Skip to main content

Manage access control for CCM perspective folders

You can now manage access to Perspective folders by assigning Resource Groups to users bound by the roles assigned to them.

Perform the following steps to restrict access to a Resource Group:

  1. In Harness, go to Account Settings.

  2. Select Access Control.

  3. Select Roles.

  4. Click + New Role to create a custom role with the following permissions. For example, CCM Custom Role.

  1. Create another custom role with a different set of permissions.

  2. Select Resource Groups.

  3. Click + New Resource Group to create a new resource group.

  4. Select Account only in the Resource Scope dropdown list.

  5. In the Resources pane, select Cloud Cost management > Folders.

  6. To restrict access to specific folders, select Specified and then click Add.

  7. Add the selected folders and save the resource group settings.

  8. To bind the Role with the Resource Group, go to the Users tab on the Access Control page.

  9. Select the user you want to restrict access to.

  10. Click Manage Roles.

  11. Click Add in the Manage Role Bindings window.

  12. Select the Role and the newly created Resource Group to restrict access to folders.

  13. Select another Role and Resource Group to provide access to all other resources.

  14. Click Apply.

In Harness, the Perspectives page shows only the folders that the user has been granted access to. This means that the user cannot see or interact with any folder that they do not have permission to access.

A user can create Budgets for Perspectives only within the folders that they have been granted access to. For more information about Budgets, go to Create a Budget.

Similarly, on the Anomalies page, users can only view those anomalies associated with the perspectives located within specific folders that they have access to. The anomalies displayed also depend on the Perspective rule that restricts the user to a particular cloud provider account or a cost category, or a region. The out-of-the-box perspectives provided by Harness, as well as any other perspectives outside these folders, are not displayed. For more information about Anomalies, go to Detect Cloud Cost Anomalies.

For users with restricted access, Recommendations are displayed only for the Perspectives located within specific folders that they have access to. The user will be able to view and apply these recommendations. For more information, go to Recommendations.

A user with folder restrictions does not have permission to create new folders. This means that the user can only work within the existing folder structure that has been set up for them by an administrator.