Limiting access to cost management resources

Cost Management Service 1-latest

Learn how to secure your cost information

Red Hat Customer Content Services

Abstract

You might not want users to have access to all cost management data, but instead only data specific to their projects or organization. Cost management is part of the Red Hat Insights portfolio of services. The Red Hat Insights suite of advanced analytical tools helps you to identify and prioritize impacts on your operations, security, and business.

Chapter 1. Limiting access to cost management resources

You may not want users to have access to all cost data, but instead only data specific to their projects or organization. Using role-based access control, you can limit the visibility of resources involved in cost management reports. For example, you may want to restrict a user’s view to only AWS integrations, rather than the entire environment.

Role-based access control works by organizing users into groups, which can be associated with one or more roles. A role defines a permission and a set of resource definitions.

By default, a user who is not an administrator or viewer will not have access to data, but instead must be granted access to resources. Account administrators can view all data without any further role-based access control configuration.

Note

A Red Hat account user with Organization Administrator entitlements is required to configure account users on Red Hat Hybrid Cloud Console. This Red Hat login allows you to look up users, add them to groups, and to assign roles that control visibility to resources.

For more information about Red Hat account roles, see User Access Configuration Guide For Role-Based Access Control (RBAC) in the Red Hat Hybrid Cloud Console documentation..

1.1. Default user roles in cost management

You can configure custom user access roles for cost management, or assign each user a predefined role within the Red Hat Hybrid Cloud Console.

To use a default role, determine the required level of access to permit your users based on the following predefined cost management related roles:

Administrator roles

  • Organization Administrator: Can configure and manage user access and is the only user with access to cost management settings.
  • User Access Administrator: Can configure and manage user access to services hosted on Red Hat Hybrid Cloud Console.
  • Cloud Administrator: Can perform any available operation on any integration.
  • Cost Administrator: Can read and write to all resources in cost management.
  • Cost Price List Administrator: Can read and write on all cost models.

Viewer roles

  • Cost Cloud Viewer: Has read permissions on cost reports related to cloud integrations.
  • Cost OpenShift Viewer: Has read permissions on cost reports related to OpenShift integrations.
  • Cost Price List Viewer: Has read permissions on price list rates.

In addition to using these predefined roles, you can create and manage custom User Access roles with granular permissions for one or more applications in Red Hat Hybrid Cloud Console. For more information, see Adding custom User Access roles in the Red Hat Hybrid Cloud Console documentation.

1.2. Adding a role to a group

Once you have decided the correct roles for your organization, you must add your role to a group to manage and limit the scope of information that members in that group can see within cost management.

The Member tab shows all users that you can add to the group. When you add users to a group, they become members of that group. A group member inherits the roles of all other groups they belong to.

Prerequisites

  • You must be an Organization Administrator.
  • If you are not an Organization Administrator, you must be a member of a group that has the User Access Administrator role assigned to it.
Note

Only the Organization Administrator can assign the User Access Administrator role to a group.

Procedure

  1. Log in to your Red Hat organization account at Red Hat Hybrid Cloud Console.
  2. Click Settings Settings icon > Identity & Access Management to open the Red Hat Hybrid Cloud Console Settings page.
  3. In the Global navigation, click the User AccessGroups.
  4. Click Create group.
  5. Follow the guided actions provided by the wizard to add a group name, roles, and members.
  6. To grant additional group access, edit the group and add additional roles.

Your new group is listed in the Groups list on the User Access screen.

Verification

  • To verify your configuration, log out of the cost management application and log back in as a user added to the group.

For more information about configuring Red Hat account roles and groups, see User Access Configuration Guide For Role-Based Access Control (RBAC) in the Red Hat Hybrid Cloud Console documentation.

Providing feedback on Red Hat documentation

If you found an error or have a suggestion on how to improve these guidelines, open an issue in the cost management Jira board and add the Documentation label.

We appreciate your feedback!

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.