Platform Permissions

This page provides a reference to the role permissions available in the Delinea Platform.

Miscellaneous Permissions

Permission Name

Description

Permission String

Add Engine

Create a new engine.

delinea.enginepool/engine/create

Administer Analytics

View and edit the settings for analytics.

delinea.analytics/settings/administer

Administer Audit Data Retention

Manage audit data retention, such as editing and running now. This permission does not automatically come with the Administrator role.

delinea.insights/administration/dataretention/administer

Administer Discovery

View and import computers and accounts that are found by Discovery.

delinea.discovery/discovery/administer

Administer Inbox

Administer notification settings for the inbox.

delinea.inbox/inbox/administer

Administer Licenses

View, edit, install, and delete licenses.

delinea.license/administration/licenses/administer

Administer Session Recording Configuration

View and edit session recording settings on the Session Recording tab of Configuration settings. (Formerly also known as Administer Session Recordings.)

delinea.audit/administration/sessionrecording/manage

Approve Registration

Approve a registration.

delinea.registration/registration/approve

Approve Via DUO Push

Approve access requests via Duo push notifications. Administrators do not have this permission by default.

delinea.inbox/duo/requestaccess/approve

Create a Site

Create a new site.

delinea.enginepool/site/create

Create Command Group

Create command groups.

delinea.policy/commandgroups/create

Create Granular Command

Create granular commands.

delinea.policy/commands/create

Create Policy

Create policies.

delinea.policy/policies/create

Create Registration Code

Create a registration code.

delinea.registration/registrationcode/create

Delete a Site

Delete a site.

delinea.enginepool/site/delete

Delete Command Group

Delete command groups.

delinea.policy/commandgroups/delete

Delete Engine

Delete an engine.

delinea.enginepool/engine/delete

Delete Granular Command

Delete granular commands.

delinea.policy/commands/delete

Delete Policy

Delete policies.

delinea.policy/policies/delete

Edit Command Group

Edit command groups.

delinea.policy/commandgroups/update

Edit Granular Command

Edit granular commands.

delinea.policy/commands/update

Edit Policy

Edit policies.

delinea.policy/policies/update

Enable Policy

Enable policies.

delinea.policy/policies/enable

Generate a Device Code

Generate a device code.

delinea.registration/devicecode/generate

List Engines

View summary information about all engines.

delinea.enginepool/engine/list

List Registration Codes

View summary information about all registration codes.

delinea.registration/registrationcode/list

List Registrations

View summary information about all registrations for a registration code.

delinea.registration/registrationcode/registration/list

List Sites

See and choose sites through the platform UI, such as in a dropdown list of sites in the PRA setup page. This permission does not grant the ability to view and modify sites through the Engine Management page. For that, the Manage Sites permission is required.

delinea.enginepool/site/list

List Workload Definitions

View summary information about all workload definitions.

delinea.registration/workloaddefinition/list

Manage All Collections

Manage all collections in the tenant.

delinea.platform/collections/manage

Manage Entitlements

Manage entitlement assignments in access.

delinea.platform/access/entitlements/manage

Manage Sites

View summary information about all sites and make changes.

delinea.enginepool/site/manage

Manage Webhooks Manage webhooks. delinea.platform/webhooks/manage

Read Another Users Profile Settings

Read other users' profile settings (such as the profile image).

delinea.platform/userprofile/manage/read

Register a Workload

Register a Workload with a registration code.

delinea.registration/registrationcode/register

Retrieve a Managed Application Registration

Retrieve a managed application registration.

delinea.registration/registration/managedapplication/retrieve

Retrieve a Registration

Read detailed information (including sensitive information) about individual registrations.

delinea.registration/registration/read

Retrieve Registration Code

Read detailed information (including sensitive information) about individual registration codes.

delinea.registration/registrationcode/read

Retrieve Workload Definition

Read detailed information (including sensitive information) about individual workload definitions.

delinea.registration/workloaddefinition/read

Update a Site

Edit a site.

delinea.enginepool/site/update

Update Another Users Profile Settings

Update other users' profile settings (such as the profile image).

delinea.platform/userprofile/manage/update

Update Engine

Edit an engine.

delinea.enginepool/engine/update

View All Collections

View all collections in the tenant.

delinea.platform/collections/read

View All Computers

The user can view all computers that the user is permitted to access in the tenant.

