Platform Permissions
|
Permission Name |
Description |
Permission String |
|---|---|---|
|
Access Offline Secrets on Mobile |
User can cache their Secrets in the Secret Server mobile application for offline use. This permission does not automatically come with the Administrator role. |
delinea.vault/secretserver/secret/mobile/offlinesecrets/allow |
|
Activate PRA Engine |
Activate Remote Access OnPrem engine |
delinea.platform/administration/remoteaccess/engine/activate |
|
Add Custom Audit Entry for Secrets |
Make a custom audit entry when accessing a Secret using the web services API. |
delinea.vault/secretserver/secret/customaudit/create |
|
Add Federation Profile |
Add a federation profile |
delinea.platform/administration/federation/profile/create |
|
Add Group Role Assignment |
Assign groups to roles |
delinea.platform/administration/groups/roleassignment/create |
|
Add PRA Engine |
Add Remote Access OnPrem engine |
delinea.platform/administration/remoteaccess/engine/create |
|
Add Roles |
Add roles |
delinea.platform/administration/roles/create |
|
Add Secret |
Create new Secrets. The Add permission no longer includes the role permission, View Secret. |
delinea.vault/secretserver/secret/create |
|
Add Secret Server Templates |
Add Secret Server templates |
delinea.platform/administration/remoteaccess/secrettemplate/create |
|
Add User Role Assignments |
Assign users to roles |
delinea.platform/administration/users/roleassignment/create |
|
Administer Analytics |
View and edit the settings for analytics. |
delinea.analytics/settings/administer |
|
Administer Analytics Challenge |
Allows user to be challenged by analytics if their behavior deviates from their normal behavior and meets requirements specified by analytics. Administrators do not have this permission by default. |
delinea.vault/secretserver/administration/securityanalytics/accesschallenge/allow |
|
Administer Application Accounts in Secret Server |
Create application user accounts to be used exclusively for accessing Secret Server via the API. Formerly Create Application Account. |
delinea.vault/secretserver/administration/users/applicationaccounts/create |
|
Administer Audit Data Retention |
Manage audit data retention, such as editing and running now. This permission does not automatically come with the Administrator role. |
delinea.insights/administration/dataretention/administer |
|
Administer Auto Export |
Do everything the other automatic export permissions allow and edit the automatic export configuration. |
delinea.vault/secretserver/administration/autoexport/administer |
|
Administer Custom Columns on Secret Templates |
Enable the Expose for Display setting of a Secret template field to make it available for use in Dashboard custom columns |
delinea.vault/secretserver/administration/secrettemplate/customcolumns/administer |
|
Administer Custom Password Requirements |
View and edit custom password requirements that can be configured under the Security tab for individual Secrets. |
delinea.vault/secretserver/administration/passwordrequirements/custom/administer |
|
Administer Devops Secret Vault Tenants |
Add, remove, and edit DSV tenants that automatically synchronize with Secret Server on a schedule. |
delinea.vault/secretserver/administration/devopssecretvault/tenants/administer |
|
Administer Disaster Recovery |
Configure instances as data sources or replicas for Disaster Recovery; initiate or test Data Replication and view related logs and audits. |
delinea.vault/secretserver/administration/disasterrecovery/administer |
|
Administer Discovery |
View and import computers and accounts that are found by Discovery. |
delinea.discovery/discovery/administer |
|
Administer Distributed Engine Configuration |
Update the Distributed Engine configuration. |
delinea.vault/secretserver/administration/distributedengine/administer |
|
Administer DoubleLock Keys |
View, edit, create, and disable DoubleLock keys. A DoubleLock key acts as a separate encryption key to protect your most sensitive secrets. This option allows users to access and use the DoubleLocks link on the Administration page. |
delinea.vault/secretserver/administration/doublelockkeys/administer |
|
Administer Dual Control Settings |
