit filters on any Security Configuration reports.

Reporting/Security

View secure configuration reports

View any Security Configuration reports.

Reporting/Security

Manage security activity monitoring reports

Manage any Security Activity-Monitoring reports.

Reporting/Security

View security activity monitoring reports

View any Security Activity-Monitoring reports.

Reporting/Security

Manage security event alerts

Manage alerts for any security-related events such AWS CloudTrail or Azure Activity Log.

Reporting/Security

View security event alerts

View the results of any security-related events, such AWS CloudTrail or Azure Activity Log, triggered by the application.

Reporting/Security

Manage resource security alerts

Create, edit, or delete Security alerts associated with your resources.

Reporting/Security

View resource security alerts

View the results of any resource-level security alert triggered by the application.


Procedure

Click a button to learn more about the actions you can perform in the Permission Sets tab:

This procedure shows you how to create a permission set.

  1. Click the Settings icon and select Access Management > Permission Sets.
  2. Click the + NEW button.

    The Create Permission Set sub-drawer opens.

    >
  3. Type a name for the permission set.
  4. Type a description for the permission set if applicable.
  5. Select one or more permissions from the list.
    To assign a permission set directly to a user, see the Users in CloudCheckr CMx topic.

    Here is an example of what the screen would look like if you created a permission set that contains permissions which allow users to only view specific data in CloudCheckr:

  6. Click SAVE.

How did we do?