delinea.assets/computer/view

View Analytics

View, but not edit, settings for analytics.

delinea.analytics/settings/read

View Audit Data Retention

View retained audit data. This permission does not automatically come with the Administrator role.

delinea.insights/administration/dataretention/read

View Command Group

View command groups.

delinea.policy/commandgroups/read

View Discovery

View, but not edit, computers and accounts that are found by Discovery.

delinea.discovery/discovery/read

View Engine

Read detailed information about an engine.

delinea.enginepool/engine/read

View Granular Command

View granular commands.

delinea.policy/commands/read

View licenses

View, but not edit, the licenses in the system.

delinea.license/administration/licenses/read

View Policy

View policies.

delinea.policy/policies/read

View Session Recording Configuration

View session recording settings on the Session Recording tab of Configuration settings.

delinea.audit/administration/sessionrecording/read

View Session Recording Comments

Read comments in session recording.

delinea.platform/audit/sessionrecording/comment/read

View Session Recordings

View active launcher sessions.

delinea.audit/sessionrecording/readall

View Site

Read detailed information about a site. (Formerly Retrieve Site.)

delinea.enginepool/site/read

Administration Permissions

Permission Name

Description

Permission String

Activate PRA Engine

Activate Privileged Remote Access engine.

delinea.platform/administration/remoteaccess/engine/activate

Add Federation Profile

Add a federation profile.

delinea.platform/administration/federation/profile/create

Add Group Role Assignment

Assign groups to roles.

delinea.platform/administration/groups/roleassignment/create

Add PRA Engine

Add Privileged Remote Access engine.

delinea.platform/administration/remoteaccess/engine/create

Add Roles

Add roles.

delinea.platform/administration/roles/create

Add Secret Server On Premises Templates

Add Secret Server On Premises templates. (Formerly Add Secret Server Templates.)

delinea.platform/administration/remoteaccess/secrettemplate/create

Add User Role Assignments

Assign users to roles.

delinea.platform/administration/users/roleassignment/create

Configure Secret Server On Premises integration

Configure Secret Server On Premises integration.

delinea.platform/administration/remoteaccess/vault/configure

Create PRA Site

Create a new Remote Access site to install engines.

delinea.platform/administration/remoteaccess/site/create

Delete Federation Profile

Delete a federation profile.

delinea.platform/administration/federation/profile/delete

Delete Group Role Assignment

Remove groups from roles.

delinea.platform/administration/groups/roleassignment/delete

Delete PRA Engine

Delete Privileged Remote Access engine.

delinea.platform/administration/remoteaccess/engine/delete

Delete PRA Site

Delete Privileged Remote Access site.

delinea.platform/administration/remoteaccess/site/delete

Delete Roles

Delete roles.

delinea.platform/administration/roles/delete

Delete Secret Server On Premises Templates

Delete Secret Server On Premises templates. (Formerly Delete Secret Server Templates.)

delinea.platform/administration/remoteaccess/secrettemplate/delete

Delete User Role Assignment

Remove users from roles.

delinea.platform/administration/users/roleassignment/delete

Read Federation Profile

Read federation profiles.

delinea.platform/administration/federation/profile/read

Update Federation Profile

Update a federation profile.

delinea.platform/administration/federation/profile/update

Update PRA Engine

Upgrade Privileged Remote Access engine.

delinea.platform/administration/remoteaccess/engine/update

Update PRA Site

Update Privileged Remote Access site.

delinea.platform/administration/remoteaccess/site/update

Update Roles

Modify roles.

delinea.platform/administration/roles/update

Update Tenant Profile

Edit and update any information under the Tenant Profile page. This permission is not additive, so by only having the "Update Tenant Profile" permission, you do not get the ability to also see the data.

delinea.platform/administration/tenantprofile/update

View Group Role Assignment

View roles assigned to groups.

delinea.platform/administration/groups/roleassignment/read

View Other User/Group Permissions

Read the permissions of other users and groups.

delinea.platform/administration/haspermission/read

View Permissions

Grants a user permission to view permissions .

delinea.platform/administration/permissions/read

View Platform Groups

View platform groups.

delinea.platform/administration/groups/read

View Platform Users

View platform users.

delinea.platform/administration/users/read

View PRA Engine

View Privileged Remote Access engine.

