LogoLogo
Contact Us
  • Finout Documentation
  • Get Started with Finout
    • Introduction to Finout's Suite of Features
    • Onboarding New Users to Your Finout Account
    • Single Sign-On (SSO) Setup
    • Enterprise Discount Program (EDP)
    • Cost and Usage Types
      • FairShare Cost
      • List Cost
  • Integrations
    • Cloud Services
      • Connect to AWS
      • Connect to Azure
      • Connect to Oracle
      • Connect to GCP
    • Third Party
      • Connect to Confluent
      • Connect to Databricks
      • Connect to Snowflake
      • Connect to Jira
      • Connect to Datadog
        • Datadog API Cost Calculation
        • Datadog Integration Levels
        • Datadog Usage Attribution Tags (UAT)
      • Connect to Microsoft Teams
      • Connect to ServiceNow
      • Custom Cost Centers
      • Credentials Vault
    • Telemetry
      • S3 Telemetry Integration
      • Setting Up a Datadog - Finout Metrics Integration (Export)
      • MegaBill Telemetry
    • Kubernetes
      • Connect to Kubernetes Prometheus
      • Kubernetes - How Finout Calculates K8s Costs
      • Kubernetes MegaBill
      • Kubernetes Budgeting
      • Kubernetes Anomaly Detection
      • Kubernetes Custom Dashboards
      • Kubernetes Predefined Dashboards
      • Ensure Compatibility of Your Kubernetes Monitoring with Finout
  • User Guide
    • Inform
      • MegaBill
      • Custom Drilldown
      • Custom Cost Input
      • Virtual Tags
        • Relational Virtual Tags
      • Shared Cost Reallocation
        • How to Use Shared Cost Reallocation
      • FinOps Dashboards
      • Financial Plans
      • Data Explorer
    • Optimize
      • My Commitments
      • Commitments Log
      • Anomalies
      • CostGuard
        • CostGuard - Scans
        • Connect CostGuard for AWS
        • Connect CostGuard for GCP
    • Operate
      • Reports
      • Tag Governance
  • Configuration
    • Finout API
      • Generate an API Token
      • Filter Object Definition
      • Cost API
      • Query Language API
      • Virtual Tags API
      • CostGuard API
      • Endpoint API
      • Virtual Tag Metadata API
    • Role-Based Access Control (RBAC)
      • Role Permissions
      • Managing Roles
        • Creating a Custom Role
        • Permissions List
        • Managing a Role and its Permissions
      • Managing Users
        • Inviting a User
        • Edit a User's Roles
      • Data Access Control
      • Groups
        • Create a New Group
        • Edit Group Data Access
        • Delete a group
        • Edit Group Users and SAML Groups
      • RBAC FAQs
    • Endpoints
      • Slack Notification Endpoint
  • Common Features
    • List of Common Features
      • ACL Permissions
      • Saved Views
Powered by GitBook

Still need help? Please feel free to reach out to our team at support@finout.io.

On this page

Was this helpful?

Export as PDF
  1. Configuration
  2. Role-Based Access Control (RBAC)

RBAC FAQs

Understanding Finout’s Roles, Permissions, and User Groups.

  1. What is the significance of having an admin role in terms of data access?

    Admin roles do not automatically grant universal data access. An admin who is not part of any group will not have access to any data. In Finout’s RBAC system, being part of specific groups determines access to data, not just the role title itself.

  2. How can I set up a user or group to have access to all data within Finout? ​

    To ensure a user or group has access to all data, they must be included in every relevant group. Alternatively, you can create a group with Discretionary Access Control (DAC) rules that explicitly grant access to every organizational unit or dataset you wish to include, ensuring comprehensive access.

  3. Is it possible to have an “admin” group that sees everything? How does it work?

    Yes, you can create an “admin” group with comprehensive access by ensuring it’s part of every necessary group or by setting DAC rules that grant access to all organizational units or datasets. This setup will allow the admin group to see everything across the platform.

  4. Can we set up a read-only group that has access to all data?

    Similar to creating an admin group with full access, a read-only group can be established by ensuring it has DAC rules for every organizational unit or dataset. This setup would grant read-only access to all data across the platform to members of this group.

  5. Who has access to dashboards in Finout, and how is data visibility controlled?

    In Finout, all users have access to all dashboards, as the platform does not yet support Access Control Lists (ACL) for dashboard accessibility. However, the visibility of data within these dashboards is governed by data access permissions tied to the groups a user is part of. This ensures that while users can view any dashboard, the data displayed is filtered according to their group memberships and the specific permissions those groups have.

  6. Can read-only users modify dashboards in Finout?

    No, read-only users cannot edit dashboards in Finout. While they have access to view all dashboards, their permissions are limited to viewing data only. This restriction is in place to prevent unauthorized modifications to dashboards, ensuring that only users with the appropriate permissions can make changes. ​

  7. If a user belongs to multiple SAML groups that have corresponding groups in Finout, will Finout assign the user to all of these matching groups?

    Yes, if a user belongs to multiple SAML groups that have corresponding groups in Finout, Finout will assign the user to all of these matching groups. ​

PreviousEdit Group Users and SAML GroupsNextEndpoints

Last updated 7 months ago

Was this helpful?