Role-based Access Control

CloudZero provides role-based access control (RBAC) to create and manage roles that both restrict access to data AND govern the capabilities users can take action on.

New organizations start with two Roles:

• Member: The default Role for the organization. All users are automatically assigned to this Role. Grants full access to all spend data with read-only permissions.
• Organizer: Grants full access to all spend data and all permissions. The first user in the organization is assigned to this Role.

From there, Organizers can create additional Roles, modify the existing Roles, and reassign users as needed.

ℹ️

Some organizations may have a Default Role instead of separate Member and Organizer Roles. The Default Role functions similarly to the Member Role. You can modify its permissions or create additional Roles at any time.

Refer to the documentation to see how to use the features of RBAC and the differences between RBAC and the legacy CloudZero roles.

This section includes the following:

• View and Manage your Organization’s Users
• View and Manage Roles
• Manage Roles with SSO