delinea.platform/administration/remoteaccess/engine/read

View PRA Site

View Privileged Remote Access Site.

delinea.platform/administration/remoteaccess/site/read

View Roles

View roles.

delinea.platform/administration/roles/read

View Tenant Profile

View tenant profile.

delinea.platform/administration/tenantprofile/read

View Secret Server On Premises Integration

View Secret Server On-Premises integration. (Formerly View Secret Server integration.)

delinea.platform/administration/remoteaccess/vault/read

View Secret Server On Premises Templates

View Secret Server On-Premises templates. (Formerly View Secret Server Templates.)

delinea.platform/administration/remoteaccess/secrettemplate/read

View User Role Assignments

View roles assigned to users.

delinea.platform/administration/users/roleassignment/read

Behavioral Analytics Permissions

Permission Name

Description

Permission String

Create Behavioral Analytics Notes

Create behavioral analytics notes.

delinea.platform/analytics/notes/create

Create Behavioral Analytics Settings

Create behavioral analytics settings.

delinea.platform/analytics/settings/create

Delete Behavioral Analytics Notes

Delete behavioral analytics notes.

delinea.platform/analytics/notes/delete

Delete Behavioral Analytics Settings

Delete behavioral analytics events.

delinea.platform/analytics/settings/delete

Manage Behavioral Analytics

Manage behavioral analytics settings.

delinea.platform/analytics/settings/manage

Update Behavioral Analytics Alerts

Update behavioral analytics alerts.

delinea.platform/analytics/alerts/update

Update Behavioral Analytics Notes

Update behavioral analytics notes.

delinea.platform/analytics/notes/update

Update Behavioral Analytics Settings

Update behavioral analytics settings.

delinea.platform/analytics/settings/update

View Behavioral Analytics

View the Behavioral Analytics page (Insights > Behavioral Analytics).

delinea.platform/analytics/read

View Behavioral Analytics Alerts

View behavioral analytics alerts.

delinea.platform/analytics/alerts/read

View Behavioral Analytics Events

View behavioral analytics events.

delinea.platform/analytics/events/read

View Behavioral Analytics Notes

View behavioral analytics notes.

delinea.platform/analytics/notes/read

View Behavioral Analytics Settings

View behavioral analytics settings.

delinea.platform/analytics/settings/read

Platform Audit Permissions

Permission Name

Description

Permission String

Add Session Recording Comments

Write comments in session recording. (Formerly Write Session Recording Comments.)

delinea.platform/audit/sessionrecording/comment/write

Modify Session Recording AIDA Settings

Access AIDA setting page.

delinea.platform/audit/sessionrecording/aida/settings

Read Audit events

Read all administrative and privileged activity events.

delinea.platform/audit/event/read

Read Own Audit events

Grants a user permission to read their own administrative and privileged activity events.

delinea.platform/audit/event/own/read

View AIDA results

Read AIDA results in session recording.

delinea.platform/audit/sessionrecording/aida/read

View Authorized Session Recordings

Grants a user permission to vew all authorized session recordings. (Formerly View All Session Recordings or View Session Recordings UI.)

delinea.platform/audit/sessionrecording/admin/read

View Own Session Recordings

Grants a user permission to open and view their personal session recordings.

delinea.platform/audit/sessionrecording/own/read

View Session Recording Comments

Read comments in session recording.

delinea.platform/audit/sessionrecording/comment/read

Delinea Expert Permissions

Permission Name

Description

Permission String

Access Delinea Expert

Chat with Delinea Expert.

delinea.platform/gpt/conversation/create

Configure Delinea Expert

Configure Delinea Expert.

delinea.platform/gpt/conversation/configure

Posture Check Permissions

Permission Name

Description

Permission String

Manage Checks

Manage posture checks.

delinea.platform/checks/manage

View Checks

View posture checks.

delinea.platform/checks/view

Identity Permissions

Permission Name

Description

Permission String

Administer RADIUS Server Configuration

Manage RADIUS client settings.

delinea.platform/identity/radius/administer

Manage Identity settings

Manage all Identity-related settings such as users, groups, policies, and more.

delinea.platform/identity/admin/manage

View Identity settings

View Identity-related settings such as users, groups, policies, and more.

