Flexera One Roles
The Flexera One Administration module enables you to manage users, user groups, and roles across Flexera One accounts. Roles and accounts are scoped to an Organization, allowing greater control across multiple Flexera One accounts for performing management actions (like granting user roles).
An Organization is a container for settings, users, and accounts. The name of the Organization is shown in the Organization selector on the top right of the page in Flexera One. For existing customers, we have automatically created an Organization based on your Organization master account.
The following tables provide descriptions of each role available in Flexera One, categorized by logical capability groups:
IT Assets (IT Asset Management)
Automation
The following table describes Flexera One roles used with Flexera One Automation. For additional information, see Getting Started with Automation.
| Role | Description | 
|---|---|
| Approve policies | Full access to approve remediation actions for policy incidents, but this role doesn't configure the policies. | 
| Create policies | Full access to develop custom policies (or customizes pre-built policies) by writing Policy Template code. This user has the ability to design and develop their own templates and test them in the accounts they have access to. Once a template is deemed ready for the organization to use, this user works with the policy publisher to make the policy available in the Policies Catalog. | 
| Manage policies | Full access to control which policies are applied to the scopes they have access to and how those policies behave. | 
| Publish policies | Full access to modify which policies are available in the Policies Catalog, either by publishing policies built by policy designers, or by hiding policies that are pre-built from Flexera. | 
| View policies | Read-only access to view dashboard, incidents, and applied policies. | 
Cloud Commitment Management
The following table describes Flexera One roles used with Cloud Commitment Management. For related information, see Getting Started with Cloud Commitment Management).
| Role | Description | 
|---|---|
| Administer Commitment Management | Full access to manage accounts and view savings of commitment management. | 
| View Commitment Management | Ability to view accounts and savings of commitment management. | 
Cloud Cost Optimization
The following table describes Flexera One roles used with Cloud Cost Optimization. For related information, see Getting Started with Cloud Cost Optimization.
| Role | Description | 
|---|---|
| Manage bill adjustments | Full access to manage bill adjustments in Cloud Cost Optimization. | 
| Manage bill ingestion | Full access to manage the ingestion of public, private and custom cloud billing data using the Common Bill Ingestion (CBI) feature. | 
| Manage billing centers | Full access to configure Billing Centers and management of user access to Billing Centers. Full read access except to Bill Adjustments and registration of billing data. | 
| Manage budget | Full access to manage budgets and view cloud billing data. Enabling this permission allows users to view all cloud costs across the organization, regardless of their Billing Center-scoped cost visibility settings. | 
| Manage cloud | Full access to all features and functionality in Cloud Cost Optimization. This includes the ability to manage user access to Billing Centers, register new billing data (such as AWS), configure Billing Centers, Bill Adjustments, custom dimensions, recommendations, currency, and organization dashboards. | 
| Manage cloud dashboard | Full access to manage public and default custom Cloud Cost Optimization Dashboards. | 
| Manage rule-based dimensions | Full access to manage rule-based dimensions in Cloud Cost Optimization. | 
| Manage tag dimensions | Full access to manage tags dimensions in Cloud Cost Optimization. | 
| View bill adjustments | Ability to view bill adjustments (read-only access) in Cloud Cost Optimization. | 
| View budgets | Ability to view a list of cloud budgets and view budget dashboards. A user with this role can only view budget dashboard segments for which they have cost access. Cost access is granted at the billing center or organization level. | 
| View cloud costs | Full access to user specific dashboards. Read-only access to Cloud billing data, Organization dashboards, recommendations, and reserved instances. Administrators can limit access to specific Billing Centers. | 
| View commitments | Ability to view details of utilization for commitments. | 
Cloud License Management
The following table describes Flexera One roles used with Cloud License Management.
