Roles and Access
Common questions about roles, permissions, groups, scopes, and access requests in frugally.app.
What roles are available?
frugally.app has four built-in roles:
| Role | Description |
|---|---|
| Viewer | Read-only access to dashboards, cost data, and execution history |
| Contributor | Everything in Viewer, plus create and manage Targets, Schedules, and Guard projects |
| Admin | Everything in Contributor, plus manage team settings, billing, integrations, and user roles |
| Owner | Full access including account deletion. Assigned to the user who created the team |
For the full permissions matrix, see Roles and Permissions.
How do I change a user's role?
- Go to Settings > Team in the dashboard.
- Find the user and click Edit.
- Select the new role and save.
Only Admin and Owner roles can change other users' roles.
What are groups?
Groups are collections of users that share access policies and notification preferences. For example, you might create an "Engineering" group with access to development Connections and a "Finance" group with access to cost data only.
See Groups for details.
What are scopes?
Scopes are permission boundaries that limit what a user or group can see and act on. A scope can restrict visibility to specific Connections, accounts, or resource tags.
See Scopes for details.
How do access requests work?
If a user needs access to a resource or project outside their current scope, they can submit an access request:
- The user clicks Request Access on the restricted resource.
- An admin or designated approver receives a notification.
- The approver approves or denies the request with an optional note.
- The user is notified of the decision.
See Access Requests for details.
Can I use SSO to manage access?
Yes. On the Enterprise plan, you can configure SAML SSO and SCIM provisioning to manage users and groups from your identity provider (Okta, Azure AD, OneLogin, etc.).
What plan do I need for advanced access controls?
| Feature | Free | Pro | Enterprise |
|---|---|---|---|
| Basic roles (Viewer, Contributor, Admin) | Yes | Yes | Yes |
| Groups | — | Yes | Yes |
| Scopes | — | Yes | Yes |
| Access requests | — | Yes | Yes |
| SSO (SAML) | — | — | Yes |
| SCIM provisioning | — | — | Yes |
See Plans and Credits for the full plan comparison.