Role Based Access Control (RBAC)
The main idea for Role Based Access Control (RBAC) is to be able to assign privileges to roles and assign roles to users. With roles you can have more granular control over what data users can access and what actions users can take within your system.
We provide four system defined roles out-of-the-box with specific user privileges. These role permissions cannot be modified or customized in any way.
- Administrator This role has unrestricted read and edit access to all features and data in both Metering Cloud and Billing Cloud. This means a user can create any meters or billing object (promotions, plans, price models, etc.), and see any usage, invoice, and revenue data. Administrators are also granted the ability to add new users, assign roles, enable enterprise functionality like SSO, and configure integrations with third-party systems.
- Analyst This role has read-only access to data in both Metering Cloud and Billing Cloud. Analysts can view and query data in the Metering and Billing services but cannot create reports, plans, meters, or any other objects.
- Developer This role has unrestricted access to Metering Cloud, including meter creation and usage queries, but no access to Billing Cloud or Billing Metrics. Developers can create customers in Amberflo, define and edit meters, view usage data, and create custom usage reports.
- Product Manager This role has unrestricted read and edit access to the Billing service, and read-only access to the Metering service. This means a Product Manager can view any data in both services, and can create any object in Billing service including product items, pricing plans, promotions, and rewards.
A user can be assigned a role via Self-service Signup, SSO Signup or by or by inviting a team member:
- Self-service Signup The first user that signs up from a particular domain is automatically assigned the role of Administrator.
- SSO Signup All logins (users) signing in with SSO are defaulted to the role of an Analyst.
- Invite Team Member Only users with an Administrator role can invite team members to the account by entering the email address of the user they would like to invite. Those users will have different privileges depending on the assigned role.
To invite a new team member, go to Settings -> Users -> Invite Team Member
Once there, you can enter the email address of the user you would like to invite, choose a role from the options, and save.
As an Administrator, you can also change roles or delete a team member from Users table.
To assign a new role, select a user from the table, click edit, choose a different role, and save.