CosmosCost LogoCosmosCost

User Roles & Permissions

Understanding user roles, permissions, and access control in CosmosCost.

Role Overview

CosmosCost uses role-based access control (RBAC) to manage permissions within customer organizations. Each user is assigned a role that determines their access level and capabilities.

Available Roles

Admin Role

Full Access

Complete administrative access to all features and settings within the customer organization.

User Management

  • Invite and remove users
  • Assign and modify user roles
  • View all user activity

Organization Settings

  • Manage subscription and billing
  • Configure organization settings
  • Connect cloud accounts
  • Generate API keys

Full Data Access

  • View and export all cost data
  • Create and manage dashboard sections
  • Generate template reports

Member Role

Standard Access

Standard access for team members who need to view and analyze cost data without administrative capabilities.

Data Access

  • View cost data across all accounts
  • Access and view dashboards
  • View and generate reports
  • Export data (if plan allows)

Personal Customization

  • Create personal dashboards
  • Create personal dashboard views
  • Save report configurations

Restrictions

  • Cannot invite or remove users
  • Cannot manage billing
  • Cannot connect cloud accounts
  • Cannot generate API keys

Role Comparison Matrix

FeatureAdminMember
View Cost Data
Create Dashboards
Generate Reports
Create Dashboard Sections
Manage Users
Connect Cloud Accounts
Manage Billing
API Access

Managing User Roles

Assigning Roles

Only Admin users can assign and modify roles:

  1. 1Navigate to Settings → Users
  2. 2Find the user you want to modify
  3. 3Click the role dropdown
  4. 4Select Admin or Member
  5. 5Changes take effect immediately

Inviting New Users

When inviting users, specify their role:

  1. 1Go to Settings → Users
  2. 2Click Invite User
  3. 3Enter email address
  4. 4Select role: Admin or Member
  5. 5Send invitation

User Limits

Free plan: 1 user | Business plan: Up to 5 users | Business+: Unlimited users

Best Practices

Role Assignment Guidelines

Principle of least privilege

Assign the minimum role necessary for each user's responsibilities

Limit Admin accounts

Keep the number of Admin users to a minimum (2-3 recommended)

Regular audits

Periodically review user roles and remove inactive users

Onboarding

Start new users as Members, promote to Admin when needed

Security Recommendations

Require strong passwords for all users

Enable two-factor authentication for Admin accounts

Remove users immediately when they leave your organization

Monitor audit logs for suspicious activity (Business+ only)

Regularly review and update permissions

Advanced Features (Business Plus)

Custom Roles

Business Plus plans can create custom roles with granular permissions:

  • Define specific permission sets
  • Create read-only analyst roles
  • Limit access to specific cloud accounts
  • Set data visibility restrictions

Single Sign-On (SSO)

Integrate with your organization's identity provider:

  • SAML 2.0 support
  • Automatic role provisioning
  • Centralized user management
  • Enhanced security compliance

Audit Logs

Track all user activity:

  • User login/logout events
  • Role changes
  • Data access logs
  • Configuration changes
  • Export audit logs for compliance

Common Scenarios

Scenario 1: Finance Team Access

Requirement

Finance team needs to view costs and generate reports but not modify settings.

Solution

Assign Member role to finance team members.

Scenario 2: IT Administrator

Requirement

IT admin needs to connect cloud accounts and manage technical integrations.

Solution

Assign Admin role to IT administrator.

Scenario 3: Executive Dashboard

Requirement

Executives need view-only access to high-level dashboards.

Solution

Assign Member role and create dedicated executive dashboards.

Scenario 4: Department Leads

Requirement

Department leads need to analyze their team's cloud costs.

Solution

Assign Member role and use tag-based filtering (Business+ with custom roles).

Troubleshooting

Cannot Change User Role

Possible causes:

  • You don't have Admin permissions
  • Trying to modify the organization owner
  • User limit reached for your plan

User Not Seeing Expected Features

Solutions:

  • Verify user role assignment
  • Check subscription plan features
  • Ask user to log out and log back in
  • Clear browser cache

Next Steps

Learn about User Management to invite and manage your team.

Need help with user roles? Contact our support team for assistance.