As FinOps programs scale — particularly within larger enterprise organizations — it becomes increasingly important for different roles within the organization to have access to different sets of data to make informed, proactive decisions related to their specific areas of responsibility.
With this business requirement in mind, our team has been diligently working over the last few months to research and develop a modern approach to role-based access control (RBAC) that is purposefully designed to provide a seamless, secure, and contextually relevant experience for all users, particularly those who wear multiple hats within their organization.
The CloudZero platform now gives administrators the ability to control user access to cloud spend data through the creation and management of user groups. This functionality allows administrators to create groups in the CloudZero console, assign access rules to each group, and then add users to the group, or groups, that aligns precisely with the level of data access and visibility they need to do their job.
Administrators can also create these groups based on CloudZero Dimensions — precise, team-specific cost lenses that make clear who’s responsible for which portions of your spending.
This newly enhanced RBAC functionality is not just about improving security controls — though that remains a key benefit. With this set of features, we equip users to view the right data in the right context, ensuring they can make proactive decisions to optimize cloud costs efficiently. By tailoring data access to specific roles and responsibilities, users can navigate their cloud spend data with precision and clarity.
While our customers will recognize some of the individual features included in User Groups as having rolled out months ago, I wanted to take some time to talk about the functionality holistically and explain what makes this different from other RBAC capabilities in this space.
Building RBAC On Top Of Dimensions
What makes CloudZero’s user groups unique is that we built it on top of our Dimensions functionality, allowing administrators to provide each user group with extremely specific views of spend data.
For those who are not already familiar with our platform, you can think of Dimensions as business-centric filters that allow users to view, slice, and analyze spend data from specific angles. Each Dimension can be thought of as one business-relevant way to understand spend.
For example, standard Dimensions in the platform include Cloud Provider, Region, Account, etc. Our platform also analyzes all of the tags in your environment and creates Dimensions out of those, making it incredibly easy to view data by the categories that are most meaningful to your specific business, such as by team, feature, or business unit.
The fact that we’ve built our new user management system on top of these Dimensions, or filters, means that administrators have an unprecedented ability to customize data access for each user group based on the way their business actually runs.
For instance, an administrator could easily create user groups for each specific engineering team, or for multiple teams working on a single feature, or for a single business unit that is working on multiple products.
Admins can then put individual users in a single user group that matches their responsibilities with the data they have access to, or they can put users in multiple groups that allows them to switch context depending on the specific project or team they are working on at any given time.
Combining Security And Context
All of the examples above explain how user groups allow our customers to meet their security and data privacy needs by giving users all the access they need to get their job done and only that data.
Security-minded users, particularly those at larger companies with hundreds of technical staff, will appreciate individual features such as the ability to automatically manage CloudZero user groups via SSO, removing manual effort and human error to ensure users are always in the correct group(s) with the precise visibility needed to achieve their goals.
User groups also give administrators at organizations with particularly stringent compliance requirements the ability to expand their use of the CloudZero platform to additional departments who may not have previously been able to access the reports due to privacy concerns, greatly expanding the benefit their company as a whole receives from CloudZero.
But for typical users who do not necessarily have security as a core responsibility of their role (I know, we all should be considering security regardless of role, but you understand what I’m saying) this user groups functionality still provides significant value because of its ability to provide and maintain contextual relevance of all data and analysis put in front of them.
This saves users time sifting through and filtering out data that has little to no value to their role, and instead allows them to focus, investigate, and optimize the spend that they are actually responsible for managing.
In fact, one of our primary goals in creating this set of functionality was to increase engineering-led savings in each of our customers’ environments by limiting the need to filter and re-filter data to find the true gems that will truly save them a significant amount of money.
By making this experience as easy as possible, we believe we will continue to build upon our industry-leading ability to drive engineering engagement in FinOps activities and help our customers experience long-term success of their FinOps programs by getting the right data to the right people at the right time.
Want to learn more about all the benefits of the CloudZero platform? Register to attend an upcoming live demo, where you will get a tour of the product and be able to ask any questions you have about our solution.