delinea.platform/identity/admin/read

View RADIUS Server Configuration

View RADIUS client settings.

delinea.platform/identity/radius/read

Inventories Permissions

Permission Name

Description

Permission String

View Inventory

View inventories in the navigation menu.

delinea.platform/inventory/view

Analytics Management Permissions

Permission Name

Description

Permission String

Create Active Directory entities

Create Active directory entities.

delinea.platform/itp/activedirectory/create

Marketplace Permissions

Permission Name

Description

Permission String

Customize Marketplace Integration View

Customize Marketplace integration view.

delinea.platform/marketplace/integrationview/update

View Marketplace

Show Marketplace to the user.

delinea.platform/marketplace/read

View Marketplace Download Center

Show Marketplace Download Center to the user. (Formerly View Download Center.)

delinea.platform/marketplace/downloadcenter/read

View Subscriptions

View subscriptions in Marketplace.

delinea.platform/marketplace/subscriptions/read

Remote Access Permissions

Permission Name

Description

Permission String

Close PRA session

Close a Privileged Remote Access session.

delinea.platform/remoteaccess/sessions/end

Create Remote Applications

Create remote applications.

delinea.platform/remoteaccess/remoteapplication/create

Create Web Application

Create Web application.

delinea.platform/remoteaccess/webapplication/create

Delete Remote Applications

Delete remote applications.

delinea.platform/remoteaccess/remoteapplication/delete

Delete Web Application

Delete web application.

delinea.platform/remoteaccess/webapplication/delete

Download files with PRA

Download a file from the target system during a remote access session.

delinea.platform/remoteaccess/filetransfer/download

Launch PRA Session

Launch a Privileged Remote Access session.

delinea.platform/remoteaccess/session/launch

Launch Web Application

Launch web application.

delinea.platform/remoteaccess/webapplication/launch

Read Remote Applications

Read remote applications.

delinea.platform/remoteaccess/remoteapplication/read

Read Web Applications

Read web applications.

delinea.platform/remoteaccess/webapplication/read

Update PRA Configuration

Update Privileged Remote Access Configuration.

delinea.platform/remoteaccess/configuration/update

Update Remote Applications

Update remote applications.

delinea.platform/remoteaccess/remoteapplication/update

Update Web Application

Update web application.

delinea.platform/remoteaccess/webapplication/update

Upload files with PRA

Upload a file to the target system during a remote access session.

delinea.platform/remoteaccess/filetransfer/upload

View PRA Configuration

View Privileged Remote Access Configuration.

delinea.platform/remoteaccess/configuration/read

View Secrets

Vew Secrets to launch Privileged Remote Access sessions.

delinea.platform/remoteaccess/secret/read

Vaultbroker Configuration Permissions

Permission Name

Description

Permission String

Allow creating vaultbroker connection information

Create the vaultbroker connection information. Still requires an admin to log into SecretServer first and configure the platform configuration.

delinea.platform/vaultbroker/vault/create

Allow editing vaultbroker connection information

Modify the vaultbroker connection information.

delinea.platform/vaultbroker/vault/update

Secret Server Permissions

Permission Name

Description

Permission String

Access Offline Secrets on Mobile

User can cache their secrets in the Secret Server mobile application for offline use. This permission does not automatically come with the Administrator role.

delinea.vault/secretserver/secret/mobile/offlinesecrets/allow

Add Custom Audit Entry for Secrets

Make a custom audit entry when accessing a secret using the web services API.

delinea.vault/secretserver/secret/customaudit/create

Add Secret

Create new secrets. The Add permission no longer includes the role permission View Secret.

delinea.vault/secretserver/secret/create

Add Users or Groups From Identity

Search for users and groups from Identity sources and add those users or groups to Secret Server.

delinea.vault/secretserver/administration/identity/usersandgroups/add

Administer Analytics Challenge

Allows user to be challenged by analytics if their behavior deviates from their normal behavior and meets requirements specified by analytics. Administrators do not have this permission by default.

delinea.vault/secretserver/administration/securityanalytics/accesschallenge/allow

Administer Application Accounts in Secret Server

Create application user accounts to be used exclusively for accessing Secret Server via the API. Formerly Create Application Account.

delinea.vault/secretserver/administration/users/applicationaccounts/create

Administer Auto Export

Do everything the other automatic export permissions allow and edit the automatic export configuration.

