Platform groups and roles

The following articles are intended for Cloud Commander administrators who manage platform groups and roles:

Cloud Commander users only see the menu options and dialogs for their assigned roles. For all roles, see Platform roles dictionary.
If you can't see a menu option or dialog that you need, contact the Cloud Commander administrator at your MSP organization.

Platform groups

A platform user group is exclusive to Cloud Commander and is used to assign platform roles to members performing tasks in Cloud Commander.

Platform user groups are assigned platform roles that enable the group members to access and execute specific Cloud Commander tasks.

Most often, members of platform user groups are employees of your MSP organization who administer, manage, and monitor the Cloud Commander functions. However, you can enable your customers to manage their own products and subscriptions using Cloud Commander, so you may create a platform user group for that purpose.

Cloud Commander includes the following default platform user groups. You add users to the groups according to job responsibility. You can customize these groups or add your own platform user groups as needed:
  • CC Admins
  • CC Technicians
  • CC License Admins

Platform roles

A platform role is a set of permissions and privileges that you assign to users and groups in Cloud Commander scoped to a specific set of customers. These roles determine what actions users and groups can see and perform in Cloud Commander.

Platform roles make it possible to grant users and groups very specific access to certain functions scoped to customers in Cloud Commander. For example, using platform roles you can:

  • Allow a group of users to manage a subset of organizations by defining the scope where permissions apply.
  • Allow one user to manage licenses and another user to view reports.

One benefit of a role-based access control approach is that your technicians can execute tasks that normally require Microsoft Partner Center permissions, without giving them access to Microsoft Partner Center.

When you add a platform role assignment, it is made up of the following elements:

  • Member: Members, which can be users or groups, are assigned the platform role.
  • Scope: The scope defines the customers where the role permissions apply.

    If a group is assigned a platform role scoped to Customers A, B, and C. The users in that group have the right to view and manage Customers A, B, and C according to the permissions included in that platform role.

  • Permissions: Each platform role represents a collection of permissions. Permissions are the operations a user can perform, such as read, write, and delete. Platform roles can be high level, such as administrator roles, with a complete collection of permissions, or they can be specific with a limited collection of permissions, such as reader roles.