An example of Vantage Role Based Access Controls.
Today, Vantage announces the launch of Role Based Access Control (hereon referred to as ‘RBAC’) which gives customers the ability to control who on their team has access to specific cost data in the Vantage console. RBAC allows Vantage customers in the Enterprise Tier the ability to create teams, assign members to teams and control which teams have access to specific workspaces containing specific cost data.
Before, all Vantage users in the same account had access to all data which was added to an account. While users could be either distinguished as “owners” or “members” to control who could manage and invite team-members, there was no way to limit the scope of data a user could view or manage within the Vantage console.
Now, customers have the ability to create and assign team-members in their accounts to teams they define, and assign those teams to specific workspaces. Users designated as ‘owners’ can then limit the scope data available to that workspace. There is no limit to the number of teams a Vantage account can have and there is no limit to the number of team-members that can be assigned to a specific team. Access to cost data contained within a workspace in Vantage may be assigned to a team and as you invite new team-members to your organization, you'll be able to assign them to a particular team.
RBAC is only available to customers in the Enterprise tier - which gives organizations the ability to create teams and assign members to those teams. Users in the Free, Pro and Business Tiers will not have the ability to create new teams as part of RBAC. To get started with Vantage RBAC, head to your organization settings team page here: https://console.vantage.sh/settings/teams. If you’d like to subscribe to the Enterprise tier, please contact sales at sales@vantage.sh or contact Vantage through the Intercom icon in the lower right hand side of the screen.
Frequently Asked Questions
1. What is being launched today?
Today, Vantage is launching Role Based Access Control (abbreviated hereon as RBAC) - which gives Vantage users the ability to manage access permissions for members on their team. Each Vantage account now has the ability to create multiple "teams" and assign members on their Vantage account to a respective team where they can augment permissions of what those team members can do (read vs write) and what cost data they ultimately have access to.
2. Who is the customer?
The customer is any Vantage user who requires more fine-grained access control in their organization - which tends to be larger enterprise organizations. From conversations with design partner customers on this feature there tends to be two main use-cases:
- Publicly Traded Companies: Publicly traded companies that need to segment cost data by specific teams because the total amount of cloud costs contributes so heavily to gross margin that is considered sensitive or inside information.
- Budget-sensitive private companies: Private companies with multiple cost-centers seeking to limit budgeted and actual spend visibility by business unit, projects or teams.
3. How much does this cost?
The cost of Vantage RBAC is included in the base subscription cost of customers in the Enterprise tier. If you are a current Enterprise customer, there is no additional cost to using RBAC and it will be present in your account at the time that this blog post is published.
4. I am a current Vantage customer with multiple people on my team - how does this impact me?
If you're an existing Vantage customer with multiple people on your team, you'll notice some changes when going to the team management page found here https://console.vantage.sh/settings/teams
- Users on your team who were previously designated as "owners" will still have the role “Owner”.
- Users on your team who were previously designated as “members” will now have the “Editor” role which maintains the same level of access as member.
- All users on your team will be part of an “Everyone” team which will be assigned access to all of your existing workspaces.
5. What is a “team” in the context of Vantage RBAC?
A team in the context of Vantage RBAC is used to group users and assign them access to specific workspaces. Workspaces have specific cost data assigned to them. Anyone who is part of a team will inherit the permissions assigned to that team. A team can have zero, one, or many team-members. A team has a unique name and an optional short description.
6. How do I create a new team?
You can create a team by heading to your team management page found here: https://console.vantage.sh/settings/teams a team just requires a unique name.
7. How do I assign specific data to a workspace?
Visit https://console.vantage.sh/settings/workspaces and edit a specific workspace. From there you will be able to select which integrations are assigned to that workspace.
8. Can I delete a team?
Yes. However, the default, “Everyone”, team can not be removed.
9. Can a user be part of multiple teams?
Yes.
10. How do I manage permissions and access control for a team?
When you go to your team management page there will be a list of teams in addition to a list of members. For each team, you'll have the ability to edit the team where you can:
- Edit the name of the team
- Add and remove team-members from the team.
- Assign a team to a specific workspace.
11. What is the list of roles I can assign to a user?
- Owner: Can manage billing, teams, integrations, workspaces.
- Editor: Can manage reports, recommendations, savings planner models, report notifications.
- Viewer: View only. Can Create API tokens.
12. When I invite a new member to my organization, can I automatically have them assigned to a team when they accept their invite?
Yes.
13. Can I send report notifications to teams instead of individuals as a result of Vantage RBAC?
Not yet but this will be coming soon. At that time, you may send report notifications to either individuals or groups by email.
14. Can I import “teams” from third party services such as Active Directory (or other SAML connections)?
Not at this time, but we plan to add this in the future.
15. Can workspace access be assigned to individuals or only teams?
At this access can only be assigned to teams. For enterprise customers they can create teams with single members and assign that team access to a workspace.
16. Can I assign data to a workspace through a set of filters as opposed to an entire AWS or Google billing account?
Not at this time, however this is something we are planning in the future.
17. Can I assign users specific permissions per team?
Not at this time, however this is something we plan to add in the future.
18. If I only have Viewer permissions, can I create Cost Reports and Models for my personal use?
Not at this time, however we may add the concept of a personal workspace in the future.
19. As a user, how do I know what teams I’m part of or what permissions I have?
You can visit the people page and see which members are assigned to which teams.