delinea.vault/secretserver/administration/autoexport/administer

Administer Custom Columns on Secret Templates

Enable the Expose for Display setting of a secret's template field to make it available for use in Dashboard custom columns.

delinea.vault/secretserver/administration/secrettemplate/customcolumns/administer

Administer Custom Password Requirements

View and edit custom password requirements that can be configured under the Security tab for individual secrets.

delinea.vault/secretserver/administration/passwordrequirements/custom/administer

Administer Devops Secret Vault Tenants

Add, remove, and edit DSV tenants that automatically synchronize with Secret Server on a schedule.

delinea.vault/secretserver/administration/devopssecretvault/tenants/administer

Administer Disaster Recovery

Configure instances as data sources or replicas for disaster recovery; initiate or test data replication and view related logs and audits.

delinea.vault/secretserver/administration/disasterrecovery/administer

Administer Distributed Engine Configuration

Update the Distributed Engine configuration.

delinea.vault/secretserver/administration/distributedengine/administer

Administer DoubleLock Keys

View, edit, create, and disable DoubleLock keys. A DoubleLock key acts as a separate encryption key to protect your most sensitive secrets. This option allows users to access and use the DoubleLocks link on the Administration page.

delinea.vault/secretserver/administration/doublelockkeys/administer

Administer Dual Control Settings

View, edit, create, and disable Dual Control settings for reports and recorded sessions.

delinea.vault/secretserver/administration/dualcontrol/administer

Administer Event Subscriptions

View, edit, and create event subscriptions.

delinea.vault/secretserver/administration/eventsubscriptions/administer

Administer Export

View the export log and export secrets to which they have access to a clear text, CSV file.

delinea.vault/secretserver/administration/export/administer

Administer HSM Configuration

Change configuration or disable the use of a Hardware Security Module (HSM).

delinea.vault/secretserver/administration/hsm/administer

Administer Jumpbox

Create, edit, or deactivate jump server routes.

delinea.vault/secretserver/administration/jumpboxroutes/administer

Administer Key Management

Enable, change, or disable the Key Management (Secret Server Cloud only).

Delinea.vault/secretserver/administration/keymanagement/administer

Administer Platform Integration

Manage the Secret Server connection to the Delinea Platform.

delinea.vault/secretserver/administration/platformintegration/administer

Administer Platform Migration

Manage the Secret Server migration to the Delinea Platform.

delinea.platform/identity/radius/administer

Administer Remote Password Changing Settings

Turn Heartbeat and Remote Password Changing on and off globally. Also allows users to create new password changers and install password changing agents on remote machines.

delinea.vault/secretserver/administration/remotepasswordchanging/administer

Administer SSH Cipher Suite

View and edit the SSH Cipher Suite.

delinea.vault/secretserver/administration/sshciphersuite/administer

Administer SSH Menus

Create and edit SSH Menus, used in allowlisting commands that can be used on a SSH session.

delinea.vault/secretserver/administration/sshmenus/administer

Administer Secret Encryption Key Rotation

Start a process that rotates the Secret encryption keys.

delinea.vault/secretserver/administration/encryptionkeys/rotate

Administer Secret Policy

Create and edit Secret Policies.

delinea.vault/secretserver/administration/secretpolicy/administer

Administer Secret Server Configuration

View and edit general configuration options. For example, a user with this role permission can turn on Force HTTPS/SSL and disable Allow Remember Me.

delinea.vault/secretserver/administration/configuration/administer

Administer Secret Server Data

Manage metadata fields and sections added to secrets and users in Secret Server.

delinea.vault/secretserver/administration/metadata/administer

Administer Secret Server Folders

View, edit, create, move, and delete folders. Users still need the relevant view, edit, and owner permissions on the folders to perform these tasks.

delinea.vault/secretserver/administration/folders/administer

Administer Secret Server Lists

Add, remove, and modify lists and list contents in Admin > Lists.

delinea.vault/secretserver/administration/lists/administer

Administer Secret Server Maintenance

Administer Secret Server maintenance.

delinea.vault/secretserver/administration/maintenancemode/administer

Administer Secret Server Password Requirements

View and edit character sets and password requirements.

delinea.vault/secretserver/administration/passwordrequirements/administer

Administer Secret Server Pipelines

Create, edit, and remove event pipelines and event pipeline policies.

