Independent of the authentication method used (e.g. local user, Google Identity, or OIDC/SAML federation), roles are available to govern access to the ProsperOps Console.
Each user must be assigned to one of the following roles:
Viewer
Grants read-only access to the ProsperOps Console, with the exception of the User Management and Billing sections, which are not accessible.
Editor
Grants Viewer rights, plus the ability to add new AWS Organizations, Google Cloud Billing Accounts, and Azure Billing Scopes, and configure cloud provider account access.
Owner
Grants full access to the ProsperOps Console, including the ability to view and manage users and billing.
Custom
Grants Editor or Viewer rights based on AWS Organization, Google Cloud Billing Account, or Azure Billing Scope. Owners with more than a single cloud billing entity added to ProsperOps can assign this role to users who should have different levels of access to each.
Note: Companies configured for OIDC/SAML federation will manage users and role membership via their corporate directory so the User Management section of the ProsperOps Console is disabled, regardless of role.