Skip to main content

Permissions granted

SavingsNow divides user permissions into "functional permissions" and "data permissions." To better manage and grant user permissions, follow these recommendations:

  • Establish an Organizational Structure and define user data permissions within different organizational units and projects.
  • Assign Roles Appropriately and allocate roles based on user job responsibilities to control their operational permissions.
  • Regularly review and adjust user data and operation permissions to ensure compliance with the enterprise's security policies and business requirements
  • Enhance user training and security awareness education to improve understanding of data and operation permissions, and to prevent data leaks and security risks caused by misuse or malicious activities.

Configuring functional permissions

Configuring functional permissions in user and organization management involves a two-step process.

Step 1: Associate functional permissions with roles.

Note: A functional permission point can be considered as a data encoding that represents a user's access right to a specific function. SavingsNow offers fine-grained control over functional permissions, with permission points encompassing page access, operations, and other levels. For a detailed list of function permission points, refer to the Appendix.

In the left list of the "Role Management" tab, select a role. In the [Operating Permissions] settings page, you can associate feature permission points with that role.

It's important that due to the nested logic between different functional modules, role authorizations must be complete. For instance, if a role is assigned the "dashboard" view permission, it must also be assigned the "report" view permission; otherwise, users in that role will not see the reported data in the dashboard.

Step 2: Authorize the user via Roles or User Groups:

  • User role assignment : Assigning users directly to specific roles grants them the operational permissions of that role. This method is suitable for fine-grained authorization of individual users.
  • User group role assignment : Adding users to a user group that is assigned a specific role grants all users in the group the operational permissions of that role. This method is suitable for bulk authorization of multiple users.

In practice, both methods are often combined to meet various authorization needs. For example, directly assign roles to some users and add others to appropriate user groups for flexible management.

Configuring data permissions

In SavingsNow, "data" refers to cloud account billing data, cost analysis reports, and dashboards.

The system's data authorization page manages permissions for these data types

  • Authorize users to view "all data"

In the left list of the "Role Management" tab, select a role. In the [Data Permission] settings page, check [All Data of Enterprise Account]. Users with this role permission can then view all business data under the enterprise. Please use this option with caution, as it grants access to a very broad scope of data.

  • Authorize users to view reports/dashboards

SavingsNow offers powerful data analysis capabilities through features such as analytical reports and dashboards, enabling in-depth tracking and analysis of cloud cost changes. Dashboards and reports can be configured with specific access rights to be visible only to users within certain cost units.

In the cost unit tree, click [Reports/Dashboards] to view the names of the reports and dashboards accessible to the current cost unit node.