costlensroles permissions
Roles & Permissions
Three roles control what each user can see and do within your CostLens organization.
Last updated: May 2025
CostLens uses three roles to control what each user can see and do within your organization.
Admin
Full access including team management.
- View all dashboard data
- Add and remove AWS accounts
- Trigger account syncs
- Approve, dismiss, and apply fixes
- Manage team: invite, change roles, remove members
- Use Aevi AI assistant
Operator
Can sync and apply fixes — no team management.
- View all dashboard data
- Trigger account syncs
- Approve, dismiss, and apply fixes
- Use Aevi AI assistant
- ✗ Cannot add or remove accounts
- ✗ Cannot manage team members
Viewer
Read-only access to all data.
- View all dashboard, recommendations, billing, fix history
- ✗ Cannot make any changes in AWS
- ✗ Cannot approve, dismiss, or apply fixes
- ✗ Cannot add or remove accounts
- ✗ Cannot manage team members
Permissions summary
| Action | Admin | Operator | Viewer |
|---|---|---|---|
| View dashboard & billing | ✓ | ✓ | ✓ |
| Trigger account sync | ✓ | ✓ | ✗ |
| Approve / dismiss recommendations | ✓ | ✓ | ✗ |
| Apply fixes | ✓ | ✓ | ✗ |
| Add / remove AWS accounts | ✓ | ✗ | ✗ |
| Invite / manage team members | ✓ | ✗ | ✗ |
| Edit org settings | ✓ | ✗ | ✗ |
| Use Aevi AI | ✓ | ✓ | ✓ |