Skip to main content

Roles and Permissions

Every frugally.app user is assigned a role that determines what actions they can perform. Roles are set at the team level — a user has the same role across all Connections, though Scopes can further restrict what they can see.

Available roles

RoleDescription
OwnerFull access to everything, including billing and team ownership transfer. Only one user can be the Owner.
AdminFull access to all features except billing management and ownership transfer. Can manage team members and roles.
MemberCan create and manage Targets, Schedules, and Executions. Cannot manage team settings or approve Guard Projects.
ViewerRead-only access. Can view Targets, Schedules, Executions, and dashboards but cannot make changes.

Permission matrix

Automate

ActionOwnerAdminMemberViewer
View TargetsYesYesYesYes
Create / edit TargetsYesYesYesNo
Delete TargetsYesYesNoNo
Run ExecutionsYesYesYesNo
View ExecutionsYesYesYesYes
Create / edit SchedulesYesYesYesNo
Delete SchedulesYesYesNoNo
Use Onboarding WizardYesYesYesNo

Intelligence

ActionOwnerAdminMemberViewer
View Cost ExplorerYesYesYesYes
View Commitment UtilisationYesYesYesYes
View Anomaly DetectionYesYesYesYes
Configure anomaly thresholdsYesYesNoNo

Guard

ActionOwnerAdminMemberViewer
View ProjectsYesYesYesYes
Create ProjectsYesYesYesNo
Approve / reject ProjectsYesYesNoNo
Create / edit BudgetsYesYesNoNo
View BudgetsYesYesYesYes
Configure Cost AttributionYesYesNoNo
View Cost AttributionYesYesYesYes
Manage ViolationsYesYesYesNo
View ViolationsYesYesYesYes
Run ScansYesYesNoNo
View Scan resultsYesYesYesYes
View Cost PostureYesYesYesYes
Complete Maturity AssessmentYesYesNoNo
Accept / dismiss RecommendationsYesYesYesNo
View Executive DashboardYesYesYesYes
Lock / unlock resourcesYesYesNoNo

Connections & Integrations

ActionOwnerAdminMemberViewer
View ConnectionsYesYesYesYes
Create / edit ConnectionsYesYesNoNo
Delete ConnectionsYesYesNoNo
Install / manage SlackYesYesNoNo
Install / manage GitHubYesYesNoNo

Team & Access

ActionOwnerAdminMemberViewer
View team membersYesYesYesYes
Invite / remove membersYesYesNoNo
Change member rolesYesYesNoNo
Create / edit GroupsYesYesNoNo
Create / edit ScopesYesYesNoNo
Approve access requestsYesYesNoNo
Configure SSO / SCIMYesYesNoNo

Billing

ActionOwnerAdminMemberViewer
View billingYesNoNoNo
Manage payment methodsYesNoNoNo
Change planYesNoNoNo
Transfer ownershipYesNoNoNo

Assigning and changing roles

  1. Navigate to Settings > Team Members
  2. Find the user and click their current role
  3. Select the new role from the dropdown
  4. Save

Only Owners and Admins can change roles. The Owner role can only be transferred — not assigned to multiple users.

note

Changing a user's role takes effect immediately. The user's current session is updated without requiring them to sign out.

Role inheritance with Groups

Roles and Groups are independent. A user's role defines what they can do, while their Group memberships (via Scopes) define what they can see. A Member in a Group with a narrow Scope can still create Targets — but only within the Connections visible to their Scope.

Scope bypass

Admins and Owners bypass all Scope restrictions. They always have full visibility across all Connections, Targets, and Schedules. This ensures administrators can manage the entire environment without being limited by Scope assignments.