delinea.vault/secretserver/administration/pipelines/administer

Administer Secret Server Reports

View, edit, delete, and create reports. Also allows users to customize report categories.

delinea.vault/secretserver/administration/reports/administer

Administer Secret Server Scripts

View, edit, and add PowerShell, SQL, and SSH scripts on the Scripts Administration page.

delinea.vault/secretserver/administration/scripts/administer

Administer Secret Server Security Configuration

View and edit security configuration options in Secret Server. Currently, these include enabling FIPS compliance mode and protecting the encryption key. Formerly Administer Security Configuration.

delinea.vault/secretserver/administration/securityconfiguration/administer

Administer Secret Server SSH Proxy Configuration

View and edit SSH Proxy settings.

delinea.vault/secretserver/administration/proxyingconfiguration/administer

Administer Secret Server System Logs

View and clear the System Log, which shows general diagnostics information for Secret Server.

delinea.vault/secretserver/administration/systemlog/administer

Administer Secret Server Teams

Create, delete, and view all teams.

delinea.vault/secretserver/administration/teams/administer

Administer Secret Templates

View, edit, disable, and create secret templates.

delinea.vault/secretserver/administration/secrettemplate/administer

Administer Workflows

Manage workflows (advanced access management).

delinea.vault/secretserver/administration/workflows/administer

Advanced Import

Import secrets from an XML file. Users with the this permission can import groups, folders, site connectors, sites, and secret templates, without having to create a secret. Users must have the Secret Server permissions needed for the objects listed in the XML.

delinea.vault/secretserver/administration/import/advancedimport/allow

Allow List Secret Access For Assigning Policy

Users with list access to a secret can assign policies. Users need the view permission if they do not have this one.

delinea.vault/secretserver/administration/secretpolicy/listsecretaccessforassigningpolicy/allow

Assign Secret Policy

Assign Secret Policies to folders and secrets.

delinea.vault/secretserver/secretpolicy/assign

Assign Secret Server Pipelines

Assign an event pipeline policy to secret policies, or folders.

delinea.vault/secretserver/administration/pipelines/assign

Audit Secret Server Session Recordings

Users with at least List Access permission on a secret can access the session recording of the secret. Administrators do not have this permission by default.

delinea.vault/secretserver/secret/sessionrecording/auditor

Browse Secret Server Reports

Access reports restricted by permissions. Permissions are configurable at the category and report levels and share a similar inheritance model to secrets and folders. You can define users or groups with view or edit permissions for each category or report.

delinea.vault/secretserver/administration/reports/browse

Bypass Direct API Authentication Restriction

Ignore the PreventDirectApiAuthentication advanced setting and log in through the API with a non-application account

delinea.vault/secretserver/user/directapiauthenticationrestriction/bypass

Bypass SAML Login

Log in with local account without using SAML (Secret Server specific).

delinea.vault/secretserver/user/samllogin/bypass

Copy Secret

Copy secrets when the user also has Own Secret role permission.

delinea.vault/secretserver/secret/copy

Create External Vault Links

Link external vaults in Secret Server.

delinea.vault/secretserver/externalvault/create

Create Root Folders in Secret Server

Create new folders at the root level of the folder structure.

delinea.vault/secretserver/administration/folders/rootfolders/create

Deactivate Secret

Mark secrets as deactivated.

delinea.vault/secretserver/secret/deactivate

Deactivate a Secret within a Report

Run the Delete Secrets action from a report.

delinea.vault/secretserver/administration/reports/secretfromreport/deactivate

Download Auto Export

View all automatic export tabs and download exports from cloud storage (Secret Server Cloud only).

delinea.vault/secretserver/administration/autoexport/download

Edit Secret

Without this permission, a user cannot edit secrets, regardless of the secret permission.

delinea.vault/secretserver/secret/update

Enable Unlimited Administrator in Secret Server

Turn on Unlimited Admin Mode. When this mode is enabled, users with the Unlimited Administrator role permission can view and edit all secrets in the system, regardless of permissions. You can assign Enable Unlimited Administrator in Secret Server to one user and Unlimited Administrator to another user. This would require one user to turn on the mode, which enables another user to view and edit secrets.

