StratoLens LogoStratoLens

User Permissions System

StratoLens decides who can sign in, what they can do, and which Azure resources they see. Sign-in goes through Azure Entra ID, capabilities come from roles, and data is filtered by an optional scope on each grant.

What You'll Learn

This documentation covers everything you need to manage access:

  • How sign-in, roles, and data scopes fit together
  • Grant access to a user or an Entra ID group
  • Restrict any grant to specific subscriptions or management groups
  • Edit or revoke an existing grant
  • Define custom roles when the six built-in ones don't fit

Key Capabilities

Entra ID Sign-In

No separate StratoLens password. Every sign-in goes through your Entra ID tenant, so MFA, conditional access, and password policy already apply.

Direct or Group Grants

Assign a role to an individual user, or to an Entra ID security group so every member inherits access. Group changes in Entra propagate automatically.

Six Built-in Roles

Viewer, Operator, Manager, Administrator, Cost Analyst, and Resource Viewer cover the common patterns without any custom configuration.

Custom Roles

Build a role from any combination of the 30 permissions across Resource Access, Security & Compliance, Scanning & Operations, and System Settings.

Data Access Scopes

Restrict a grant to specific Azure subscriptions or management groups. Scoped users see only their slice of the estate, with no error pages or special handling.

Permission-Gated Navigation

Sidebar items only appear for users with the relevant permission. Two teammates with different roles see different navigation, by design.

Documentation Sections

Start with Concepts if you're new to access control in StratoLens. Jump straight to User & Group Access for day-to-day administration.

Concepts

Sign-in, roles, permissions, scopes, and grants, and how they combine to decide what a user can see and do.

Read: Concepts →

User & Group Access

Grant, edit, and revoke access for users and Entra ID groups. Apply scope restrictions during the same flow.

Read: User & Group Access →

Custom Roles

Define roles tailored to your organization with any combination of the 30 available permissions.

Read: Custom Roles →

Want to learn more about what User Permissions System can do?

Check out the feature page for benefits, use cases, and highlights.

View Feature Page