CostLensRoles & Permissions
Roles & Permissions
Three roles control what each user can see and do within your CostLens organization.
Updated May 20251 min read
CostLens uses three roles to control what each user can see and do within your organization.
Admin
Full access including team management.
- View all dashboard data
- Add and remove AWS accounts
- Trigger account syncs
- Approve, dismiss, and apply fixes
- Manage team: invite, change roles, remove members
- Use Aevi AI assistant
Operator
Can sync and apply fixes — no team management.
- View all dashboard data
- Trigger account syncs
- Approve, dismiss, and apply fixes
- Use Aevi AI assistant
- ✗ Cannot add or remove accounts
- ✗ Cannot manage team members
Viewer
Read-only access to all data.
- View all dashboard, recommendations, billing, fix history
- ✗ Cannot make any changes in AWS
- ✗ Cannot approve, dismiss, or apply fixes
- ✗ Cannot add or remove accounts
- ✗ Cannot manage team members
Permissions summary
| Action | Admin | Operator | Viewer |
|---|---|---|---|
| View dashboard & billing | ✓ | ✓ | ✓ |
| Trigger account sync | ✓ | ✓ | ✗ |
| Approve / dismiss recommendations | ✓ | ✓ | ✗ |
| Apply fixes | ✓ | ✓ | ✗ |
| Add / remove AWS accounts | ✓ | ✗ | ✗ |
| Invite / manage team members | ✓ | ✗ | ✗ |
| Edit org settings | ✓ | ✗ | ✗ |
| Use Aevi AI | ✓ | ✓ | ✓ |