View, edit, create, and disable Dual Control settings for reports and recorded sessions. |
delinea.vault/secretserver/administration/dualcontrol/administer |
|
Administer Event Subscriptions |
View, edit, and create event subscriptions. |
delinea.vault/secretserver/administration/eventsubscriptions/administer |
|
Administer Export |
View the export log AND export Secrets to which they have access to a clear text, CSV file. |
delinea.vault/secretserver/administration/export/administer |
|
Administer Groups |
View, edit, create, and disable groups. Also allows users to assign users to groups and remove users from groups. |
delinea.directory/administration/groups/administer |
|
Administer HSM Configuration |
Change configuration or disable the use of a Hardware Security Module (HSM). |
delinea.vault/secretserver/administration/hsm/administer |
|
Administer Inbox |
Administer notification settings for the inbox. |
delinea.inbox/inbox/administer |
|
Administer IP Addresses |
Create, edit, and delete IP Address Ranges. These ranges are used to restrict certain users to specific IP Addresses. |
delinea.directory/ipaddresses/administer |
|
Administer Jumpbox |
Create, edit, or deactivate jump server routes. |
delinea.vault/secretserver/administration/jumpboxroutes/administer |
|
Administer Key Management |
Enable, change, or disable the Key Management (Secret Server Cloud only). |
Delinea.vault/secretserver/administration/keymanagement/administer |
|
Administer Licenses |
View, edit, install, and delete licenses. |
delinea.license/administration/licenses/administer |
|
Administer Platform Integration |
Manage the Secret Server connection to the Delinea Platform. |
delinea.vault/secretserver/administration/platformintegration/administer |
|
Administer Radius Server Configuration |
Manage radius client settings |
delinea.platform/identity/radius/administer |
|
Administer Remote Password Changing Settings |
Turn Heartbeat and Remote Password Changing on and off globally. Also allows users to create new password changers and install password changing agents on remote machines. |
delinea.vault/secretserver/administration/remotepasswordchanging/administer |
|
Administer Secret Encryption Key Rotation |
Start a process that rotates the Secret encryption keys. |
delinea.vault/secretserver/administration/encryptionkeys/rotate |
|
Administer Secret Policy |
Create and edit Secret Policies. |
delinea.vault/secretserver/administration/secretpolicy/administer |
|
Administer Secret Server Configuration |
View and edit general configuration options. For example, a user with this role permission can turn on Force HTTPS/SSL and disable Allow Remember Me. |
delinea.vault/secretserver/administration/configuration/administer |
|
Administer Secret Server Data |
Manage metadata fields and sections added to secrets and users in Secret Server. |
delinea.vault/secretserver/administration/metadata/administer |
|
Administer Secret Server Folders |
Allows a user to view, edit, create, move, and delete folders. Users still need the relevant view, edit, and owner permissions on the folders to perform these tasks. |
delinea.vault/secretserver/administration/folders/administer |
|
Administer Secret Server Lists |
Add, remove, and modify lists and list contents in Admin > Lists. |
delinea.vault/secretserver/administration/lists/administer |
|
Administer Secret Server Maintenance |
Administer Secret Server Maintenance |
delinea.vault/secretserver/administration/maintenancemode/administer |
|
Administer Secret Server Password Requirements |
View and edit character sets and password requirements. |
delinea.vault/secretserver/administration/passwordrequirements/administer |
|
Administer Secret Server Pipelines |
Create, edit, and remove event pipelines and event pipeline policies. |
delinea.vault/secretserver/administration/pipelines/administer |
|
Administer Secret Server Reports |
View, edit, delete, and create reports. Also allows users to customize report categories. |
delinea.vault/secretserver/administration/reports/administer |
|
Administer Secret Server Scripts |
View, edit, and add PowerShell, SQL, and SSH scripts on the Scripts Administration page. |
delinea.vault/secretserver/administration/scripts/administer |
|
Administer Secret Server Security Configuration |
