Manage your enterprise

You can create or join multiple Astra DB organizations to separate resources, billing, projects, access, and more. Organizations are either standalone or part of an enterprise:

Standalone organizations: On the Free and Pay As You Go subscription plans, organizations have no relationship to each other, and they are managed independently.
Enterprise organizations: On the Enterprise subscription plan, you can use enterprise organization management to centrally manage multiple related organizations under one enterprise.

Your Astra DB account can belong to both types of organizations, and you can be both an Enterprise Administrator and an Organization Administrator.

Enterprise organization management is limited to specific administrative activities for the organizations within an enterprise:

At the enterprise scope, you can do the following

Change the enterprise display name.
Add organizations to the enterprise.
Delete organizations.
Manage enterprise users and roles.
Manage enterprise application tokens.

At the enterprise scope, you can’t do the following

Manage payment methods or view billing details. Subscription plans, payment methods, and invoicing are available at the organization level.
Directly interact with resources in organizations, such as databases. However, you can Create organization application tokens for use within organizations. For example, you can’t use an enterprise token for database operations, but you can create an application token to interact with databases in a specific organization.
Manage organizations that are outside your enterprise, even if you are the Organization Administrator for that organization. This includes your default (personal) organization. If you need to manage an organization that is outside your enterprise, you must first switch to that organization.

Enterprise settings

In the Astra Portal, you can view and manage enterprise settings:

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
In the Settings navigation menu, select the resource that you want to view or manage:
- Overview: View a summary of enterprise-wide usage and credits and manage organizations in your enterprise.
- General: Get your enterprise ID and edit your enterprise’s name.
- Users: Manage enterprise-level users.
- Roles: Manage enterprise-level custom roles.
- Tokens: Manage enterprise application tokens.

Get your enterprise ID

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
On the General page, click Copy to copy the enterprise ID.

Edit the enterprise name

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
On the General page, click Edit to change the enterprise’s display name.

A successful response returns an array of client objects, where each clientId represents a token identifier. The response includes the roles assigned to each token, but the secret and token values are excluded.

{
  "clients": [
    {
      "clientId":"DkFtHKMhDQDuQtlExkSzwbya",
      "roles":[ "21ef3576-0197-415a-b167-d510af12ecf0" ],
      "generatedOn":"2021-02-22T17:09:58.668Z"
    },
    {
      "clientId":"eYSboCJaESiblJZnKZWMxROv",
      "roles":[ "21ef3576-0197-415a-b167-d510af12ecf0" ],
      "generatedOn":"2021-04-28T18:49:11.323Z"
    }
  ]
}

Revoke enterprise tokens

Enterprise application tokens never expire.

As a best practice, rotate or revoke unused and potentially compromised tokens.

Astra Portal
DevOps API

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
In the Settings navigation menu, click Tokens.
In the Manage existing tokens section, locate the the token you want to delete, and then click Delete.

To delete a token, use DELETE /v2/tokens:

curl -sS -L -X DELETE "https://api.astra.datastax.com/v2/tokens/CLIENT_ID" \
--header "Authorization: Bearer ENTERPRISE_APPLICATION_TOKEN" \
--header "Content-Type: application/json"

Replace the following:

CLIENT_ID: The client ID of the token that you want to delete. To get a token’s client ID, see Get a list of enterprise tokens.
ENTERPRISE_APPLICATION_TOKEN: An application token with the Enterprise Administrator role.

Create organization application tokens

If you have a role with the ent-token-write permission, such as the Enterprise Administrator role, then you can create application tokens to access organizations in your enterprise.

Astra Portal
DevOps API

To create organization application tokens in the Astra Portal, see Edit organization settings.

To programmatically generate an application token for an organization in your enterprise, use POST /v2/tokens:
```
curl -sS -L -X POST "https://api.astra.datastax.com/v2/tokens" \
--header "Authorization: Bearer APPLICATION_TOKEN" \
--header "Content-Type: application/json" \
--data '{
  "orgId": "ORG_ID",
  "roles": [ "ROLE_ID", "ROLE_ID" ]
}'
```
Replace the following:
- APPLICATION_TOKEN: Either an enterprise application token or organization application token.
- ORG_ID: The identifier of the organization that the token will belong to. To get the organization ID, see Edit organization settings. If omitted, the organization can be assumed from the application token if it isn’t an enterprise application token.
- ROLE_ID: An array of one or more roles to assign to the token. Make sure that you select roles that are available to the specified orgId.
  
