Independent of the authentication method used (e.g. local user, Google Identity, or OIDC/SAML federation), roles are available to govern access to the ProsperOps Console.
Each user must be assigned to one of the following roles:
Viewer
Grants read-only access to the ProsperOps Console, with the exception of the User Management and Billing sections, which are not accessible.
Editor
Grants Viewer rights, plus the ability to add new AWS Organizations and GCP Billing Accounts, and configure cloud provider account access.
Owner
Grants full access to the ProsperOps Console, including the ability to view and manage users and billing.
Custom
Grants Editor or Viewer rights based on AWS Organization or GCP Billing Account. Owners with more than a single Organization or Billing Account added to ProsperOps can assign this role to users who should have different levels of access to each.
Note: Companies configured for OIDC/SAML federation will manage users and role membership via their corporate directory so the User Management section of the ProsperOps Console is disabled, regardless of role.