| Role | Description | 
|---|---|
| Billing configuration | Full access to configure billing data in Cloud License Management. This role is limited to operators who have the Manage organization role access. | 
| Bill processing status | Read access to view the bill processing status in Cloud License Management. This role is limited to operators who have the Manage organization role access. | 
| Manage rule-based dimensions | Full access to manage rule-based dimensions in Cloud License Management. | 
| Manage tag dimensions | Full access to manage tags dimensions in Cloud License Management. | 
| View cloud software spend | Read-only access to view Cloud License Management dashboards and reports. | 
Data and Analytics
The following table describes Flexera One roles used with Data and Analytics:
| Role | Description | 
|---|---|
| Manage GraphQL UI | Full access to GraphQL Query Generator feature. | 
| Manage custom reports | Full management functionality for custom report creation in Power BI. | 
| Query Graphql | Full access to Data APIs to query and filter inventory data. | 
Discovery and Inventory
The following table describes Flexera One roles used for Common Inventory Tasks for Data Collection:
| Role | Description | 
|---|---|
| Delete external inventory connections | Gives permission to delete external inventory connections in IT Visibility. | 
| Manage discovery & inventory | Access to discovery and inventory functionality, including the ability to download, configure, and delete beacons. | 
| View discovery & inventory | Read-only access to discovery and inventory functionality including the ability to view a list of beacons, beacon properties, and third party import statuses. | 
Flexera One SaaS Management
The following table describes the Flexera One roles used for Flexera One SaaS Management:
| Role | Description | 
|---|---|
| Administer SaaS | Provides read and write access to all Flexera One SaaS Management capabilities. | 
| Flexera One SaaS Management access | Provides access to Flexera One SaaS Management, and the Flexera One SaaS Management Settings. Note: This role has been superseded by Administer SaaS, Manage SaaS integration & imports, and View SaaS. When you assign roles to users, select any of these three roles instead. | 
| Manage SaaS integration & imports | Provides read and write access to create and manage the Flexera One SaaS Management connectors and data imports. | 
| View SaaS | Provides read access to a subset of Flexera One SaaS Management capabilities. This includes applications, subscriptions, users, unmanaged assets, consumptions, custom fields, connectors, and data imports. | 
IT Assets (IT Asset Management)
The following table describes Flexera One roles used in product areas that work with IT assets. For related information, see Getting Started with IT Asset Management and Getting Started with SaaS Management.
| Role | Description | 
|---|---|
| Administer SaaS | Full access to all SaaS features and functionality. This includes the ability to read, create new, edit, and delete where applicable. If a user has the Administer SaaSrole, it is not necessary to assign any other role to the user with respect to SaaS functionality. | 
| Manage SaaS applications & users | Full access to all pages within the applications section of the SaaS navigation, except for unsanctioned spend. A user with this role also has access to all pages of the Userssection. This access includes the ability to read, create new, edit, and delete where applicable. | 
| Manage SaaS import APIs | Read and edit access to create and manage SaaS import jobs using an API. Administrators should assign SaaS import job service accounts to this role. | 
| Manage SaaS licenses | Read and edit access to SaaS and SaaS licenses, including ability to view all users of applications in Flexera One. | 
| Manage SaaS security | Full access to manage unsanctioned applications. In addition, this role has read-only access to the SaaS applications, team members list, and audit logs. Users with this role cannot view the SaaS dashboard. | 
| View IT assets | Access to IT Asset Management. The IT Asset Management application only. To use IT Asset Management, a Flexera One user must also have a corresponding account in IT Asset Management (where more granular IT Asset Management-specific authorizations are granted). For more information, see Managing IT Asset Management Accounts. | 
| View IT assets & call APIs | Access to IT Asset Management including the ability to call all Flexera REST API endpoints. This Flexera One role provides access to the IT Asset Management Application only. To use IT Asset Management, a Flexera One user must also have a corresponding account in IT Asset Management (where more granular IT Asset Management-specific authorizations are granted). For more information, see Managing IT Asset Management Accounts. | 
| View SaaS | Read-only access to view SaaS dashboard, team members screens and all pages within the applications and users sections of the SaaS Navigation. This user has no creation, editing, or deletion abilities. | 
| View SaaS applications | Read-only access to all SaaS applications. This role is suggested for every employee, so they can see which applications are supported by their Organization and who to contact if they want to request a license. An application viewer cannot view the annual spend column in the application. | 
IT Visibility
The following table describes Flexera One roles used with IT Visibility. For related information, see Getting Started with IT Visibility as well as Getting Started with IT Visibility Beacons.
