Customize Service Portal Roles for Users

Service Portal roles provide end users with access to the Service Portal, and they provide the set of permissions that determine what users can see and do in the Service Portal.

To learn how to assign Service Portal roles to end users or edit and delete Service Portal roles, see Create Organizations.

Service Portal permissions

The following Service Portal roles exist in a new installation of Commander:

View Only
Customer
Delegated Admin
Manager

The table below provides details on all Service Portal permissions, as well as the default settings for the default roles.

To access the Service Portal roles in Commander, go to Configuration > Identity and Access and then select the Service Portal Roles tab.

Service Portal Permissions

Basic Operations
Available Permissions	Details	View Only	Customer	Delegated Admin	Manager
Connect/Disconnect Media	Connect or disconnect media associated with the VM.	—			
Open Console	Open and work in a VM console.	—			
Open Remote Session	Access a VM through a remote session (such as SSH or VNC).	—			
Power On/Off	Start, stop, reset and suspend services; reboot databases; edit the start order for virtual services; run guest OS power commands.	—			
Run Command Workflows	Use any commands that are identified and added to the Service Portal through a command workflow.	—			
Schedule Tasks	Schedule tasks, such as the delivery of saved search results through email and the application of rightsizing recommendations.	—			
Show Cost	View the costs associated with a service. This permission also controls visibility of the Costs section on the dashboard.				
Show Events & Tasks	View all the events and tasks that occurred for the selected service. These events and tasks include actions initiated by the Service Portal user as well as system events, tasks, and any other events and tasks that are generated by other users who have permission to work with that service.				
Show Search & Reports	Allows Service Portal users to schedule reports and to see the reports on the dashboard.				
View Cloud Account Details	View the Most Expensive Cloud Accounts widget in the Cost Dashboard and view cloud account names.	—	—	—	
Show Dashboard	View the Service Portal Dashboard. There are now options to set four different Service Portal landing pages. You must set permissions for at least one of the four available landing pages. See Select Service Portal landing pages.				
Resource Management
Available Permissions	Details	View Only	Customer	Delegated Admin	Manager
Request Service Change	Request a change to an existing service and request service decommissioning. If a user has either the Request New Service or the Request Service Change permission, they can also see the Service Requests pane on the dashboard.	—			
Show Performance	View performance information for individual VMs and the VM performance pane on the dashboard.	—			
Show Recommendations: Cost Increase	View and ignore VM upsizing recommendations; exclude VMs from all rightsizing recommendations.	—			
Show Recommendations: Cost Decrease	View ignore VM downsizing recommendations; exclude VMs from all rightsizing recommendations; view power schedule recommendations.	—			
Manage Kubernetes	Create, modify or delete resources in a Kubernetes namespace.	—			
New Service Requests
Available Permissions	Details	View Only	Customer	Delegated Admin	Manager
Easy Share	Share a copy of a VM with other users.	—			
Request Clone	Request a clone of a VM.	—			
Request New Service	Request a service from the Service Catalog. If a user has either the Request New Service or the Request Service Change permission, they can also see the Service Requests pane on the dashboard.	—			
Lifecycle
Available Permissions	Details	View Only	Customer	Delegated Admin	Manager
Modify Custom Attributes	Set values for any custom attribute fields applied to a service.	—	—		
Modify Expiry Date	Set the expiry date for a service.	—	—		
Modify Ownership	Assign the owners of a service.	—	—		
Modify Power Schedule Groups	Set the power schedule group for a VM; apply power schedule recommendations.	—	—		
Schedule Maintenance Tasks	Apply a rightsizing recommendation in the maintenance window.	—	—	—	—
Rename VMs	Rename a VM.	—	—	—	—
Organization Management
Available Permissions	Details	View Only	Customer	Delegated Admin	Manager
Approve Requests	Approve service requests from the Service Portal for requests where this user is the approver. Note that the approver also requires the Request New Service permission and the Request Service Change permission. If the requester is an organization member, the approver must be a member of the same organization and must have the Show All Organization Services permission.	—	—	—	
Manage Organization	Add or remove organization members and assign or edit members' roles. Manage member quotas. Adds the Management command to the Organization menu.	—	—	—	
Manage Organization Media	Upload and delete media files within media folders assigned to their organization.	—	—		
Show All Organization Services	View all services assigned to the organization. Adds the All Services in <organization> command to the Organization menu. Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.	—	—	—	
Show Cost Dashboard	View the Cost dashboard. Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.	—	—	—	
Manage Cost Anomalies	View and configure cost anomaly alerts and budget alerts. Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.	—	—	—	
Advanced Operations
Available Permissions	Details	View Only	Customer	Delegated Admin	Manager
Manage Global Media	Upload and delete media files in global media folders.	—	—	—	—
Manage VM Snapshots	Create, edit and delete the snapshot of a VM.	—	—	—	—
Modify VM CPU & Memory	Change the memory size or number of virtual processors on a VM.	—	—	—	—
Modify VM Storage	Increase or decrease storage on the VM.	—	—	—	—
Modify VM Network	Add, edit or delete network adapters.	—	—	—	—
Show External Page	Launch and view an external page from within the Service Portal.	—	—	—	—
Manage License Options	Allow license options to be enabled or disabled. For example, set the Azure Hybrid Benefit option on Azure VMs and Azure SQL databases.	—	—		

Create new Service Portal roles

Although you can add as many Service Portal user roles as you want, it is recommended that you limit the number of Service Portal user roles to allow for easier tracking and maintenance.

Access:	Configuration > Identity and Access
Available to:	Commander Roles of Superuser and Enterprise Admin

Go to the Service Portal Roles tab.
In the gray column to the right of the previously defined roles, select CLICK TO ADD NEW ROLE.
In the New Service Portal Role dialog, enter a unique role name and select OK.
You cannot use any of the Commander role names or Access Rights labels (Superuser, Enterprise Admin, Auditor, User, Administrator, Operator, Approver).
Select OK.
A column for the new Service Portal user role appears, with no permissions selected.
In the new column, select the permissions that you want to assign to the role and select Save.

You can now can assign the new role to user accounts. For more information, see Add User and Group Accounts and Assigning Roles.

Modify permissions for existing Service Portal roles

When you modify the permissions for an existing role, changes take effect with a user's next sign in to the Service Portal.

Access:	Configuration > Identity and Access
Available to:	Commander Roles of Superuser and Enterprise Admin

Go to the Service Portal Roles tab.
On the Service Portal Roles tab, locate the role in the table.
Select or clear any combination of the permissions in the column for that role and select Save.
Select Yes to confirm the change.

Rename Service Portal roles

Renaming a Service Portal role doesn't affect role assignment for users.

Access:	Configuration > Identity and Access
Available to:	Commander Roles of Superuser and Enterprise Admin

Go to the Service Portal Roles tab.
Select Rename at the bottom of a column.
In the Rename Service Portal Role dialog, change the name as required and select OK.

Delete Service Portal roles

You cannot delete a Service Portal user role if a user account has been assigned to that role. You must first unassign this role from the user account. For more information, see Edit or disable user accounts.

Access:	Configuration > Identity and Access
Available to:	Commander Roles of Superuser and Enterprise Admin

Go to the Service Portal Roles tab.
Select Delete at the bottom of a column and confirm the deletion.