Role Based Access


Every new account comes with a set of pre-defined roles. As an Account Admin, you can further configure RoleBased Access Control, by defining custom roles within the tenant and assigning them to tenant members. You can control the access policies for the roles that you create. Also, you can map more than one role to a specific user. This provides more flexibility and control in managing access control to your tenant members. 

When a new tenant is created, few roles are added by default. Here is the list of default role types in a tenant:

Role Types Access Policies
Account AdminComplete access to all functions including User & Roles Management.
Ops Admin Full Access to all operations management functions.
Ops TeamLimited access to all operations functions.
ConsumerAccess to Self Service Portal to order & consume apps/resources.
ApproverAccess to Self Service Portal to approve orders. Additionally, has access to Dashboards & Reports for specific tenant.
FinanceAccess to Finance Dashboard and Chargeback Reports.


Click on the icon on the top left of CoreStack and select Roles from the menu. Roles & Permissions screen will be displayed. It allows you to create and manage roles.

Adding a New Role

The following steps need to be performed to add a new role.

1) Click on Add New button in the Roles & Permissions screen. 

2)Provide the following details to create the role.

Role TypeRole Types are the ones provided by default for access permissions. As an admin, you can select and clone access policies from these default roles for the role being created.
Role Name Specify a name for the new role. Ensure that the Role Name must be unique within a tenant.
Cloud Accounts & Integrated Tools Select the cloud accounts and tools from the drop-down list that the new role will be associated with.
Inventory Elements Select required inventory elements from the list to be associated with the role.
Role DescriptionEnter a short description about the role being created.
Quick ActionsA list of access permissions will be populated in this field based on the role type selected. Enable required access permissions for the role using the checkboxes. Refer the section Configuring Access Policies for Custom Roles for more details.

3) Click on Apply button to create the new role. 

A new role will be created and listed in the table. 

Configuring Access Policies for Custom Roles

While creating the roles, you can configure the access permissions for the different modules such as Templates, Blueprints, Environments, etc. 

Users have the privilege to provide full access or customize the access for the role. 

After completing the fields and selecting the access permissions, user can click on Apply button available on top righthand side to save the settings. 

Note:Click on ‘Provide Full Access’ or ‘Remove All’ to enable or disable all the listed access permissions, respectively.

Managing Existing Roles

You can manage the roles created by using the below explained options.

1) Click on the link in Role Name column of a role from the Roles & Permissions table to view and update the details configured for the role. 

2) Click on the link in “No of Users” column of a role from the Roles & Permissions table to view the list of users currently assigned this role. 

3) Click on the delete icon in Action column of a custom role in the Roles & Permissions table to delete the role. 

4) Select the hamburger button (three horizontal bars) and enable or disable the columns to display or hide them for viewing in the table.

Searching Roles

Use the Search bar on the top of the Roles & Permissions table to find specific roles from the list. The search option is not case sensitive.