User Permissions System

StratoLens access control built on Azure Entra ID. Grant access to users or Entra groups, pick from six built-in roles or define your own, and restrict any grant to specific Azure subscriptions or management groups.

The Problem

Giving teammates the right level of access to a cloud-management tool usually means a tradeoff:

All-or-nothing roles force you to over-provision people who only need read access to one area
Separate user lists drift out of sync with the identity directory you already maintain
No data scoping means a contractor brought in for one subscription sees the entire estate

The Solution

StratoLens uses Azure Entra ID for sign-in and layers role and scope controls on top:

Sign in with Entra ID: No separate StratoLens password. Group membership flows through automatically
Six built-in roles: Viewer, Operator, Manager, Administrator, Cost Analyst, Resource Viewer
Custom roles: Pick from 30 permissions across Resource Access, Security & Compliance, Scanning & Operations, and System Settings
Data Access Scopes: Restrict any user or group to specific Azure subscriptions or management groups

Key Benefits

Grant access to Entra groups so team membership stays in sync automatically

Six built-in roles cover the common cases without any custom configuration

Custom roles let you build exactly the permission set a job needs

Data Access Scopes restrict any grant to specific subscriptions or management groups

Common Use Cases

Onboard a new FinOps analyst with the Cost Analyst role and no setup

Restrict a contractor to a single subscription with a scoped Viewer grant

Build a custom Auditor role that sees policy compliance and audit logs but no cost data

Ready to Learn More?

Explore our documentation to see how User Permissions System works in detail.

Read Documentation View All Features