  To get role IDs, use GET /v2/organizations/roles. The roles returned by this request depend on the scope of the provided application token. Enterprise application tokens are limited to enterprise roles. To get an organization’s roles, you must use an application token scoped to that organization.

Get the token from the response:

{
  "clientId": "zjCEYwRGWocLfQJHBNQxvorr",
  "secret": "SLR...",
  "orgId": "dccb8c32-cc2a-4bea-bd95-47ab8eb20510",
  "roles": [ "21ef3576-0197-415a-b167-d510af12ecf0" ],
  "token": "AstraCS:...",
  "generatedOn": "2021-04-30T19:38:26.147847107Z",
}

Enterprise organizations

To view and manage organizations in your enterprise, do the following:

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.

Your enterprise’s Overview page lists all organizations in your enterprise.

From here, you can add organizations, delete organizations, and edit organization settings.

Add an organization to your enterprise

You can create new organizations directly in your enterprise and transfer existing organizations into your enterprise.

Default (personal) organizations can’t belong to an enterprise.

Transfer an organization

You can transfer an existing organization to your enterprise if all of the following conditions are met:

The organization isn’t in another enterprise.
The organization isn’t a default (personal) organization.
You are the Enterprise Administrator and the organization’s Organization Administrator.

To transfer an existing organization to your enterprise, contact DataStax Support.

Create an organization

When you create an organization from the enterprise level, the organization automatically belongs to your enterprise.

If you need to create an organization outside of your enterprise, switch to your personal organization, and then create a standalone organization.

Astra Portal
DevOps API

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
On your enterprise’s Overview page, click Create Organization.
Enter a name for the organization and an optional description.

When you create an organization in the Astra Portal, you are the initial Organization Administrator. The Organization email defaults to your Astra DB account email address. After you create the organization, you can invite another Organization Administrator, and then change the organization email.
Click Create Organization.
(Recommended) Invite users to the organization.

To create an organization in your enterprise, use POST v2/enterprises/organizations:

curl -sS -L -X POST "https://api.astra.datastax.com/v2/enterprises/organizations" \
--header "Authorization: Bearer ENTERPRISE_APPLICATION_TOKEN" \
--header "Content-Type: application/json" \
--data '{
  "name": "ORG_NAME",
  "email": "ORG_EMAIL",
  "adminUserID": "ORG_ADMIN_ID",
  "enterpriseID": "ENTERPRISE_ID"
}'

Replace the following:

ENTERPRISE_APPLICATION_TOKEN: Your enterprise application token.
ORG_NAME: The name for the new organization.
ORG_EMAIL: The email address to receive administrative notifications related to this organization. Usually this is the email address of the user specified in adminUserID.
ORG_ADMIN_ID: The Astra DB user ID of the user who will be the initial Organization Administrator. The user must have an active Astra DB account.

To get a list of users in an organization, including their user IDs, use GET /v2/organizations/users. This endpoint requires an organization application token, not an enterprise application token.
ENTERPRISE_ID: Your enterprise ID.

Response

A successful response returns an object containing organization details, including the new organization’s ID. DataStax uses the organizationGroupId to track organization usage for your enterprise.

{
  "OrganizationName": "Example Org",
  "OrganizationID": "ORG_ID",
  "OrganizationEmail": "admin@acme-enterprises.com",
  "MarketplaceData": {},
  "CreatedAt": "2024-06-14T15:41:45.395919529Z",
  "LastModified": "2024-06-14T15:41:45.395919529Z",
  "OrgType": "organization",
  "EnterpriseId": "ENTERPRISE_ID",
  "OrganizationGroupId": "ORG_GROUP_ID"
}

Delete an organization

After you add an organization to your enterprise, you can’t transfer it out of your enterprise. To remove an organization, you must delete it.

To delete an organization from the enterprise level, you must be an Enterprise Administrator and the organization’s Organization Administrator. If you don’t have these roles, an Organization Administrator can delete the organization from the organization level.

To prepare the organization for deletion, clean up organization resources, such as databases and streaming tenants. For more information, see Delete an organization.
In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
On your enterprise’s Overview page, in the Organizations section, locate the organization you want to delete, click More, and then select Delete.
Enter the organization’s name, and then click Delete Organization to permanently delete the organization.

Edit organization settings

Organization settings, including billing, are separate from enterprise settings.

To manage an organization’s settings, you must be an Organization Administrator for that organization.

In the Astra Portal, you can access organization settings through your enterprise settings:

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
On your enterprise’s Overview page, in the Organizations section, click the name of the organization you want to edit.
In the Settings navigation menu, select the category of settings that you want to manage for the organization:
- General: Get the organization ID and edit organization metadata. See Edit organization settings.
- Users: See Manage users.
- Roles: See Manage roles and permissions.
- Tokens: See Manage application tokens and Create organization application tokens.
- Integrations: Manage built-in integrations, such as vectorize embedding providers. See Integrations overview.
- Billing: View and manage the organization’s subscription plan, payment method, invoices, and usage. See Enterprise billing and usage.
- Security: Manage organization security configurations, such as SSO, customer keys, audit logs, the DevOps API IP access list, and custom domains.

Enterprise billing and usage

On your enterprise’s Overview page, you can view a summary of enterprise-wide usage and credits:

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.

To get additional information, including usage reports, billing details, and payment methods, you must navigate to each organization’s Billing page or use the DevOps API. For more information, see the following:

Manage payment methods and view bills
Download an organization usage report
Download an enterprise usage report
Get usage for the current month
Get usage for a specific time range

Manage payment methods and view bills

To view and manage billing and payment methods for an individual organization, you must access the organization’s settings. For more information, see Understand your bill.

Download an organization usage report

To download a usage report CSV for an individual organization, do the following:

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
On your enterprise’s Overview page, in the Organizations section, click the name of any organization in your enterprise.
In the Settings navigation menu, click Billing.
In the Usage section, click Download Usage as CSV to download usage history for the current month, the prior month, or the prior two months.

The report is limited to the organization you are currently viewing in the Astra Portal. To retrieve data for all organizations in your enterprise, see Download an enterprise usage report.

Usage report contents

The usage report CSV file includes the following columns:

PRODUCT: The name of the Astra DB product or service generating usage.
ORG_ID: The organization ID.
ORG_NAME: The organization name.
RESOURCE_ID: The ID of the resource generating usage, such as a database or streaming tenant.
RESOURCE_NAME: The resource name.
REGION: The region where the resource is deployed and generating usage.
CLOUD_PROVIDER: The cloud provider that hosts the given REGION.
CLASSIFICATION: The region pricing classification, such as standard or premium.
ZONE: Indicates if usage is coming from a specific zone, including na (North America), apac(Asia Pacific), or emea (Europe, Middle East, Africa).
CLUSTER_SIZE: For Astra DB Classic databases, this is the cluster size, such as c10 or c20. For Astra DB Serverless databases, this is empty.
AZ_COUNT: For Astra DB Serverless databases, this is 3 because these databases are triple replicated to three availability zones. For Astra DB Classic databases this is empty regardless of actual replication.
USAGE_TYPE: The specific type of usage that was generated.
USAGE: The amount of usage generate.
USAGE_UNIT: The unit of measurement for USAGE, such as hour, gib, or million.
CURRENCY_TYPE: The currency type used for billing.
UNIT_PRICE: The price per unit of usage in the given CURRENCY_TYPE.
CALCULATED_COST: The total cost for an amount of USAGE during the given time period defined by the TIMESTAMP columns.
BREAKDOWN_START_TIMESTAMP: The beginning of the period for which usage was calculated.
BREAKDOWN_END_TIMESTAMP: The end of the period for which usage was calculated.

Download an enterprise usage report

Use the DevOps API to generate and download a detailed monthly usage report for all organizations and resources in your enterprise.

It can take some time to generate the report, depending on the number of organizations and resources in your enterprise, because this report contains detailed usage data. To get usage summaries for specific organizations or resources, see Get usage for a specific time range and Get usage for the current month.

Initialize report generation:
```
curl -sS -location -X POST "https://api.astra.datastax.com/v2/enterprises/billing-reports/generate-report" \
--header "Authorization: Bearer ENTERPRISE_APPLICATION_TOKEN" \
--header "Content-Type: application/json" \
--data '{
  "month": "REPORT_MONTH_NUMBER_STRING",
  "year": "REPORT_YEAR_NUMBER_STRING"
}'
```
Replace the following:
- ENTERPRISE_APPLICATION_TOKEN: Your enterprise application token.
- REPORT_MONTH_NUMBER_STRING and REPORT_YEAR_NUMBER_STRING: The month and year for which you want to generate the report represented as string-formatted numbers, such as "02" and "2025".
  
  This endpoint can’t retrieve data prior to November 2024.
From the response, get the reportId.
Get a link to download the generated report as a CSV file:
```
curl -sS -location -X GET "https://api.astra.datastax.com/v2/enterprises/billing-reports/REPORT_ID" \
--header "Authorization: Bearer ENTERPRISE_APPLICATION_TOKEN" \
--header "Content-Type: application/json"
```
Replace the following:
- ENTERPRISE_APPLICATION_TOKEN: Your enterprise application token.
- REPORT_ID: The reportId returned from /v2/enterprises/billing-reports/generate-report.
From the response, use the csvDownloadUrl to retrieve the generated report.

The availability of the download link depends on the report status:
- PENDING: The report is queued for generation
- INITIATED: The report is being generated
- COMPLETED: The report is ready for download
- FAILED: The report failed to generate
Review the report contents.
Usage report contents
The usage report CSV file includes the following columns:
- PRODUCT: The name of the Astra DB product or service generating usage.
- ORG_ID: The organization ID.
- ORG_NAME: The organization name.
- RESOURCE_ID: The ID of the resource generating usage, such as a database or streaming tenant.
- RESOURCE_NAME: The resource name.
- REGION: The region where the resource is deployed and generating usage.
- CLOUD_PROVIDER: The cloud provider that hosts the given REGION.
- CLASSIFICATION: The region pricing classification, such as standard or premium.
- ZONE: Indicates if usage is coming from a specific zone, including na (North America), apac(Asia Pacific), or emea (Europe, Middle East, Africa).
- CLUSTER_SIZE: For Astra DB Classic databases, this is the cluster size, such as c10 or c20. For Astra DB Serverless databases, this is empty.
- AZ_COUNT: For Astra DB Serverless databases, this is 3 because these databases are triple replicated to three availability zones. For Astra DB Classic databases this is empty regardless of actual replication.
- USAGE_TYPE: The specific type of usage that was generated.
- USAGE: The amount of usage generate.
- USAGE_UNIT: The unit of measurement for USAGE, such as hour, gib, or million.
- CURRENCY_TYPE: The currency type used for billing.
- UNIT_PRICE: The price per unit of usage in the given CURRENCY_TYPE.
- CALCULATED_COST: The total cost for an amount of USAGE during the given time period defined by the TIMESTAMP columns.
- BREAKDOWN_START_TIMESTAMP: The beginning of the period for which usage was calculated.
- BREAKDOWN_END_TIMESTAMP: The end of the period for which usage was calculated.

Get usage for the current month

Get a usage summary for the current month, optionally filtering on specific organizations or resources. To get usage for previous months or periods shorter than one month, see Get usage for a specific time range.

curl -sS -L -X POST "https://api.astra.datastax.com/v2/enterprises/consumption" \
--header "Authorization: Bearer ENTERPRISE_APPLICATION_TOKEN" \
--header "Content-Type: application/json" \
--data '{
  "organizations":
  [
    {
      "orgId": "ORGANIZATION_ID",
      "products": [
        {
          "productName": "pcu",
          "resourceIds": [
            "RESOURCE_ID",
            "RESOURCE_ID"
          ]
        }
      ]
    }
  ]
}'

Replace the following:

ENTERPRISE_APPLICATION_TOKEN: Your enterprise application token.
ORGANIZATION_ID: Provide one or more organization IDs to retrieve usage for specific organizations in your enterprise. If you specify multiple organizations, each organization must belong to its own object within the organizations array.

To retrieve usage for all organizations in your enterprise, omit organizations. However, DataStax recommends specifying at least one organization due to the amount of data this request can return for enterprises with many organizations. If you need to get usage data for your entire enterprise, consider downloading an enterprise usage report CSV file.

PRODUCT_NAME and RESOURCE_ID: products is an optional array that you can use to retrieve usage for specific resources in an organization.

If included, the products array consists of one or more objects, where each object contains a productName string and an array of resourceIds. For example, the following products object queries two Astra DB Serverless databases:

      "products": [
        {
          "productName": "serverless",
          "resourceIds": [
            "dda7ced6-e615-4023-8e7a-1e4429d43437",
            "0985a909-ecef-46e0-acf2-e1a8ebd51485"
          ]
        }
      ]

Valid values for productName include serverless (Astra DB Serverless databases), managed_cluster (Astra DB Classic databases), pcu, or streaming (Astra Streaming tenants).

To retrieve usage for all resources associated with a specific product, omit resourceIds or pass an empty array. To retrieve usage for all products and resources, omit products.

For examples of product names and resource IDs, send a request without products. The response includes usage for products, including productName and resourceId values that you can use to filter subsequent requests.

A successful response returns the following usage summary data:

totalCost: Total cost for the queried usage (current month, organization, products, and resources).
currencyType: The currency in which costs are calculated.
creditsInfo: The type of credits, based on the subscription plan.
total: Total credits available for the current month.
consumed: Credits consumed in the current month.
remaining: Credits remaining for the current month.
organizations: An array of objects providing usage and cost breakdowns by organization, further subdivided by products and resources. Individual resources can be broken into additional usage categories, such as regional usage.

To get a detailed usage report, see Download an enterprise usage report.

Get usage for a specific time range

Get a usage summary for a specific time range of up to 31 days, optionally filtering on specific organizations or resources:

curl -sS -L -X POST "https://api.astra.datastax.com/v2/enterprises/consumption" \
--header "Authorization: Bearer ENTERPRISE_APPLICATION_TOKEN" \
--header "Content-Type: application/json" \
--data '{
  "fromDate": "START_DATE_TIME",
  "toDate": "END_DATE_TIME",
  "organizations":
  [
    {
      "orgId": "ORGANIZATION_ID",
      "products": [
        {
          "productName": "pcu",
          "resourceIds": [
            "RESOURCE_ID",
            "RESOURCE_ID"
          ]
        }
      ]
    }
  ]
}'

Replace the following:

ENTERPRISE_APPLICATION_TOKEN: Your enterprise application token.
START_DATE_TIME and END_DATE_TIME: An optional date range for which you want to retrieve usage details. The entire range can’t exceed 31 days, and both dates must be in ISO RFC3339 format, such as "2021-05-06T06:13:23.57Z".

This endpoint can’t retrieve data prior to November 2024.
ORGANIZATION_ID: Provide one or more organization IDs to retrieve usage for specific organizations in your enterprise. If you specify multiple organizations, each organization must belong to its own object within the organizations array.

To retrieve usage for all organizations in your enterprise, omit organizations. However, DataStax recommends specifying at least one organization due to the amount of data this request can return for enterprises with many organizations. If you need to get usage data for your entire enterprise, consider downloading an enterprise usage report CSV file.

PRODUCT_NAME and RESOURCE_ID: products is an optional array that you can use to retrieve usage for specific resources in an organization.

      "products": [
        {
          "productName": "serverless",
          "resourceIds": [
            "dda7ced6-e615-4023-8e7a-1e4429d43437",
            "0985a909-ecef-46e0-acf2-e1a8ebd51485"
          ]
        }
      ]

Valid values for productName include serverless (Astra DB Serverless databases), managed_cluster (Astra DB Classic databases), pcu, or streaming (Astra Streaming tenants).

To retrieve usage for all resources associated with a specific product, omit resourceIds or pass an empty array. To retrieve usage for all products and resources, omit products.

A successful response returns the following usage summary data:

totalCost: Total cost for the queried usage (current month, organization, products, and resources).
currencyType: The currency in which costs are calculated.
creditsInfo: The type of credits, based on the subscription plan.
total: Total credits available for the current month.
consumed: Credits consumed in the current month.
remaining: Credits remaining for the current month.
organizations: An array of objects providing usage and cost breakdowns by organization, further subdivided by products and resources. Individual resources can be broken into additional usage categories, such as regional usage.

To get a detailed usage report, see Download an enterprise usage report.

Enterprise users and roles

Enterprise user and role management allows you to control access to your enterprise, separate from the individual organizations within your enterprise.

Enterprise RBAC is not a global RBAC tool.

Enterprise access is separate from organization access. For example, an enterprise user with the Enterprise Administrator role can’t manage resources in an organization unless they also have the Organization Administrator role in that organization.

When managing enterprise users and roles, consider your enterprise’s security policies and industry best practices for RBAC, such as the principle of least privilege. For more information about role-based access control (RBAC) in Astra DB, see Manage roles and permissions.

Manage enterprise users

To view and manage enterprise users in the Astra Portal, do the following:

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
In the Settings navigation menu, select Users.

The User management page for an enterprise lists all enterprise users. The Admin flag indicates users with the Enterprise Administrator.

To view users in specific organizations, see Edit organization settings.
To add a user, do the following:
1. Click Invite User.
2. Enter the user’s email address. This is the email address that the user will use to sign in to Astra DB.
3. Select enterprise roles to assign to the user.
  
  Inviting a user to your enterprise does not add the user to any organizations in your enterprise. If a user requires enterprise and organization access, you must invite them to the enterprise and each organization. For information about inviting users to organizations, see Manage users.
4. Click Invite User. The user receives an email invitation to join your enterprise. For more information, see Accept the invite.
To edit a user’s roles, click More, and then select Edit User.
To remove a user or revoke a pending invitation, click More, and then select Remove User.

This removes the user from your enterprise only. Organization Administrators must also remove the user from any organizations in your enterprise, if necessary. For more information, see Remove a user or revoke an invitation.

Manage enterprise roles

Enterprise roles are separate from organization roles.

The actions that a user can take at the enterprise level depend on the user’s enterprise role. The actions that a user can take within a specific organization depend on the user’s role in that organization.

You can use the default enterprise roles and create custom enterprise roles.

Default enterprise roles include the following:

Enterprise Administrator
Enterprise Billing Administrator
Enterprise Organization Administrator

To create and manage custom enterprise roles in the Astra Portal, do the following:

In the Astra Portal header, click Settings.
In the Settings navigation menu, click the name of the current organization or enterprise, and then select your enterprise.
In the Settings navigation menu, select Roles.

The Role management page for an enterprise lists all custom enterprise roles. To manage custom roles in a specific organization, see Edit organization settings.
To create a custom role, do the following:
1. Click Add Custom Role.
2. Enter a descriptive role name.
3. Assign enterprise permissions and resource scopes.
  
  For a list of enterprise permissions, see Enterprise Administrator role.
  
  For enterprise roles, the resource scope determines the organizations that the role can view at the enterprise level. For example, if you grant the org-user-read permission with only one organization in the role’s scope, then a user with this permission can view the users in that one organization only.
4. Click Create Custom Role.
To edit a custom role, click More, and then select Edit Role.
To delete a custom role, click More, and then select Delete Role.

The role is removed from all users and tokens that it was assigned to.

Enterprise Administrator role

Each enterprise has at least one Enterprise Administrator, and enterprise tokens have the Enterprise Administrator role.

The Enterprise Administrator role has the following permissions:

ent-billing-read: Retrieve billing details for organizations in the enterprise.
ent-billing-write: (Future functionality) Update billing details for organizations in the enterprise.
ent-user-read: Retrieve users with the Enterprise Administrator role.

To view users within an organization, you must have the org-user-read permission in that organization.
ent-user-write: Add or remove the Enterprise Administrator role from users.

To manage users within an organization, you must have the org-user-write permission in that organization.
ent-token-read: Retrieve enterprise application tokens and their details.

To view an organization’s application tokens, you must have the org-token-read permission in that organization.
ent-token-write: Create and revoke enterprise application tokens.

To manage an organization’s application tokens, you must have the org-token-write permission in that organization.
ent-org-manage: Create an organization under your enterprise.

To delete an organization, you must be the Organization Administrator for that organization.
ent-role-read: Retrieve enterprise-level custom roles.
ent-role-write: Create, edit, and delete enterprise-level custom roles.

Enterprise Billing Administrator role

The Enterprise Billing Administrator role has the following permissions:

ent-billing-read: Retrieve billing details for the enterprise.

To allow a user to manage billing for specific organizations in your enterprise, assign the Billing Administrator role to that user within each relevant organization.
ent-billing-write: (Future functionality) Update billing details for the enterprise.

Enterprise Organization Administrator role

The Enterprise Organization Administrator role has the following permissions:

ent-org-manage: Create an organization under your enterprise.

To delete an organization, you must be the Organization Administrator for that organization.

Manage your enterprise

Enterprise settings

Get your enterprise ID

Edit the enterprise name

Enterprise application tokens

Create enterprise tokens

Get a list of enterprise tokens

Revoke enterprise tokens

Create organization application tokens

Enterprise organizations

Add an organization to your enterprise

Transfer an organization

Create an organization

Delete an organization

Edit organization settings

Enterprise billing and usage

Manage payment methods and view bills

Download an organization usage report

Download an enterprise usage report

Get usage for the current month

Get usage for a specific time range

Enterprise users and roles

Manage enterprise users

Manage enterprise roles

Enterprise Administrator role

Enterprise Billing Administrator role

Enterprise Organization Administrator role

See also

Was this helpful?

Give Feedback