delinea.vault/secretserver/administration/unlimitedadmin/administer

Erase Secret

Permanently erase a secret (as opposed to deactivate a secret, which is reversible).

delinea.vault/secretserver/secret/delete

Expire Secrets from Reports

Expire secrets listed in a report.

delinea.vault/secretserver/administration/reports/secretsfromreport/expire

Launch Secret in Secret Server

Launch a secret. Previously, a user could launch a secret if their user role had the View Secret permission. As of Version 11.5, a user needs this permission to launch. A user will also need the Secret Launch Remote Access (Platform) permission to be able to launch.

delinea.vault/secretserver/secret/launch

Own Secret

Perform advanced tasks on secrets the user “owns,” such as configuring expiration schedules, configuring the web launcher, converting secret template, and copying secrets.

delinea.vault/secretserver/secret/own

Personal Folder in Secret Server

Have personal folder when the global personal folders configuration options is enabled.

delinea.vault/secretserver/user/personalfolder/allow

Run Auto Export

View all automatic export tabs and run the export manually by clicking the Run Export button.

delinea.vault/secretserver/administration/autoexport/run

Run Disaster Recovery Replication

Initiate or test data replication.

delinea.vault/secretserver/administration/disasterrecovery/datareplication/run

Run Secret Server Scripts

Separates privileges in script management. Holders of the View Scripts role permission cannot execute test runs of scripts, and this permission must be assigned to perform this task.

delinea.vault/secretserver/administration/scripts/run

Secret Force Check In

Force a secret that is checked out by another user to be checked in.

delinea.vault/secretserver/secret/checkin/override

Secret Server Web Services Impersonate

Send an approval request to act as another user within their organization when accessing Secret Server programmatically. Administrators do not have this permission by default.

delinea.vault/secretserver/user/impersonatewebservices/allow

Unlimited Administrator in Secret Server

View and edit all secrets in the system, regardless of permissions, when Unlimited Admin Mode is on. Another user with the Enable Unlimited Administrator in Secret Server role permission still needs to turn this mode on.

delinea.vault/secretserver/administration/unlimitedadmin/unlimitedadministrator

Unrestricted by Teams in Secret Server

View all users, groups, and sites, regardless of team affiliation. Essentially, teams do not exist for the users with this permission, and the Teams page is not available to them. The default user role has this permission.

delinea.vault/secretserver/user/unrestrictedbyteams/allow

User Audit Expire Secrets

View the User Audit report, which shows all secrets accessed by a particular user in a specified date range. Also allows the user to force expiration on all these secrets, which would make Secret Server automatically change the password.

delinea.vault/secretserver/administration/useraudit/expiresecrets

View Advanced Secret Options

View the Remote Password Changing, Security, and Dependency tabs on a Secret they have access to.

delinea.vault/secretserver/secret/advancedoptions/read

View Auto Export

View all automatic export tabs.

delinea.vault/secretserver/administration/autoexport/read

View Devops Secret Vault Tenants

View (not edit) the DSV tenants set to synchronize with Secret Server.

delinea.vault/secretserver/administration/devopssecretvault/tenants/read

View Disaster Recovery

View configuration, logs and audits for Disaster Recovery.

delinea.vault/secretserver/administration/disasterrecovery/read

View Distributed Engine Configuration

View the Distributed Engine configuration.

delinea.vault/secretserver/administration/distributedengine/read

View DoubleLock Keys

View which DoubleLock keys exist in the system.

delinea.vault/secretserver/administration/doublelockkeys/read

View Dual Control Settings

View configured Dual Control settings for reports and secret sessions.

delinea.vault/secretserver/administration/dualcontrol/read

View Enterprise Objects

View user and secret metadata.

delinea.vault/secretserver/administration/enterpriseobjects/read

View Event Subscriptions

View event subscriptions.

delinea.vault/secretserver/administration/eventsubscriptions/read

View Export

View the export log of the system to see when users exported secrets. Does not allow a user to export.

delinea.vault/secretserver/administration/export/read

View External Vaults

View external vaults in Secret Server.

delinea.vault/secretserver/externalvault/read

View HSM Configuration

View the Hardware Security Module (HSM) configuration settings.

delinea.vault/secretserver/administration/hsm/read

View Inactive Secrets

View secrets that have been deleted in the system.

