User Roles
  • 18 Jun 2020
  • 4 Minutes To Read
  • Contributors
  • Print
  • Share
  • Dark

User Roles

  • Print
  • Share
  • Dark

Going Forward, Entities will be referred to as Resources. Activities Will be referred to as Automated Tasks.

Serverless360 lets organisations manage their Azure resources, those constitute their Line of Business. As an organisation you can add any number of your employees or external consultants as users to your Serverless360 account, to manage the associated resources. Employees using Serverless360 should be provided with the exact permission they need. Too many permissions can expose an account to security violations. Insufficient permissions mean that your employees can’t get their work done efficiently. User access policy with custom role capability helps address this problem of offering fine-grained access management for Serverless360.

User Roles

Serverless360 authenticates your organization users using your Azure Active Directory (AD). Users can be managed through the User Management feature under Settings module in Serverless360. New users can be assigned a role to define access control. The following table provides brief descriptions of the built-in roles:

Role Description CAN CAN'T
Administrator As an account owner, you have full control over the application including access to licensing Create and manage all resources, Invite Users to the account, Switch Account ownership to other Super User, Perform License Activation and Deactivation -
Super User Will have access to the whole application except licensing Create and manage all resources, Invite Users to the account Manage license

Switch Account Ownership

Current Serverless360 Administrator can transfer the account ownership with one of the Super Users through the following steps:

  1. Login to Serverless360 as Administrator
  2. In the User Management section under Settings, find the option to Switch Ownership
  3. Choose from the available Super Users to switch ownership with.
Switching Account Ownership is an irreversible action. All Administrator permissions will be transferred immediately

View user list in roles

As an Admin or superuser, It is also possible to find the users associated with a specific role as below:

  1. Go to Setting and Click on User Management.

  2. In the User Management section, click on the hyperlink against the role where the specified user would be.
    View user list

  3. Now you can find the list of users along with the specified user

User list

Custom Roles

Consider a business scenario, where the requirement is to provide Read-Only permission on a set of composite applications to a specific set of users. In this scenario, you can create a custom role definition along with the predefined roles.

To access User Management the signed-in user should either be an Administrator or a Super User
  1. Click 'Add Role' in the User Management screen
  2. Enter a 'Role Name' and 'Role Description'
  3. Select the Composite Applications that should be accessible to this role
  4. Define Overall permission, applicable to the selected Composite Applications and its associated resources:
    1. Read-Only- can view
    2. Manage - can manage
  5. Define permissions on 'Operations'
    1. Retrieve Message - Can view the message list and system properties
    2. Access Message Content - Can access message details like Custom Properties and Message body
    3. Process Message - Can perform message operations like defer, resubmit, repair & resubmit and delete the message
  6. Define permissions on 'Monitoring'
    1. 'View Alert History' -Can view the alert histories of the monitors already created
    2. 'Manage' - Can manage monitors


From Serverless360 2.0, a user can view associated resources in a Composite application to which the user is authorized. Define the manage permission on Technology Stack, explicitly for Service Bus, Logic Apps, and Azure Functions to permit CRUD operations on the associated resources. Choosing,

  1. Manage - can perform CRUD operation on the associated resources
  2. Select View or Download option on Governance & Audit


Mapping Multiple Roles to User

Let us consider a shipping company which need to manage their Azure Serverless application built with Azure Serverless services. They have DevOps engineers who perform CRUD operations in the Azure resources and support engineer who has read-only permissions to provide support to their customers.
Consider three Composite Applications in Serverless360

  • Order Verification and processing,
  • inventory management
  • record keeping

and two roles

  • DevOps Engineer
  • Support Engineer


DevOps engineer:

The role DevOps engineer has permissions to manage Azure resources in Composite Application ‘Order verification and processing ‘and ‘Inventory management ‘.

Support engineer:

The role Support engineer has permissions to read data from Azure resources in Composite Application ‘Record keeping ‘and ‘Inventory management ‘.


Let’s consider 'Adam' who is a DevOps engineer but also performs support tasks at times. Here mapping multiple roles to the user comes into picture where Adam will be a part of both the roles. Since Adam is a part of both the roles the permissions for the Composite Application and resources will be applied as follows

Composite Application Name Composite Application permission Azure resources permission
Order verification and processing Manage Manage
Inventory management Manage Manage
Record keeping Read-only Read-only

'Inventory management' is a Composite Application which has Manage permission in DevOps Engineer role and Read-only permission in Support engineer role. Since Adam is a part of both the roles the highest permission is applied to that composite Application.


Additional Pointers

Serverless360 custom role can be leveraged to:

  • Restrict users to hold:

    • read-only or manage access to a selected Composite Applications (Logical group of Azure resources)
    • read-only or manage access to a specified Technology stack (Service Bus, Logic App, Azure Function etc)
    • permission only to Process Messages on resources associated within a Composite Application
    • permission only to perform a specified action like View and Download Governance and Audit report
      as the business scenario demands
  • Define custom permissions to a group of users

We'd love to hear your thoughts
Please visit our feedback system to suggest new Features or Enhancements. You can also take a look at our Roadmap
Was This Article Helpful?