View and edit security configuration options in Secret Server. Currently, these include enabling FIPS compliance mode and protecting the encryption key. Formerly Administer Security Configuration. |
delinea.vault/secretserver/administration/securityconfiguration/administer |
|
Administer Secret Server SSH Proxy Configuration |
View and edit SSH Proxy settings. |
delinea.vault/secretserver/administration/proxyingconfiguration/administer |
|
Administer Secret Server System Logs |
View and clear the System Log, which shows general diagnostics information for Secret Server. |
delinea.vault/secretserver/administration/systemlog/administer |
|
Administer Secret Server Teams |
Create, delete, and view all teams. |
delinea.vault/secretserver/administration/teams/administer |
|
Administer Secret Templates |
View, edit, disable, and create Secret Templates. |
delinea.vault/secretserver/administration/secrettemplate/administer |
|
Administer Session Recording Configuration |
View and edit session recording settings on the Session Recording tab of Configuration settings. |
delinea.audit/administration/sessionrecording/manage |
|
Administer session recordings |
View and terminate active launcher sessions. |
delinea.audit/administration/sessionrecording/manage |
|
Administer SSH Cipher Suite |
View and edit the SSH Cipher Suite |
delinea.vault/secretserver/administration/sshciphersuite/administer |
|
Administer SSH Menus |
Create and edit SSH Menus, used in allowlisting commands that can be used on a SSH session. |
delinea.vault/secretserver/administration/sshmenus/administer |
|
Administer Users |
Create, disable, and edit users in the system. |
delinea.directory/administration/users/administer |
|
Administer Workflows |
Manage workflows (advanced access management). |
delinea.vault/secretserver/administration/workflows/administer |
|
Advanced Import |
Import Secrets from an XML file. Users with the this permission can import groups, folders, site connectors, sites, and secret templates, without having to create a secret. Users must have the Secret Server permissions needed for the objects listed in the XML. |
delinea.vault/secretserver/administration/import/advancedimport/allow |
|
Allow List Secret Access For Assigning Policy |
Users with list access to a secret can assign policies. Users need the view permission if they do not have this one. |
delinea.vault/secretserver/administration/secretpolicy/listsecretaccessforassigningpolicy/allow |
|
Approve Registration |
Approve a Registration |
delinea.registration/registration/approve |
|
Approve Via DUO Push |
Approve access requests via Duo push notifications. Administrators do not have this permission by default. |
delinea.inbox/duo/requestaccess/approve |
|
Assign Secret Policy |
Assign Secret Policies to folders and secrets. |
delinea.vault/secretserver/secretpolicy/assign |
|
Assign Secret Server Pipelines |
Assign an event pipeline policy to secret policies, or folders. |
delinea.vault/secretserver/administration/pipelines/assign |
|
Audit Secret Server Session Recordings |
Users with at least List Access permission on a secret can access the session recording of the secret. Administrators do not have this permission by default. |
delinea.vault/secretserver/secret/sessionrecording/auditor |
|
Browse Secret Server Reports |
Access reports restricted by permissions. Permissions are configurable at the category and report levels and share a similar inheritance model to secrets and folders. You can define users or groups with view or edit permissions for each category or report. |
delinea.vault/secretserver/administration/reports/browse |
|
Bypass Direct API Authentication Restriction |
Ignore the PreventDirectApiAuthentication advanced setting and log in via the API with a non-application account |
delinea.vault/secretserver/user/directapiauthenticationrestriction/bypass |
|
Bypass SAML Login |
Log in with local account without using SAML (Secret Server specific) |
delinea.vault/secretserver/user/samllogin/bypass |
|
Configure Secret Server integration |
Configure Secret Server integration |
delinea.platform/administration/remoteaccess/vault/configure |
|
Copy Secret |
Copy secrets when the user also has Own Secret role permission. |
