Users and Roles
Overview
Ternary provides five user roles that determine what actions a user can perform in the platform. Roles are designed to provide the right level of access for different responsibilities, from basic viewing to full tenant or multi-tenant administration.
Available roles
| Role | Description |
|---|---|
| Partner Admin | Special role for Managed Service Providers (MSPs) to access multiple customer tenants, including viewing, configuring, and managing them. |
| Tenant Admin (formerly Owner) | Full control over the tenant, including user management, integrations, and advanced settings. |
| Full Access User | Advanced permissions to create, edit, and manage most resources without tenant-level administration. |
| Basic User (formerly Regular User) | Standard role for creating and managing dashboards, budgets, reports, and viewing most data. |
| Limited User | Entry-level role focused on viewing data and creating basic items like reports and dashboards. |
Role comparison
Create actions
| Permissions | Limited User | Basic User | Full Access User | Tenant Admin | Partner Admin |
|---|---|---|---|---|---|
| Budgets | Y | Y | Y | Y | Y |
| Case & Case Comments | Y | Y | Y | Y | Y |
| Dashboard | Y | Y | Y | Y | Y |
| Report | Y | Y | Y | Y | Y |
| Resource Subscription | Y | Y | Y | Y | Y |
| Savings Opportunity | Y | Y | Y | Y | Y |
| Alert Rule | N | Y | Y | Y | Y |
| Cost Compare Bill | N | Y | Y | Y | Y |
| Ramp Plan | N | Y | Y | Y | Y |
| Custom Labels & Metrics | N | N | Y | Y | Y |
| Label Grouping Rules & Preferences | N | N | Y | Y | Y |
| Data Integration | N | N | N | Y | Y |
| User & User Group Configurations | N | N | N | Y | Y |
| Kubernetes Pod Labels | N | N | N | Y | Y |
View (Read) actions
| Permissions | Limited User | Basic User | Full Access User | Tenant Admin | Partner Admin |
|---|---|---|---|---|---|
| Budgets | Y | Y | Y | Y | Y |
| Cases | N | Y | Y | Y | Y |
| Dashboards | Y | Y | Y | Y | Y |
| Reports & Report Data | Y | Y | Y | Y | Y |
| Resource Subscriptions | Y | Y | Y | Y | Y |
| Recommendations | Y | Y | Y | Y | Y |
| Savings Opportunities | Y | Y | Y | Y | Y |
| Cost Alerts (Anomalies) | Y | Y | Y | Y | Y |
| Ramp Plans | N | Y | Y | Y | Y |
| Label Map & Preferences | Y | Y | Y | Y | Y |
| Reallocations & Jobs | N | Y | Y | Y | Y |
| Data Integrations | Y | Y | Y | Y | Y |
| Kubernetes Pod Labels | N | N | Y | Y | Y |
| Roles & User Roles | N | N | N | Y | Y |
Update (Edit) actions
| Permissions | Limited User | Basic User | Full Access User | Tenant Admin | Partner Admin |
|---|---|---|---|---|---|
| Resource Subscriptions | Y | Y | Y | Y | Y |
| Budgets | N | Y | Y | Y | Y |
| Cases | N | Y | Y | Y | Y |
| Dashboards | N | Y | Y | Y | Y |
| Reports | N | Y | Y | Y | Y |
| Recommendations | N | Y | Y | Y | Y |
| Alert Rules | N | Y | Y | Y | Y |
| Ramp Plans | N | Y | Y | Y | Y |
| Label Grouping Rules & Preferences | N | N | Y | Y | Y |
| Savings Opportunities | N | N | Y | Y | Y |
| Reallocations | N | Y | Y | Y | Y |
| Measure Preferences | N | N | Y | Y | Y |
| Tenant-wide Settings | N | N | N | Y | Y |
| User Roles & Group Configs | N | N | N | Y | Y |
Delete actions
| Permissions | Limited User | Basic User | Full Access User | Tenant Admin | Partner Admin |
|---|---|---|---|---|---|
| Resource Subscriptions | Y | Y | Y | Y | Y |
| Budgets | N | Y | Y | Y | Y |
| Reports | N | N | Y | Y | Y |
| Ramp Plans | N | N | Y | Y | Y |
| Label Grouping Rules | N | N | Y | Y | Y |
| Custom Labels & Metrics | N | N | Y | Y | Y |
| Savings Opportunities | N | N | Y | Y | Y |
| Reallocations | N | N | Y | Y | Y |
| Kubernetes Pod Labels | N | N | N | Y | Y |
| Data Integrations | N | N | N | Y | Y |
| User Group Configurations | N | N | N | Y | Y |
Special actions
| Permissions | Limited User | Basic User | Full Access User | Tenant Admin | Partner Admin |
|---|---|---|---|---|---|
| Generate Cost Compare report | N | Y | Y | Y | Y |
| View Committed Use page | N | Y | Y | Y | Y |
| Trigger reallocation | N | N | Y | Y | Y |
| Grant/revoke tenant access | N | N | N | Y | Y |
Role summaries
Limited User - For team members who primarily need to view data and run basic reports
- View dashboards, reports and basic cost information
- Create simple items like reports and budgets
Basic User - For users actively managing costs and reporting
- Everything a Limited User can do
- Plus: Create and edit budgets, dashboards and ramp plans
- View recommendations and run comparisons
Full Access User - For power users managing complex workflows and optimizations
- Everything a Basic User can do
- Plus: Manage custom labels, metrics, reallocations and advanced reporting tools
- Trigger reallocations and manage measure preferences
Tenant Admin - For administrators managing the entire tenant
- Everything a Full Access User can do
- Plus: Full control of integrations, Kubernetes labels and user roles
- Grant or revoke access and update tenant-wide settings
Partner Admin - For MSPs managing multiple customer tenants
- Cross-tenant view of usage, costs, and configurations
- Ability to configure, update, and manage tenants
- Ideal for partners who need to support multiple customers
Role | Scope | Best for |
|---|---|---|
Limited User | Single tenant | New team members who need to view data and run simple reports. |
Basic User | Single tenant | Managing budgets, dashboards, and reports. |
Full Access User | Single tenant | Power users who need advanced optimization and reporting control. |
Tenant Admin | Single tenant | Full administration and user management. |
Partner Admin | MSP Parent Tenant and all Child Tenants | Cross-tenant management, reporting, and support. |
Updated 1 day ago