Flexera One Roles

The Flexera One Administration module enables you to manage users, user groups, and roles across Flexera One accounts. Roles and accounts are scoped to an Organization, allowing greater control across multiple Flexera One accounts for performing management actions (like granting user roles).

An Organization is a container for settings, users, and accounts. The name of the Organization is shown in the Organization selector on the top right of the page in Flexera One. For existing customers, we have automatically created an Organization based on your Organization master account.

The following tables provide descriptions of each role available in Flexera One, categorized by logical capability groups.

Automation 
Cloud Cost Optimization 
Cloud License Management 
Discovery and Inventory 
IT Assets (IT Asset Management) 
IT Visibility 
Other 
Platform Administration 
Self-Service CloudApps 
Technology Spend 

Automation

The following table describes Flexera One roles used with Flexera One Automation. For additional information, see Getting Started with Automation.

Role

Description

Approve policies

Full access to approve remediation actions for policy incidents, but this role doesn't configure the policies.

Create policies

Full access to develop custom policies (or customizes pre-built policies) by writing Policy Template code. This user has the ability to design and develop their own templates and test them in the accounts they have access to. Once a template is deemed ready for the organization to use, this user works with the policy publisher to make the policy available in the Policies Catalog.

Manage policies

Full access to control which policies are applied to the scopes they have access to and how those policies behave.

Publish policies

Full access to modify which policies are available in the Policies Catalog, either by publishing policies built by policy designers, or by hiding policies that are pre-built from Flexera.

View policies

Read-only access to view dashboard, incidents, and applied policies.

Cloud Cost Optimization

The following table describes Flexera One roles used with Cloud Cost Optimization. For related information, see Getting Started with Cloud Cost Optimization.

Role

Description

Manage bill adjustments

Full access to manage bill adjustments in Cloud Cost Optimization.

Manage bill ingestion

Full access to manage the ingestion of public, private and custom cloud billing data using the Common Bill Ingestion (CBI) feature.

Manage billing centers

Full access to configure Billing Centers and management of user access to Billing Centers. Full read access except to Bill Adjustments and registration of billing data.

Manage budget

Full access to manage budgets and view cloud billing data.

Manage cloud

Full access to all features and functionality in Cloud Cost Optimization. This includes the ability to manage user access to Billing Centers, register new billing data (such as AWS), configure Billing Centers, Bill Adjustments, custom dimensions, recommendations, currency, and organization dashboards.

Manage cloud dashboard

Full access to manage public and default custom Cloud Cost Optimization Dashboards.

Manage rule-based dimensions

Full access to manage rule-based dimensions in Cloud Cost Optimization.

Manage tag dimensions

Full access to manage tags dimensions in Cloud Cost Optimization.

View bill adjustments

Ability to view bill adjustments (read-only access) in Cloud Cost Optimization.

View budgets

Ability to view cloud budgets and view cloud billing data.

View cloud costs

Full access to user specific dashboards. Read-only access to Cloud billing data, Organization dashboards, recommendations, and reserved instances. Administrators can limit access to specific Billing Centers.

View reserved instances

Ability to use the Reserved Instances page to view utilization details of reserved instances.

Cloud License Management

The following table describes Flexera One roles used with Cloud License Management.

Role

Description

Billing configuration

Full access to configure billing data in Cloud License Management.

Note:This role is limited to operators who have the Manage organization role access.

Bill processing status

Read access to view the bill processing status in Cloud License Management.

Note:This role is limited to operators who have the Manage organization role access.

Manage rule-based dimensions

Full access to manage rule-based dimensions in Cloud License Management.

Manage tag dimensions

Full access to manage tags dimensions in Cloud License Management.

View cloud software spend

Read-only access to view Cloud License Management dashboards and reports.

Discovery and Inventory

The following table describes Flexera One roles used for IT Visibility Inventory Tasks for Data Collection:

Role

Description

Delete external inventory connections

Gives permission to delete external inventory connections in IT Visibility.

Manage discovery & inventory

Access to discovery and inventory functionality, including the ability to download, configure, and delete beacons.

View discovery & inventory

Read-only access to discovery and inventory functionality including the ability to view a list of beacons, beacon properties, and third party import statuses.

IT Assets (IT Asset Management)

The following table describes Flexera One roles used in product areas that work with IT assets. For related information, see Getting Started with IT Asset Management and Getting Started with SaaS Management.