delinea.vault/secretserver/secret/inactivesecrets/read

View Jumpbox

View the details of all jump server routes in the Admin Jumpbox Route page but not make any changes.

delinea.vault/secretserver/administration/jumpboxroutes/read

View Key Management

View the Key Management settings (Secret Server Cloud only).

delinea.vault/secretserver/administration/keymanagement/read

View Launcher Password on Secrets

Unmask the password on the view screen of secrets with a launcher. Typically, this includes Web Passwords, Active Directory accounts, Local Windows accounts, and Linux accounts.

delinea.vault/secretserver/secret/launcherpassword/read

View Platform Integration

View the Secret Server connection to the Delinea Platform.

delinea.vault/secretserver/administration/platformintegration/read

View Remote Password Changing Settings

View, but not edit, heartbeat and remote password changing settings.

delinea.vault/secretserver/administration/remotepasswordchanging/read

View SSH Cipher Suite

View (only) the SSH Cipher Suite.

delinea.vault/secretserver/administration/sshciphersuite/read

View SSH Menus

View existing SSH menus, used in allow-listing commands that can be used on a SSH session.

delinea.vault/secretserver/administration/sshmenus/read

View Secret

View secret. Without this permission, a user cannot view secrets, regardless of the secret permission.

delinea.vault/secretserver/secret/read

View Secret Audit

View Secret Audit.

delinea.vault/secretserver/secret/audit/read

View Secret Password and Private Key History

View the history of passwords, private keys, or passphrases in both old and new UI.

delinea.vault/secretserver/secret/passwordandprivatekeyhistory/read

View Secret Policy

View, but not edit, secret policies.

delinea.vault/secretserver/administration/secretpolicy/read

View Secret Server Advanced Dashboard

View advanced dashboard. Without this permission, users can only view the basic dashboard.

delinea.vault/secretserver/user/advanceddashboard/read

View Secret Server Configuration

View, but not edit, general configuration settings.

delinea.vault/secretserver/administration/configuration/read

View Secret Server Folders

View, but not edit, folders in the system.

delinea.vault/secretserver/administration/folders/read

View Secret Server Lists

View lists and list contents in Admin > Lists.

delinea.vault/secretserver/administration/lists/read

View Secret Server Password Requirements

View character sets and password requirements.

delinea.vault/secretserver/administration/passwordrequirements/read

View Secret Server Pipelines

View event pipeline policies and policy activities.

Delinea.vault/secretserver/administration/pipelines/read

View Secret Server Reports

View, but not edit, reports.

delinea.vault/secretserver/administration/reports/read

View Secret Server Scripts

View PowerShell, SQL, and SSH scripts on the Scripts Administration page.

delinea.vault/secretserver/administration/scripts/read

View Secret Server Security Configuration

View the security configuration of Secret Server. Formerly View Security Configuration.

delinea.vault/secretserver/administration/securityconfiguration/read

View Secret Server Security Hardening Report

View the Security Hardening Report.

delinea.vault/secretserver/administration/securityhardeningreport/read

View Secret Server Session Recording Audit

See who has viewed a session recording in the secret audit.

delinea.vault/secretserver/administration/sessionrecording/audit/read

View Secret Server SSH Proxy Configuration

View, but not edit, SSH Proxy settings.

delinea.vault/secretserver/administration/proxyingconfiguration/read

View Secret Server System Logs

View (only) the System Log, which shows general diagnostics information for Secret Server.

delinea.vault/secretserver/administration/systemlog/read

View Secret Server Teams

View all teams. This is essentially a read-only Administer Teams.

delinea.vault/secretserver/administration/teams/read

View Secret Server Templates

View, but not edit, Secret Templates.

delinea.vault/secretserver/administration/secrettemplate/read

View Secret Session Recording

View recorded sessions within Secret Server.

delinea.vault/secretserver/administration/sessionrecording/read

View Unlimited Administrator Audit

View the Unlimited Admin Mode configuration and the Unlimited Admin Mode audit log. Formerly View Unlimited Admin Configuration.

delinea.vault/secretserver/administration/unlimitedadmin/read

View User Audit Report

View, but not edit, the User Audit Report.

delinea.vault/secretserver/administration/useraudit/report/read

View Workflows

View, but not edit, workflows used for multi-tier secret-access approvals and secret erase requests.

delinea.vault/secretserver/administration/workflows/read