Permissions
Strawly uses a role-based access control (RBAC) model. Every user is assigned a single role that determines what they can see and do.
Roles
Admin
Full access to everything in Strawly, including:
- All cost data and optimisation recommendations
- All module dashboards
- User management (create, edit, deactivate, delete users)
- Role assignment
- System settings and module configuration
- Billing and subscription settings (if applicable)
Assign this role to engineers or finance leads who need to manage the platform itself, not just use it.
Viewer
Read-only access to cost data and recommendations. Viewers can:
- Browse optimisation opportunities and dashboards
- Filter and export data they can see
- View their own profile and change their own password
Viewers cannot:
- Take action on recommendations (e.g. mark as implemented or dismissed)
- Manage users or settings
- Configure modules
Assign this role to stakeholders who need visibility into costs but should not be able to modify data or settings.
Role availability
Strawly is in active development. Additional roles (e.g. Editor, Module Admin) may be added in future releases. Check the releases page for updates.
Changing a user's role
Only Admins can change roles.
- Go to Settings → Users.
- Click the edit icon next to the user.
- Change the Role field.
- Click Save.
The change takes effect immediately. If the user is currently logged in, their permissions update on their next page load or action.
Protecting the admin role
Keep the number of Admin accounts to a minimum. Recommended practice:
- Create one personal Admin account per administrator
- Do not share Admin credentials
- Disable the default
admin@strawly.appaccount once you have a personal Admin account - Review the user list periodically and deactivate accounts that are no longer needed