Permission Sets and Permissions in CloudCheckr CMx
Permission sets and permissions are components of CloudCheckr's Role Based Access Control (RBAC), which is a method for managing access based on the roles assigned to users.
The Permission Sets tab in
Access Management is where you can view, search for, modify, or create a permission set or view permissions associated with a selected permission set.
This topic provides more details about permission sets and permisions and shows you the actions you can perform using them in CloudCheckr CMx.
Definitions
A permission set is a template that contains a collection of permissions which you can apply to a role globally. For example, you might want a View Only permission set that contains permissions which allow users to view, but not create or edit, data in CloudCheckr. A permission set eliminates the need to add or remove permissions separately, which can be time-consuming and inefficient—especially if you have a large and diverse cloud deployment.
To make this terminology relatable to your CloudCheckr experience, lets say all members of your finance team use the same role. This role is assigned to a permission set that grants each member access to Cost and Billing reports. When a new team member joins, you can add them to the role so that they inherit the same permissions as their peers.
CloudCheckr allows you to choose from a range of default permission sets or you can create new permission sets based on your specific business requirements.
Permissions enable any user with that permission to perform a certain function or task such as viewing cost alerts or managing account groups.
Click the text boxes to view the list of our default permission sets and permissions:
Permission Set Name
Description
Full Access Management
Allows you to manage who can access the system and all authorization-related resources—including users, clients, roles, permission sets.
To apply this permission set, you must have full access to the customer (access to all of their accounts).
User and Client Access Management
Allows you to manage users and clients, but only allows you to view roles and permission sets.
To apply this permission set, you must have full access to the customer (access to all of their accounts).
Audit Access Management
Allows you to audit access to the system and view all authorization-related resources.
To apply this permission set, you must have full access to the customer (access to all of their accounts).
Manage Accounts (General accounts)
Allows you to manage general cloud provider accounts such as AWS, Azure, or Google Cloud accounts.
To apply this permission set, you must have full access to the customer (access to all of their accounts).
Manage Accounts (Groups)
Allows you to manage account groups.
Manage Accounts (MAVs)
Allows you to manage Multi-Account Views (MAVs).
Manage Automation reports
Allows you to add, edit, or delete data in the Automation reports.
Manage Best Practice reports
Allows you to add, edit, or delete data in the Best Practice reports.
Manage Billing reports
Allows you to add, edit, or delete data in the Billing reports.
Manage Cost reports
Allows you to add, edit, or delete data in the Cost reports.
Manage Resources reports
Allows you to add, edit, or delete data in the Resource (Inventory) reports.
Manage Savings reports
Allows you to add, edit, or delete data in the Billing reports.
Manage Security reports
Allows you to add, edit, or delete data in the Security reports.
View Automation tasks
Allows you to view Automation reports.
View Best Practice reports
Allows you to view Best Practice reports.
View Billing reports
Allows you to view Billing reports.
View Compliance reports
Allows you to view Compliance reports.
View Cost reports
Allows you to view Cost reports.
View Resources reports
Allows you to view Resources (Inventory) reports.
View Savings reports
Allows you to view Savings reports.
View Security reports
Allows you to view Security reports.
Type
Permission Name
Description
Administration/Account Management
Manage dashboards
Edit any Cost dashboards.
Administration/Account Management
Manage general accounts
Create, edit, or delete general accounts such as AWS, Azure, and Google accounts.
Administration/Account Management
Manage MAV accounts
Create, edit, or delete multi-account views (MAVs).
This permission requires access to all accounts.
Administration/Account Management
Manage account groups
Create, edit, or delete account groups in the account hierarchy.
Administration/Account Management
Update account credentials
Add or edit provider credentials on a general account.
Administration/Account Management
Manage account billing Configuration
Manage the configuration details necessary for retrieving cost data from cloud providers.
Administration/Account Management
View spend in account hierarchy
View aggregated spend in the account hierarchy.
The account hierarchy only displays actual cost (unblended cost).
Administration/Account Management
Manage all L2 customers
Manage all related child (L2) customers if applicable.
Administration/App Configuration
Manage customer theme settings
Manage customer theme settings such as your logo and navigation colors.
