PRA Permissions and Roles

Remote Access Service (RAS) is now Privileged Remote Access (PRA)

The table below describes each permission available with PRA .

Permissions	Description	Permission List
Launch PRA Session	Launch a remote session. Needed to use PRA .	delinea.platform/remoteaccess/session/launch
View Secrets	View the secrets in the Remote Access page. Applicable only for On-Prem Secret Server customers. Needed to use PRA .	delinea.platform/remoteaccess/secret/read
View PRA Engine	View the UI of a Remote Access engine.	delinea.platform/administration/remoteaccess/engine/read
Activate PRA Engine	Activate an engine to access and connect to your remote systems through a site and engine	delinea.platform/administration/remoteaccess/engine/activate
Add PRA Engine	Add an additional Remote Access engine to connect to remote systems.	delinea.platform/administration/remoteaccess/engine/create
Delete PRA Engine	Remove a Remote Access Engine from the server via automated uninstall or manually.	delinea.platform/administration/remoteaccess/engine/delete
Update PRA Engine	Deploy the latest updates to your Remote Access engines.	delinea.platform/administration/remoteaccess/engine/update
Create PRA Site	Create a new Remote Access site.	delinea.platform/administration/remoteaccess/site/create
Delete PRA Site	Remove a Remote Access site.	delinea.platform/administration/remoteaccess/site/delete
View PRA Site	View Remote Access site details.	delinea.platform/administration/remoteaccess/site/read
Update PRA Site	Rename a Remote Access Site.	delinea.platform/administration/remoteaccess/site/update
Upload Files	This permission enables the user to upload a file to the target system during the remote access session.	delinea.platform/remoteaccess/filetransfer/upload
Download Files	This permission enables the user to download a file from the target system during the remote access session.	delinea.platform/remoteaccess/filetransfer/download

Permissions Applicable Only for Secret Server On-Premises

Permission	Description	Permission List
Add Secret Server On Premises Templates	Can add Secret Server On Premises templates	delinea.platform/administration/remoteaccess/secrettemplate/create
Configure Secret Server On Premises integration	Can configure Secret Server On Premises integration	delinea.platform/administration/remoteaccess/vault/configure
Delete Secret Server On Premises Templates	Can delete Secret Server On Premises templates	delinea.platform/administration/remoteaccess/secrettemplate/delete
View Secret Server On Premises Templates	Can view Secret Server On Premises templates	delinea.platform/administration/remoteaccess/secrettemplate/read
View Secret Server On Premises integration	Can view Secret Server On Premises integration	delinea.platform/administration/remoteaccess/vault/read

RemoteApp Permissions

Permission	Description	Permission List
Read Remote Applications	Can read remote applications	delinea.platform/remoteaccess/remoteapplication/read
Create Remote Applications	Can create remote applications	delinea.platform/remoteaccess/remoteapplication/create
Update Remote Applications	Can update remote applications	delinea.platform/remoteaccess/remoteapplication/update
Delete Remote Applications	Can delete remote applications	delinea.platform/remoteaccess/remoteapplication/delete

Permissions From Other Delinea Platform Services

Permission	Description	Permission List
Secret Launch Remote Access (Platform)	If your platform tenant does NOT have unified roles and permissions, then PRA users will need to be granted this permission in Secret Server. (Learn more). Note that built-in RDP or SSH launchers must be enabled on a secret’s template in Secret Server for the PRA launch link to be displayed.
List Sites	View list of engine sites needed to allow users to select a site when connecting to a target machine.	delinea.enginepool/site/list

Permission

Description

Permission List

Secret Launch Remote Access (Platform)

If your platform tenant does NOT have unified roles and permissions, then PRA users will need to be granted this permission in Secret Server. (Learn more).

Note that built-in RDP or SSH launchers must be enabled on a secret’s template in Secret Server for the PRA launch link to be displayed.

List Sites

View list of engine sites needed to allow users to select a site when connecting to a target machine.

delinea.enginepool/site/list