Cost Analysis With Role-Based Access Control
FAQs
Expand FAQs
1. How does RBAC improve security and access control in nOps?
RBAC limits access to cost data based on roles and responsibilities, ensuring users only see the information relevant to them. This reduces the risk of unauthorized data exposure and enhances security by restricting access to sensitive information.
2. What is a Showback policy in RBAC, and how does it work?
A Showback policy controls which Showback values a user can access. Admins can define policies to grant access to specific cost categories, ensuring users only see data associated with their assigned Showback values.
3. Can new Showback values be automatically included in an existing policy?
Yes, if the "Select All" option is enabled during policy creation, any new custom Showback values added later will automatically be covered by the policy. This keeps the policy up to date without manual changes.
4. What happens if a user doesn't have access to any Showback values?
If a user doesn't have access to any Showback values, they won't be able to view the Cost Allocation or Cost Analysis pages in nOps. These sections will be completely restricted.
5. How do default view permissions affect user access to Cost Analysis?
If a user has permission to access the default view, they will see the standard Cost Analysis page when logging in. Without this permission, they can only access the Showback view, limiting their ability to see non-allocated cost data.
Role-Based Access Control for Business Contexts
Role-Based Access Control (RBAC) is designed to provide precise control over who can access specific cost data within an organization. This system ensures that team members only see the information relevant to their roles, enhancing both security and efficiency.
Key Benefits of RBAC in Showback
-
Controlled Access: By implementing RBAC, you can restrict access to sensitive cost information, ensuring that members only see the data pertinent to their responsibilities. Team members benefit from quick access to the precise information they need without navigating through irrelevant data.
-
Enhanced Security: Limiting access reduces the risk of unauthorized data exposure, helping to maintain a higher security standard.
-
Efficient User Management: With RBAC, managing user permissions is streamlined. Roles are defined based on job functions, and users are assigned to these roles, automatically granting them the necessary permissions.
-
Improved Accountability: With role-specific access, team members can take ownership of their cloud usage and costs, promoting a culture of accountability and cost awareness.
How RBAC works: Flexible and granular access control
Roles define the data access permissions possessed by each user. Admins can modify and assign specific access through default or custom roles. RBAC policy is flexible and aligns object-level permissions in a similar manner to AWS Identity and Access Management (IAM).
Using RBAC, you can control access to the following policies:
| Term | Definition |
|---|---|
| Showback Values | This policy grants users access to specific Showback values based on their roles. It ensures that users can view only the cost data pertinent to their responsibilities, promoting both security and relevance in the data they access. |
| Cost Analysis Page Default View | This policy controls the default view settings on the Cost Analysis page. It ensures that users see a tailored, role-specific view of cost data when they access this page, streamlining their ability to analyze and manage cloud costs efficiently. |
Get Started with RBAC: Summary
To start using the Role-Based Access Control (RBAC) feature for Showback, follow these basic steps (described in more detail with screenshots below).
-
Access Cost Allocation:
- Navigate to Business Context → Cost Allocation.
-
Choose the Showback:
- Select the specific Showback you want to manage.
-
Modify Access Control:
-
Go to the detail page of the selected Showback.
-
Select the Showback values you want to include in the policy.
-
Click on Modify Access Control.
-
-
Create the Policy:
-
In the popup that appears, enter a Policy Name.
-
Select the checkbox if you want to grant access to the default view.
-
Select the members who should have access to these Showback values.
-
Save the policy to finalize it.
-
-
Manage Policies:
- You can see the list of all policies on this page: Team Members - Policies.
Get Started with RBAC: A Complete Guide
Navigate to the Cost Allocation in Business Contexts Plus
-
Go to nOps.
-
Navigate to Business Context → Cost Allocation.
Select the Showback
-
Choose the specific Showback you want to manage (e.g., "Cost Center").
-
Go to the detail page of the selected Showback.
Modify Access Control
-
Select the Showback values you want to include in the policy (e.g., 101, 102, 103).
-
Click Modify Access Control.
Create and Configure the Policy
-
In the popup that appears, enter a Policy Name.
-
Select the checkbox to grant access to the default view.
-
Choose the members to receive access.
-
Save the policy to finalize it.
Viewing Policies
-
You can view and manage all policies on this page: Team Members - Policies.
Use Cases & Examples
Let’s go through some real-world examples to illustrate how RBAC in Business Contexts Plus works.
Scenario 1: Member’s Access Without Default View and Only One Showback Access
Cost Allocation:
-
When the member logs in and navigates to the Cost Allocation section, they will see only the Showback values (101, 102, 103) specified in their policy.
Cost Analysis
-
Since the member does not have access to a default view, they will only see the Showback view without the default view option.
Scenario 2: Member’s Access Without Default View and Multiple Showback Access
Cost Analysis:
-
Without default view access, the member will see a dropdown to change the Showback view, but they will not have the default view option available.
Scenario 3: Member’s Access With Default View
Cost Analysis:
-
With default view access, the member will see the default view on the Cost Analysis page and will have the option to switch from the default view to the Showback view.
Scenario 4: Member Without Any Showback Access
Cost Allocation:
-
The member will have no access to the Cost Allocation section.
Cost Analysis:
-
The member will not be able to access the Cost Analysis page.
When creating a policy, if the user selects the “Select All” option (meaning all Showback values), any new custom Showback values added to that Showback after the policy is created will also be included in the policy. This ensures that the policy remains up-to-date with any changes or additions to the Showback values.
For instance, if you initially select all existing Showback values and later add new values to the Showback, these new values will automatically be covered by the policy, eliminating the need for manual updates.