| Role | Description | 
|---|---|
| Export data | Read-only access to IT Visibility Data Exports. | 
| Manage Dashboards | Ability to access Data Explorer to create and save insights and custom dashboards, copy and edit out-of-the-box dashboards, as well as upload custom data mashups. | 
| Manage connections | Full access to IT Visibility Connections, which is required to create a connection. | 
| Schedule & export data | Full access to IT Visibility Data Exports, which is required to schedule an export. | 
| View & Create insights | Within IT Visibility, this role gives full access to Data Explorer to create and save insights. | 
| View IT Visibility | Read-only access to the IT Visibility Dashboard and Connections. | 
Other
The roles defined in the following table are miscellaneous roles used throughout Flexera One that are not specific to any one product area.
| Role | Description | 
|---|---|
| Read Technopedia Data | Ability to access Technopedia datasets via APIs. | 
| View Vendor Workspaces | Ability to view vendor workspaces. This role also provides a user access to cost APIs at the organization level. This role’s privileges give access to all cost data. As a result, this role should be granted and used with caution. | 
Platform Administration
The following table describes Flexera One roles used in administration of the Flexera One platform. For related information, see Getting Started with Administration.
| Role | Description | 
|---|---|
| Administer organization | Access to the Administration section of Flexera One where the role can be used to invite users, manage user roles, setup single sign-on, and so on. The Administer organizationrole cannot grant theManage organizationrole. | 
| Manage organization | Full access to all organization capabilities. This role is used for all actions that require an org-level administrator. | 
Plugins
The following table describes Flexera One roles used with plugins.
| Role | Description | 
|---|---|
| Manage cloud resources | Admin-level access (including all Create, Replace, Update, and Delete operations) on cloud resources, which includes credentials, plugins, and registrations. In addition, this role gives read-only access to the cloud resources in IT Visibility. | 
| View cloud resources | Read-only access to cloud resources, which includes credentials, plugins, and registrations. In addition, this role gives read-only access to the cloud resources in IT Visibility. | 
SBOM Management
The following table describes Flexera One roles used with SBOM Management.
| Role | Description | 
|---|---|
| SBOM Manager | Access to all functionality that manages SBOMs, including managing buckets, parts, SBOMs, and jobs. | 
| SBOM Viewer | Access to view buckets, catalogs, SBOM parts, and files and to search buckets and catalogs | 
| Retrieve Data from the SBOM Data Library | Access to retrieve data from the SBOM Data Library for component, license, and security vulnerability lookups. | 
| Retrieve License Texts from the SBOM Data Libary | Access to retrieve license texts from the SBOM Data Library. | 
Self-Service CloudApps
The following table describes Flexera One roles used with Self-Service CloudApps.
| Role | Description | 
|---|---|
| Launch & manage cloud apps | End User privileges in Self-Service to view the Catalog and CloudApps and can launch and manage CloudApps. Users with this role are the primary consumers of Self-Service. | 
| Manage self-service | Designer privileges in Self-Service to view the Design menu to upload and publish CATs, manage Schedules, and interact with the Cloud Workflow Console. | 
| View self-service | Observer privileges in Self-Service to view the Catalog and run CloudApps, but cannot take any action on them (such as launch or terminate). | 
Technology Spend
The following table describes Flexera One roles used with the Technology Spend dashboard.
| Role | Description | 
|---|---|
| Manage Technology Spend | Ability to access the data explorer to create and save insights and custom dashboards, copy and edit out-of-the-box dashboards, as well as upload custom data mashups. | 
| View & Create Insights | Within Technology Spend, this role gives full access to the data explorer to create and save insights. | 
| View Technology Spend | Read-only access to the Technology Spend dashboard. |