Managing User Roles
This topic describes user roles within managed accounts that permit different levels of access privilege.
When logged into a partner account, you can assign user roles to control the actions and permissions of users in managed accounts. This table summarizes each user role and its supported functionality, indicated by a ✓.
Important
Only a partner account user with Company Admin privileges can create managed accounts and onboard managed account users.
Action |
 Company Admin |
 Technical Admin |
 Technical Contact |
 Finance |
 Financial Contact |
 Read Only |
|---|---|---|---|---|---|---|
| Create managed account | ✓ | |||||
| Onboard managed account users | ✓ | |||||
| Create services | ✓ | ✓ | ✓ | |||
| Delete services | ✓ | ✓ | ||||
| Design services | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Update a service | ✓ | ✓ | ✓ | |||
| View services | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Lock and unlock services | ✓ | |||||
| Create, view, and edit service keys | ✓ | ✓ | ✓ | |||
| View usage | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create, view, and update users | ✓ | |||||
| Update user details | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Here are some details to consider when creating user roles:
- Company Admin – We recommend limiting the number of Company Admin users to only those who require full access, but defining at least two Company Admin users for redundancy.
- Technical Admin – This role is for technical users who know how to create and approve orders.
- Technical Contact – This role is for technical users who know how to design and modify services but don’t have the authority to approve orders.
- Finance – Finance users should have a financial responsibility within the organization while also understanding the consequences of their actions if they delete or approve services.
- Financial Contact – This user role is similar to the Finance role without the ability to place and approve orders, delete services, or administer service keys.
- Read Only – Read Only is the most restrictive role. Note that a Read Only user can view service details which you may want to keep secure and private. A user with the read-only role can view service details which might contain information about the service that you want to keep secure and private.
You can add user roles when you create a new user, or you can edit user information to change their role. For more information about adding a new user, see Adding and Modifying Managed Account Users.
Note
To edit user credentials, you need Company Admin privileges.
To manage user roles and permissions
- Log in to a partner account with Company Admin privileges.
-
Choose Company > Manage Users.
The Manage Users page appears. This page lists existing users and you can add a new user or edit existing user privileges and contact information.
-
Click Edit to modify an existing user’s role or click New User (at the bottom of the page) to set up a new user and define their role.
- Select the role for the user.
- Click Save.