delinea.vault/secretserver/secret/copy |
|
Create a Site |
Create a new site. |
delinea.enginepool/site/create |
|
Create Engine |
Create a new engine. |
delinea.enginepool/engine/create |
|
Create Engine Pool Group |
Create a new engine pool group. |
delinea.enginepool/group/create |
|
Create Policy |
Create Policies |
delinea.policy/policies/create |
|
Create PRA Site |
Create a new Remote Access site to install engines |
delinea.platform/administration/remoteaccess/site/create |
|
Create Registration Code |
Create a Registration Code |
delinea.registration/registrationcode/create |
|
Create Root Folders in Secret Server |
Create new folders at the root level of the folder structure |
delinea.vault/secretserver/administration/folders/rootfolders/create |
|
Create Users |
Create new local users in Secret Server, but not edit them once created. |
delinea.directory/administration/users/create |
|
Deactivate Secret |
Mark secrets as deactivated. |
delinea.vault/secretserver/secret/deactivate |
|
Deactivate a Secret within a Report |
Run the delete Secrets action from a report. |
delinea.vault/secretserver/administration/reports/secretfromreport/deactivate |
|
Delete a Site |
Delete a site. |
delinea.enginepool/site/delete |
|
Delete Engine |
Delete an engine. |
delinea.enginepool/engine/delete |
|
Delete Engine Pool Group |
Delete an engine pool group. |
delinea.enginepool/group/delete |
|
Delete Federation Profile |
Delete a federation profile |
delinea.platform/administration/federation/profile/delete |
|
Delete Group Role Assignment |
Remove groups from roles |
delinea.platform/administration/groups/roleassignment/delete |
|
Delete Policy |
Delete Policies |
delinea.policy/policies/delete |
|
Delete PRA Engine |
Delete Remote Access OnPrem engine |
delinea.platform/administration/remoteaccess/engine/delete |
|
Delete PRA Site |
Delete Remote Access site |
delinea.platform/administration/remoteaccess/site/delete |
|
Delete Roles |
Delete roles. |
delinea.platform/administration/roles/delete |
|
Delete Secret Server Templates |
Delete Secret Server templates |
delinea.platform/administration/remoteaccess/secrettemplate/delete |
|
Delete User Role Assignment |
Remove users from roles. |
delinea.platform/administration/users/roleassignment/delete |
|
Download Auto Export |
View all automatic export tabs and download exports from cloud storage (cloud customers only) |
delinea.vault/secretserver/administration/autoexport/download |
|
Edit Policy |
Edit Policies |
delinea.policy/policies/update |
|
Edit Session Recording AIDA Settings |
Access AIDA setting page |
delinea.platform/audit/sessionrecording/aida/settings |
|
Enable Policy |
Enable Policies |
delinea.policy/policies/enable |
|
Enable Unlimited Administrator in Secret Server |
Turn on Unlimited Admin Mode. When this mode is enabled, users with the Unlimited Administrator role permission can view and edit all Secrets in the system, regardless of permissions. Note that you can assign Administer Unlimited Admin Configuration to one user and Unlimited Administrator to another user. This would require one user to turn on the mode and another user to view and edit secrets. Formerly Administer Unlimited Admin Configuration. |
delinea.vault/secretserver/administration/unlimitedadmin/administer |
|
Erase Secret |
Permanently erase a secret (as opposed to deactivate a secret, which is reversible) |
delinea.vault/secretserver/secret/delete |
|
Expire Secrets from Reports |
Expire Secrets listed in a report. |
delinea.vault/secretserver/administration/reports/secretsfromreport/expire |
|
Generate a Device Code |
Generate a Device Code |
delinea.registration/devicecode/generate |
|
Launch PRA Session |
Launch a Remote Access session |
delinea.platform/remoteaccess/session/launch |
|
Launch Secret in Secret Server |
Launch a secret. Previously, a user could launch a secret if their user role had the View Secret permission. As of Version 11.5, a user needs this permission to launch. A user will also need the Secret Launch Remote Access (Platform) permission to be able to launch |
delinea.vault/secretserver/secret/launch |
|
List Engine Pool Groups |
View summary information about all engine pool groups. |
delinea.enginepool/group/list |
|
List Engines |
View summary information about all engines. |
delinea.enginepool/engine/list |
|
List Registration Codes |
View summary information about all registration-codes |
delinea.registration/registrationcode/list |
|
List Registrations |
View summary information about all registrations for a registration-code |
delinea.registration/registrationcode/registration/list |
|
List Sites |
See and choose sites through the platform UI, such as in a dropdown list of sites in the PRA setup page. This permission does not grant the ability to view and modify sites through the Engine Management page. For that, the Manage Sites permission is required. |
delinea.enginepool/site/list |
|
List Workload Definitions |
View summary information about all workload-definitions |
delinea.registration/workloaddefinition/list |
|
Manage Identity settings |
Manage all Identity related settings such as users, groups, policies and more |
delinea.platform/identity/admin/manage |
|
Manage Sites |
View summary information about all sites and make changes. |
delinea.enginepool/site/manage |
| Manage Webhooks | Grants a user permission to manage webhooks | delinea.platform/webhooks/manage |
|
Own Secret |
Perform advanced tasks on secrets the user “owns,” such as configuring expiration schedules, configuring the web launcher, converting secret template, and copying secrets |
delinea.vault/secretserver/secret/own |
|
Personal Folder in Secret Server |
Have personal folder when the global personal folders configuration options is enabled. |
delinea.vault/secretserver/user/personalfolder/allow |
|
Publish Audit event |
Create and publish audit event |
delinea.platform/audit/event/create |
|
Read Audit event |
Read audit events |
delinea.platform/audit/event/read |
|
Read Federation Profile |
Read federation profiles |
delinea.platform/administration/federation/profile/read |
|
Read Own Audit events |
Read own audit events |
delinea.platform/audit/event/own/read |
|
Register a Workload |
Register a Workload with a Registration Code |
delinea.registration/registrationcode/register |
|
Retrieve a Registration |
Read detailed information (including sensitive information) about individual registrations |
delinea.registration/registration/read |
|
Retrieve Engine |
Read detailed information about an engine. |
delinea.enginepool/engine/read |
|
Retrieve Engine Pool Group |
Read detailed information about an engine pool group. |
delinea.enginepool/group/read |
|
Retrieve Registration Code |
Read detailed information (including sensitive information) about individual registration-codes |
delinea.registration/registrationcode/read |
|
Retrieve Site |
Read detailed information about a site. |
delinea.enginepool/site/read |
|
Retrieve Workload Definition |
Read detailed information (including sensitive information) about individual workload-definitions |
delinea.registration/workloaddefinition/read |
|
Run Auto Export |
View all automatic export tabs and run the export manually by clicking the Run Export button. |
delinea.vault/secretserver/administration/autoexport/run |
|
Run Disaster Recovery Replication |
Initiate or test Data Replication. |
delinea.vault/secretserver/administration/disasterrecovery/datareplication/run |
|
Run Secret Server Scripts |
Separates privileges in script management. Holders of the View Scripts role permission cannot execute test runs of scripts, and this permission must be assigned to perform this task. |
delinea.vault/secretserver/administration/scripts/run |
|
Secret Force Check In |
Force a secret that is checked out by another user to be checked in. |
delinea.vault/secretserver/secret/checkin/override |
|
Secret Server Web Services Impersonate |
Send an approval request to act as another user within their organization when accessing Secret Server programmatically. Administrators do not have this permission by default. |
delinea.vault/secretserver/user/impersonatewebservices/allow |
|
Unlimited Administrator in Secret Server |
View and edit all secrets in the system, regardless of permissions, when Unlimited Admin Mode is on. Note that another user with the Administer Unlimited Admin Configuration role permission would still need to turn this mode on. |
delinea.vault/secretserver/administration/unlimitedadmin/unlimitedadministrator |
|
Unrestricted by Teams in Secret Server |
View all users, groups, and sites, regardless of team affiliation. Essentially, teams do not exist for the users with this permission, and the Teams page is not available to them. The default user role has this permission. |
delinea.vault/secretserver/user/unrestrictedbyteams/allow |
|
Update a Site |
Edit a site |
delinea.enginepool/site/update |
|
Update All Session Recordings |
Comment and tag session recordings |
delinea.platform/audit/sessionrecording/admin/update |
|
Update Audit event |
Update audit event |
delinea.platform/audit/event/update |
|
Update Audit Setting |
Update audit setting |
delinea.platform/administration/audit/update |
|
Update Engine |
Edit an engine. |
delinea.enginepool/engine/update |
|
Update Engine Pool Group |
Edit an engine pool group. |
delinea.enginepool/group/update |
|
Update Federation Profile |
Update a federation profile |
delinea.platform/administration/federation/profile/update |
|
Update PRA Engine |
Upgrade Remote Access OnPrem engine |
delinea.platform/administration/remoteaccess/engine/update |
|
Update PRA Site |
Update Remote Access site |
delinea.platform/administration/remoteaccess/site/update |
|
Update Roles |
Modify Roles. |
delinea.platform/administration/roles/update |
|
Update Tenant Profile |
Edit and update any information under the Tenant Profile page. This permission is not additive, so by only having the "Update Tenant Profile" permission, you do NOT get the ability to also see the data. |
delinea.platform/administration/tenantprofile/update |
|
User Audit Expire Secrets |
View the User Audit report, which shows all secrets accessed by a particular user in a specified date range. Also allows the user to force expiration on all these secrets, which would make Secret Server automatically change the password. |
delinea.vault/secretserver/administration/useraudit/expiresecrets |
|
View Advanced Secret Options |
View the Remote Password Changing, Security, and Dependency tabs on a Secret they have access to. |
delinea.vault/secretserver/secret/advancedoptions/read |
|
View All Session Recordings |
View all session recordings |
delinea.platform/audit/sessionrecording/admin/read |
|
View Analytics |
View, but not edit, settings for analytics. |
delinea.analytics/settings/read |
|
View Audit Data Retention |
View retained audit data. This permission does not automatically come with the Administrator role. |
delinea.insights/administration/dataretention/read |
|
View Audit Settings |
View audit settings |
delinea.platform/administration/audit/read |
|
View Auto Export |
View all automatic export tabs. |
delinea.vault/secretserver/administration/autoexport/read |
|
View All Computers |
View computer assets |
delinea.assets/computer/view |
|
View Devops Secret Vault Tenants |
View (not edit) the DSV tenants set to synchronize with Secret Server. |
delinea.vault/secretserver/administration/devopssecretvault/tenants/read |
|
View Disaster Recovery |
View configuration, logs and audits for Disaster Recovery. |
delinea.vault/secretserver/administration/disasterrecovery/read |
|
View Discovery |
View, but not edit, computers and accounts that are found by Discovery. |
delinea.discovery/discovery/read |
|
View Distributed Engine Configuration |
View the Distributed Engine configuration. |
delinea.vault/secretserver/administration/distributedengine/read |
|
View DoubleLock Keys |
View which DoubleLock keys exist in the system. |
delinea.vault/secretserver/administration/doublelockkeys/read |
|
View DownloadCenter |
View the Download Center page. |
delinea.platform/marketplace/downloadcenter/read |
|
View Dual Control Settings |
View configured Dual Control settings for reports and Secret sessions. |
delinea.vault/secretserver/administration/dualcontrol/read |
|
View Enterprise Objects |
View user and secret metadata. |
delinea.vault/secretserver/administration/enterpriseobjects/read |
|
View Event Subscriptions |
View event subscriptions. |
delinea.vault/secretserver/administration/eventsubscriptions/read |
|
View Export |
View the export log of the system to see when users exported secrets. Does not allow a user to export. |
delinea.vault/secretserver/administration/export/read |
|
View Group Role Assignment |
View roles assigned to groups. |
delinea.platform/administration/groups/roleassignment/read |
|
View Groups |
See which groups exist in the system, and which users belong to each group. |
delinea.directory/administration/groups/read |
|
View HSM Configuration |
View the Hardware Security Module (HSM) configuration settings. |
delinea.vault/secretserver/administration/hsm/read |
|
View Identity settings |
View Identity related settings such as users, groups, policies, and more |
delinea.platform/identity/admin/read |
|
View Inactive Secrets |
View Secrets that have been deleted in the system. |
delinea.vault/secretserver/secret/inactivesecrets/read |
|
View IP Addresses |
View IP Address Ranges that have been created to restrict access. Does not allow a user to edit these ranges. |
delinea.directory/ipaddresses/read |
|
View Jumpbox |
View the details of all jump server routes in the Admin Jumpbox Route page but not make any changes. |
delinea.vault/secretserver/administration/jumpboxroutes/read |
|
View Key Management |
View the Key Management settings (Secret Server Cloud only). |
delinea.vault/secretserver/administration/keymanagement/read |
|
View Launcher Password on Secrets |
Unmask the password on the view screen of secrets with a launcher. Typically, this includes Web Passwords, Active Directory accounts, Local Windows accounts, and Linux accounts. |
delinea.vault/secretserver/secret/launcherpassword/read |
|
View Licenses |
View, but not edit, the licenses in the system. |
delinea.license/administration/licenses/read |
|
View Marketplace |
View the marketplace |
delinea.platform/marketplace/read |
|
View Marketplace Download Center |
View, Download Delinea Tools, Connectors, etc. from Marketplace Download Center |
delinea.platform/marketplace/downloadcenter/read |
|
View OpenID Connect |
View OpenID Connect integration settings in the Configuration Login tab |
delinea.platform/administration/federation/profile/read |
|
View Other User/Group Permissions |
Read the permissions of other users and groups. |
delinea.platform/administration/haspermission/read |
|
View Own Session Recordings |
Open and view their personal session recordings |
delinea.platform/audit/sessionrecording/own/read |
|
View Permissions |
View permissions. |
delinea.platform/administration/permissions/read |
|
View Platform Groups |
View Platform Groups |
delinea.platform/administration/groups/read |
|
View Platform Integration |
View the Secret Server connection to the Delinea Platform. |
delinea.vault/secretserver/administration/platformintegration/read |
|
View Platform Users |
View Platform Users |
delinea.platform/administration/users/read |
|
View Policy |
View Policies |
delinea.policy/policies/read |
|
View Radius Server Configuration |
View radius client settings |
delinea.platform/identity/radius/read |
|
View PRA Engine |
View Remote Access OnPrem engine |
delinea.platform/administration/remoteaccess/engine/read |
|
View PRA Site |
View Remote Access Site |
delinea.platform/administration/remoteaccess/site/read |
|
View Remote Password Changing Settings |
View, but not edit, Heartbeat and Remote Password Changing settings |
delinea.vault/secretserver/administration/remotepasswordchanging/read |
|
View Roles |
View roles. |
delinea.platform/administration/roles/read |
|
View Secret |
View secret. If disabled a user cannot view secrets regardless of the secret permission. |
delinea.vault/secretserver/secret/read |
|
View Secret Audit |
View Secret Audit. |
delinea.vault/secretserver/secret/audit/read |
|
View Secret Password and Private Key History |
View the history of passwords, private keys, or passphrases in both old and new UI. |
delinea.vault/secretserver/secret/passwordandprivatekeyhistory/read |
|
View Secret Policy |
View, but not edit, Secret Policies. |
delinea.vault/secretserver/administration/secretpolicy/read |
|
View Secret Server Advanced Dashboard |
View advanced dashboard. Without this permission, users will only be able to view basic dashboard. |
delinea.vault/secretserver/user/advanceddashboard/read |
|
View Secret Server Configuration |
View, but not edit, general configuration settings. |
delinea.vault/secretserver/administration/configuration/read |
|
View Secret Server Folders |
View, but not edit, folders in the system. |
delinea.vault/secretserver/administration/folders/read |
|
View Secret Server integration |
View Secret Server integration |
delinea.platform/administration/remoteaccess/vault/read |
|
View Secret Server Lists |
View lists and list contents in Admin > Lists. |
delinea.vault/secretserver/administration/lists/read |
|
View Secret Server Password Requirements |
View character sets and password requirements. |
delinea.vault/secretserver/administration/passwordrequirements/read |
|
View Secret Server Pipelines |
View event pipeline policies and policy activities. |
Delinea.vault/secretserver/administration/pipelines/read |
|
View Secret Server Reports |
View, but not edit, reports. See Browse Reports. |
delinea.vault/secretserver/administration/reports/read |
|
View Secret Server Scripts |
View PowerShell, SQL, and SSH scripts on the Scripts Administration page. |
delinea.vault/secretserver/administration/scripts/read |
|
View Secret Server Security Configuration |
View the security configuration of Secret Server. Formerly View Security Configuration. |
delinea.vault/secretserver/administration/securityconfiguration/read |
|
View Secret Server Security Hardening Report |
View the Security Hardening Report. |
delinea.vault/secretserver/administration/securityhardeningreport/read |
|
View Secret Server SSH Proxy Configuration |
View, but not edit, SSH Proxy settings. |
delinea.vault/secretserver/administration/proxyingconfiguration/read |
|
View Secret Server System Logs |
View (only) the System Log, which shows general diagnostics information for Secret Server. |
delinea.vault/secretserver/administration/systemlog/read |
|
View Secret Server Teams |
View all teams. This is essentially a read-only Administer Teams. |
delinea.vault/secretserver/administration/teams/read |
|
View Secret Server Templates |
View, but not edit, Secret Templates. |
delinea.vault/secretserver/administration/secrettemplate/read |
|
View Secret Server Templates |
View Secret Server templates |
delinea.platform/administration/remoteaccess/secrettemplate/read |
|
View Secret Session Recording |
View recorded sessions within Secret Server. |
delinea.vault/secretserver/administration/sessionrecording/read |
|
View Secrets |
View Secrets to launch PRA Session |
delinea.platform/remoteaccess/secret/read |
|
View Session Recording AIDA Analysis |
Read AIDA results in session recording and for aida settings |
delinea.platform/audit/sessionrecording/aida/read |
|
View Session Recording Comments |
Read comments in session recording |
delinea.platform/audit/sessionrecording/comment/read |
|
View Session Recording Configuration |
View session recording settings on the Session Recording tab of Configuration settings. |
delinea.audit/administration/sessionrecording/read |
|
View Session Recordings |
View active launcher sessions. |
delinea.audit/sessionrecording/readall |
|
View Session Recordings UI |
Can view the Insights → Audit → Session Recordings UI |
delinea.platform/audit/sessionrecording/read |
|
View SSH Cipher Suite |
View (only) the SSH Cipher Suite |
delinea.vault/secretserver/administration/sshciphersuite/read |
|
View SSH Menus |
View existing SSH Menus, used in allow-listing commands that can be used on a SSH session. |
delinea.vault/secretserver/administration/sshmenus/read |
|
View Unlimited Administrator Audit |
View the Unlimited Admin Mode configuration and the Unlimited Admin Mode audit log. Formerly View Unlimited Admin Configuration. |
delinea.vault/secretserver/administration/unlimitedadmin/read |
|
View User Audit Report |
View, but not edit, the User Audit Report. |
delinea.vault/secretserver/administration/useraudit/report/read |
|
View User Role Assignments |
View roles assigned to users. |
delinea.platform/administration/users/roleassignment/read |
|
View Users |
View which users exist in the system. |
delinea.directory/administration/users/read |
|
View Workflows |
View, but not edit, workflows used for multi-tier secret-access approvals and secret erase requests. |
delinea.vault/secretserver/administration/workflows/read |
|
Write Session Recording Comments |
Write comments in session recording |
delinea.platform/audit/sessionrecording/comment/write |
