Documentation and Best Practices

Learn how to use Cloudability and get the most out of our cloud cost management tool.


Enterprise Access Control (EAC)

What is Enterprise Access Control (EAC) ?

EAC provides business-aligned identity and access control to the Cloudability platform to enable the right individuals to access the right data in the right context to empower optimal cloud financial management across their organization.

Before EAC, the Cloudability platform had limited role-based permissioning; in combination with the increasing number of personas involved given the complexities of cloud cost management, customers were asking for a flexible framework to share accountability across the organization through access control to features and constructs based on their user's unique personas.

This Beta release represents a milestone for the Apptio Cloudability platform by introducing an access control paradigm whereby access rights to Cloudability features and constructs are granted to user roles through permissions. Extensive changes were made to the Cloudability codebase to create this new granular permissioning framework, including updates to support a tight integration with Apptio’s Frontdoor.

With these extensive changes now in place, this Beta release introduces the first enhancement: role-based access control to first-class platform features, persona-aligned custom Cloudability Role creation, and support for IdP role mapping to custom Cloudability roles.


Who is EAC for?

The ideal customer profile for this feature has a large, diverse userbase of technical, finance and business managers that requires access to Cloudability across many functional groups. Each group often leverages the platform for different reasons and to gather differing data sets.


Personas & Use Cases

As the complexity involved with cloud cost management increases, so too does the number of personas involved.  Cloudability's EAC a role-based permissioning feature that provides a framework to share accountability across the organization that curates access to features and data based on each target persona.  Table 1 below lists a few examples of use cases and corresponding personas that are align with EAC's paradigm

Table 1. Assigning secure access to the right platform features and data enabling context that is appropriate to a user's role for their cloud cost reporting needs.


Use Case

Cloudability Platform Use 

Power User 

Cloud Center of Excellence (CCoE); focus: deep understanding of cloud cost mgmt; administration of platform; enablement of colleagues 


Program Manager or Product Owner 

 focus: cloud costs in the context of project/product they own 

ad hoc; weekly; depending on need 

DevOps User 

cloud operations; focususage optimization and automation 

ad hoc; weekly 

Finance User 

analysis and cadence reporting at organization level; focusplanning, budgeting, & forecasting 

weekly; monthly; quarterly 


senior management; focusfinancial overview and direction 

ad hoc; quarterly 



How does EAC Work?

Administrators can leverage their experience with Apptio Frontdoor via the familiar Frontdoor "Access Administration" portal and the user/role/permission management menus to login and curate their user's Cloudability experience.

As a Frontdoor administrator, the workflow involves the Frontdoor Access Administration portal to access the functions for granting roles and permissions to users for accessing Cloudability features and constructs.

When a user logs into the Cloudability platform, the permissions assigned via the Frontdoor Access Administration portal will control access to the platform features and constructs based on their assigned permissions.

Figure 1. Cloudability user roles & permissions via Frontdoor Access Administration



Figure 2. Curating a User's experience with a custom role & permissions




Frequently Asked Questions

 What if I create a Cloudability role and forget to assign any permissions?

no problem! By default, all user roles have access to baseline features in Cloudability; these features are cost analytics for reporting, dashboards and TrueCost Explorer. And additional features can be accessed by assigning permissions to the role.


What happens to users when you delete a Cloudability role?

As long as at least 1 user has been granted the Cloudability role, Frontdoor will not allow you to delete that role. all usage of the role must be removed before it can be deleted.


Does EAC support customer’s IdP role mappings?

yes. IdP role mapping to Frontdoor Cloudability custom roles is supported.



Additional Resources

Getting Started with Apptio Frontdoor and the Access Administration Console 

Manage Users With Frontdoor And Cloudability

Managing user permissions and roles

Apptio Frontdoor Administrators Guide




Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.