Administration/App Configuration
Manage dashboards
Create new or edit/delete existing content on dashboards
Administration/App Configuration
Manage email settings
Manage the email settings in your CloudCheckr CMx enviroment.
Administration/App Configuration
Manage integrations
Manage how you configure integrations with the application.
Administration/App Configuration
View account notifications
View account notifications in the application.
Reporting/Automation
Approve automation tasks
Approve requested automation tasks.
Reporting/Automation
View automation tasks
View any Automation reports.
Reporting/Best Practice Checks & Compliance
Manage best practice reports
Add, edit, or delete any Best Practice reports.
Reporting/Best Practice Checks & Compliance
View best practice reports
View any Best Practice reports.
Reporting/Best Practice Checks & Compliance
View compliance reports
View any Compliance reports.
Reporting/Billing
Manage billing configuration
Manage any billing customization and configuration actions such as defining List cost.
Reporting/Billing
Manage invoicing
Manage and generate invoices.
Reporting/Billing
View billing partner reports
View the Billing reports available in the Partner Tools menu.
Reporting/Cost
Manage advanced grouping
Create, edit, or delete saved filters in the Advanced Grouping report.
Reporting/Cost
View advanced grouping
View the Advanced Grouping report.
Reporting/Cost
Manage cost alerts
Create, edit, or delete any Cost alerts.
Reporting/Cost
View cost alerts
View the results of any Cost alerts executed by the application.
Reporting/Cost
View cost summary reports
View any Cost Summary reports.
Reporting/Cost
View reserved usage reports
View any Reserved Usage reports.
Reporting/Cost
View spend analysis reports
View any Spend Analysis reports.
Reporting/Cost
Manage tags reports
Create, edit, or delete any tagging rules or tag mappings in your deployment.
Reporting/Cost
View tags reports
View any Tag Mapping reports.
Reporting/Cost
View savings reports
View any Savings reports.
Reporting/Cost Types
View actual cost
View actual costs—Unblended, Blended, or Standard—for all cloud providers within your Cost reports.
Reporting/Cost Types
View retail cost
View Retail costs within your Cost reports.
This permission only applies to Azure accounts.
Reporting/Cost Types
View list cost
View List costs in your Cost reports.
Reporting/Resources
Manage resource reports
View and modify any Resource reports.
Reporting/Resources
View resource reports
View any Resource reports.
Reporting/Resources
View right-sizing reports
View any Right-Sizing reports.
Reporting/Resources
View trending reports
View any Trending reports.
Reporting/Resources
Manage any Utilization alerts executed by the application.
Create, edit, or delete any Utilization alerts.
Reporting/Resources
View utilization alerts
View any Utilization alert results executed by the application.
Reporting/Resources
Manage utilization reports
View and edit any Utilization reports.
Reporting/Resources
View utilization reports
View any Utilization reports.
Reporting/Security
View custom best practice checks
View any custom Best Practice checks.
Reporting/Security
Manage secure configuration reports
Edit filters on any Security Configuration reports.
Reporting/Security
View secure configuration reports
View any Security Configuration reports.
Reporting/Security
Manage security activity monitoring reports
Manage any Security Activity-Monitoring reports.
Reporting/Security
View security activity monitoring reports
View any Security Activity-Monitoring reports.
Reporting/Security
Manage security event alerts
Manage alerts for any security-related events such AWS CloudTrail or Azure Activity Log.
Reporting/Security
View security event alerts
View the results of any security-related events, such AWS CloudTrail or Azure Activity Log, triggered by the application.
Reporting/Security
Manage resource security alerts
Create, edit, or delete Security alerts associated with your resources.
Reporting/Security
View resource security alerts
View the results of any resource-level security alert triggered by the application.
Procedure
Click a button to learn more about the actions you can perform in the Permission Sets tab:
This procedure shows you how to create a permission set.
Click the Settings icon and select Access Management > Permission Sets.
Click the + NEW button.
The Create Permission Set sub-drawer opens.
>
Type a name for the permission set.
Type a description for the permission set if applicable.
Here is an example of what the screen would look like if you created a permission set that contains permissions which allow users to only view specific data in CloudCheckr: