ITP-PCCE Permissions

The following ITP workload permissions are required for the workload to read data from Active Directory and for you to make the best use of ITP on the Delinea Platform. All these permissions, except as otherwise noted, are automatically granted through the Platform Admin role when ITP is enabled for your tenant.

For the complete list of platform permissions, see Platform Permissions.

Administration

  • ITDR Global Admin - Administer the ITDR Platform.

Inventories

  • View ITP Inventories - View all ITP inventory pages.

Collections

  • View All Collections - Use the Collections page to view all collections in the tenant.

  • Manage All Collections - Manage, edit, and create all collections in the tenant.

Alerts

  • View Alerts - View list of alerts in the alerts page. View only.

  • Manage Alerts - View and control alerts settings in the Alerts Setting and Risk Analysis pages.

  • Update Alerts - Mark alerts as false positive.

Cases

  • View Cases - Cases page - view security cases.

  • Manage Cases - Manage security case page, view and update including changing severity and automated response.

  • Update Cases - Use close/open button to close or re-open security cases. Change severity of case.

Checks

  • View Checks - View list of checks in checks page and apps overview. View only.

  • Manage Checks - Manage posture checks. Disable a check, exclude entities and update severity.

Identity Merging

  • Manage Identity Merging Settings - Identity merging setting (full page, and per identity/account).

Risk Analysis

  • Manage Risk Analysis Settings - View risk configuration page and update it.

Reports

  • View Reports - View reports page and download reports.

  • Manage Reports - Create a new report. Manage reports.

  • Read All Secret Names - The names of all secrets can be exposed in alerts and reports, regardless of the user's object-level access. The permission is not meant to enable individual user actions, but so that alerts and reports generated through ITP or Analytics can list a secret by name rather than only by ID. This improves readability, context, and usability across the platform.

    This permission is not automatically provided with the Platform Admin role.

Iris AI

  • View Iris Auditing Results - Read Iris Auditing results in session recording.