Role

Description

Administer SaaS

Full access to all SaaS features and functionality. This includes the ability to read, create new, edit, and delete where applicable. If a user has the Administer SaaS role, it is not necessary to assign any other role to the user with respect to SaaS functionality.

Manage SaaS applications & users

Full access to all pages within the applications section of the SaaS navigation, except for unsanctioned spend. A user with this role also has access to all pages of the Users section. This access includes the ability to read, create new, edit, and delete where applicable.

Manage SaaS import APIs

Read and edit access to create and manage SaaS import jobs using an API. Administrators should assign SaaS import job service accounts to this role.

Manage SaaS licenses

Read and edit access to SaaS and SaaS licenses, including ability to view all users of applications in Flexera One.

Manage SaaS security

Full access to manage unsanctioned applications. In addition, this role has read-only access to the SaaS applications, team members list, and audit logs. Users with this role cannot view the SaaS dashboard.

View IT assets

Access to IT Asset Management. The IT Asset Management application only. To use IT Asset Management, a Flexera One user must also have a corresponding account in IT Asset Management (where more granular IT Asset Management-specific authorizations are granted). For more information, see Managing IT Asset Management Accounts.

View IT assets & call APIs

Access to IT Asset Management including the ability to call all Flexera REST API endpoints. This Flexera One role provides access to the IT Asset Management Application only. To use IT Asset Management, a Flexera One user must also have a corresponding account in IT Asset Management (where more granular IT Asset Management-specific authorizations are granted). For more information, see Managing IT Asset Management Accounts.

View SaaS

Read-only access to view SaaS dashboard, team members screens and all pages within the applications and users sections of the SaaS Navigation. This user has no creation, editing, or deletion abilities.

View SaaS applications

Read-only access to all SaaS applications. This role is suggested for every employee, so they can see which applications are supported by their Organization and who to contact if they want to request a license. An application viewer cannot view the annual spend column in the application.

IT Visibility

The following table describes Flexera One roles used with IT Visibility. For related information, see Getting Started with IT Visibility as well as Getting Started with IT Visibility Beacons.

Role

Description

Export data

Read-only access to IT Visibility Data Exports.

Manage Dashboards

Ability to access Data Explorer to create and save insights and custom dashboards, copy and edit out-of-the-box dashboards, as well as upload custom data mashups.

Manage connections

Full access to IT Visibility Connections, which is required to create a connection.

Schedule & export data

Full access to IT Visibility Data Exports, which is required to schedule an export.

View & Create insights

Within IT Visibility, this role gives full access to Data Explorer to create and save insights.

View IT Visibility

Read-only access to the IT Visibility Dashboard and Connections.

Other

The roles defined in the following table are miscellaneous roles used throughout Flexera One that are not specific to any one product area.

Role

Description

Read Technopedia Data

Ability to access Technopedia datasets via APIs.

View Vendor Workspaces

Ability to view vendor workspaces. This role also provides a user access to cost APIs at the organization level.

Caution:This role’s privileges give access to all cost data. As a result, this role should be granted and used with caution.

Platform Administration

The following table describes Flexera One roles used in administration of the Flexera One platform. For related information, see Getting Started with Administration.

Role

Description

Administer organization

Access to the Administration section of Flexera One where the role can be used to invite users, manage user roles, setup single sign-on, and so on. The Administer organization role cannot grant the Manage organization role.

Manage organization

Full access to all organization capabilities. This role is used for all actions that require an org-level administrator.

Self-Service CloudApps

The following table describes Flexera One roles used with Self-Service CloudApps.

Role

Description

Launch & manage cloud apps

End User privileges in Self-Service to view the Catalog and CloudApps and can launch and manage CloudApps. Users with this role are the primary consumers of Self-Service.

Manage self-service

Designer privileges in Self-Service to view the Design menu to upload and publish CATs, manage Schedules, and interact with the Cloud Workflow Console.

View self-service

Observer privileges in Self-Service to view the Catalog and run CloudApps, but cannot take any action on them (such as launch or terminate).

Technology Spend

The following table describes Flexera One roles used with the Technology Spend dashboard.

Role

Description

Manage Technology Spend

Ability to access the data explorer to create and save insights and custom dashboards, copy and edit out-of-the-box dashboards, as well as upload custom data mashups.

View & Create Insights

Within Technology Spend, this role gives full access to the data explorer to create and save insights.

View Technology Spend

Read-only access to the Technology Spend dashboard.