User Management
The User management page in FinOps for Cloud displays a list of existing members within your organization. For each member, you can view details, such as their name, unique ID, last login time, email address, and assigned roles.
From this page, Organization Managers can also invite new members or remove existing members from the organization.
Role overview
In FinOps for Cloud, roles can be assigned when inviting a user to the organization.
By default, the Member role is assigned to allow the individual to have read-only access. You can select other roles and assign them at the pool level. When assigning roles, we recommend assigning the Organization Manager role only to those individuals who need the highest level of access and permission to perform actions without any restrictions.
The following table lists the roles in FinOps for Cloud. These roles cannot be edited, and you cannot create new ones.
Member
The Member role is assigned by default to all users. Members have read-only access across the platform and can view dashboards, resources, pools, policies, recommendations, and analysis features. They can also download reports and exports where supported. Members cannot make any modifications to the platform.
Engineer
The Engineer role is assigned at the resource level. Engineers can view the entire platform. This includes pool structures, recommendations, and analysis views, but their editing capabilities are limited to the specific resources they are responsible for. All other areas are available in read-only mode.
Manager
The Manager role is assigned at the pool level. Managers can administer the pools they have been assigned to, including creating and deleting sub-pools, configuring assignment rules, and re-applying resource assignment rules. This permission cascades downward: a Manager assigned to a pool automatically has the same management permissions over all child pools beneath it, at every level of nesting. Areas of the platform outside their assigned pools are available in read-only mode.
Organization Manager
The Organization Manager has full administrative control over the entire FinOps for Cloud environment. This role can invite and remove users, manage all pools and sub-pools across the organization, configure all policy types (anomaly detection, quotas and budgets, and tagging policies), and fully manage data sources. Organization Managers also have unrestricted access to all analysis, reporting, and configuration features. This role should be assigned only to individuals who require the highest level of access.
Which role should I assign?
The right role depends on what a person needs to do in the platform. The table below maps each role to the kinds of team members most likely to need it, using the FinOps Foundation's standard personas as a reference point. In practice, one person may fulfil multiple personas, and not every organization will have all of these roles.
Member
Finance, Product, Procurement, Leadership, ITAM, Sustainability
Need visibility into cloud spend and usage to inform decisions, reporting, or governance, but have no need to make changes in the platform. A good default for anyone who needs to stay informed without being given edit access.
Engineer
Engineering
Build and operate the cloud infrastructure that generates the costs. They need visibility into recommendations and resource data to act on optimization opportunities, but their changes are scoped to the resources they own.
Manager
FinOps Practitioner, Finance, ITFM
Own cost accountability for a specific business unit, team, or project. They manage a defined pool of cloud spend and need to act on it, creating sub-pools, assigning resources, and responding to budget alerts, but don't need organization-wide control.
Organization Manager
FinOps Practitioner, Leadership
Lead the FinOps practice, own the platform configuration, and need unrestricted access to manage users, data sources, policies, and all pools across the organization. Typically, one or two people.
A few practical guidelines for Organization Managers assigning roles:
Default to Member for anyone whose primary need is visibility or reporting. It is easy to upgrade later.
Assign Manager at the right pool level. A Manager assigned to a top-level pool inherits access to all child pools beneath it, so take care when assigning to high-level pools.
Limit Organization Manager access. This role has no restrictions. It can delete objects, disconnect data sources, and modify all policies. Assign it only to those who genuinely need full administrative control.
Permissions reference
Legend
Allowed
— Not allowed
Home
View organization overview
Recommendations
Overview
View recommendations
Filter recommendations
Change view (cards / table)
Search recommendations
View recommendations archive
Run recommendations check
—
—
—
Download script
Download xlsx/json
Recommendation
View recommendation settings
Edit recommendation settings
—
—
—
View excluded pools
Edit excluded pools
—
—
—
Pin recommendations
Dismiss recommendation
—
—
—
Resources
Overview
View resources
Filter resources
View saved perspective (view)
Create saved perspective (view)
—
—
—
Export expenses chart
Download xlsx/json
Resource
View resource details
Add assignment rule
—
—
1
Pools
Overview
View pools
Add / edit / delete pool
—
—
1
Assignment rules
View assignment rules
Search assignment rules
Add / edit / delete assignment rule
—
—
1
Reorder assignment rules
—
—
—
Re-apply assignment rules
—
—
1
FinOps
Cost Explorer
View cost explorer
Filter cost explorer
Download PDF
View expense breakdowns
Cost Map
View map
Filter map
Policies
Anomaly detection
View anomaly detections
Add / edit / delete anomaly detection
—
—
—
View anomaly detection details
View anomaly detection resources
Export anomaly detection chart
Quotas and Budgets
View quota or budget
Add / edit / delete quota or budget
—
—
—
View quota or budget resources
Tagging policies
View tagging policy
Add / edit / delete tagging policy
—
—
—
View tagging policy resources
System
User management
Invite users
—
—
—
Download xlsx/json
View last login date and time
—
—
Delete users
—
—
—
Data sources
View data sources
Add data source
—
—
—
Rename data source
—
—
—
Update data source credentials
—
—
—
Perform billing re-import 2
—
—
—
Disconnect data source
—
—
—
Events
View events
Filter and search events
Settings
View organization details
View and accept invitations
Manage email notifications 3
1 Managers are limited to pools and sub-pools they have been assigned to. This applies to all child pools beneath an assigned pool, at every level of nesting.
2 Supported for all AWS accounts and GCP projects. For Azure, billing re-import is supported at the subscription level only. It cannot be performed on an Azure tenant, even if that tenant's subscriptions were automatically discovered.
3 Members and Engineers have access to a reduced subset of notifications. See the Notifications Reference table below.
Notifications reference
FinOps
Weekly expense report
—
—
Pool limit exceed alert
—
—
Pool limit alert
—
Saving spike
—
—
Policy alerts
Resource constraints report
—
Resource constraint violation alert
—
Anomaly detection
—
—
Expiring budget policy violation
—
—
Quota policy violation
—
—
Recurring budget policy violation
—
—
Tagging policy violation
—
—
Recommendations
New security recommendation detection
—
—
System notifications
Environment changed
—
Expenses initial processing completed
—
—
Report import failed
—
—
Account management
Invitation notification
Last updated
Was this helpful?