Platform Permissions

This page provides a reference to the role permissions available in the Delinea Platform.

Miscellaneous Permissions

Permission Name	Description	Permission String
Add Engine	Create a new engine.	delinea.enginepool/engine/create
Administer Analytics	View and edit the settings for analytics.	delinea.analytics/settings/administer
Administer Audit Data Retention	Manage audit data retention, such as editing and running now. This permission does not automatically come with the Administrator role.	delinea.insights/administration/dataretention/administer
Administer Discovery	View and import computers and accounts that are found by Discovery.	delinea.discovery/discovery/administer
Administer Inbox	Administer notification settings for the inbox.	delinea.inbox/inbox/administer
Administer Licenses	View, edit, install, and delete licenses.	delinea.license/administration/licenses/administer
Administer Session Recording Configuration	View and edit session recording settings on the Session Recording tab of Configuration settings. (Formerly also known as Administer Session Recordings.)	delinea.audit/administration/sessionrecording/manage
Approve Registration	Approve a registration.	delinea.registration/registration/approve
Approve Via DUO Push	Approve access requests via Duo push notifications. Administrators do not have this permission by default.	delinea.inbox/duo/requestaccess/approve
Create a Site	Create a new site.	delinea.enginepool/site/create
Create Command Group	Create command groups.	delinea.policy/commandgroups/create
Create Granular Command	Create granular commands.	delinea.policy/commands/create
Create Policy	Create policies.	delinea.policy/policies/create
Create Registration Code	Create a registration code.	delinea.registration/registrationcode/create
Delete a Site	Delete a site.	delinea.enginepool/site/delete
Delete Command Group	Delete command groups.	delinea.policy/commandgroups/delete
Delete Engine	Delete an engine.	delinea.enginepool/engine/delete
Delete Granular Command	Delete granular commands.	delinea.policy/commands/delete
Delete Policy	Delete policies.	delinea.policy/policies/delete
Edit Command Group	Edit command groups.	delinea.policy/commandgroups/update
Edit Granular Command	Edit granular commands.	delinea.policy/commands/update
Edit Policy	Edit policies.	delinea.policy/policies/update
Enable Policy	Enable policies.	delinea.policy/policies/enable
Generate a Device Code	Generate a device code.	delinea.registration/devicecode/generate
List Engines	View summary information about all engines.	delinea.enginepool/engine/list
List Registration Codes	View summary information about all registration codes.	delinea.registration/registrationcode/list
List Registrations	View summary information about all registrations for a registration code.	delinea.registration/registrationcode/registration/list
List Sites	See and choose sites through the platform UI, such as in a dropdown list of sites in the PRA setup page. This permission does not grant the ability to view and modify sites through the Engine Management page. For that, the Manage Sites permission is required.	delinea.enginepool/site/list
List Workload Definitions	View summary information about all workload definitions.	delinea.registration/workloaddefinition/list
Manage All Collections	Manage all collections in the tenant.	delinea.platform/collections/manage
Manage Entitlements	Manage entitlement assignments in access.	delinea.platform/access/entitlements/manage
Manage Sites	View summary information about all sites and make changes.	delinea.enginepool/site/manage
Manage Webhooks	Manage webhooks.	delinea.platform/webhooks/manage
Read Another Users Profile Settings	Read other users' profile settings (such as the profile image).	delinea.platform/userprofile/manage/read
Register a Workload	Register a Workload with a registration code.	delinea.registration/registrationcode/register
Retrieve a Managed Application Registration	Retrieve a managed application registration.	delinea.registration/registration/managedapplication/retrieve
Retrieve a Registration	Read detailed information (including sensitive information) about individual registrations.	delinea.registration/registration/read
Retrieve Registration Code	Read detailed information (including sensitive information) about individual registration codes.	delinea.registration/registrationcode/read
Retrieve Workload Definition	Read detailed information (including sensitive information) about individual workload definitions.	delinea.registration/workloaddefinition/read
Update a Site	Edit a site.	delinea.enginepool/site/update
Update Another Users Profile Settings	Update other users' profile settings (such as the profile image).	delinea.platform/userprofile/manage/update
Update Engine	Edit an engine.	delinea.enginepool/engine/update
View All Collections	View all collections in the tenant.	delinea.platform/collections/read
View All Computers	The user can view all computers that the user is permitted to access in the tenant.	delinea.assets/computer/view
View Analytics	View, but not edit, settings for analytics.	delinea.analytics/settings/read
View Audit Data Retention	View retained audit data. This permission does not automatically come with the Administrator role.	delinea.insights/administration/dataretention/read
View Command Group	View command groups.	delinea.policy/commandgroups/read
View Discovery	View, but not edit, computers and accounts that are found by Discovery.	delinea.discovery/discovery/read
View Engine	Read detailed information about an engine.	delinea.enginepool/engine/read
View Granular Command	View granular commands.	delinea.policy/commands/read
View licenses	View, but not edit, the licenses in the system.	delinea.license/administration/licenses/read
View Policy	View policies.	delinea.policy/policies/read
View Session Recording Configuration	View session recording settings on the Session Recording tab of Configuration settings.	delinea.audit/administration/sessionrecording/read
View Session Recording Comments	Read comments in session recording.	delinea.platform/audit/sessionrecording/comment/read
View Session Recordings	View active launcher sessions.	delinea.audit/sessionrecording/readall
View Site	Read detailed information about a site. (Formerly Retrieve Site.)	delinea.enginepool/site/read

Administration Permissions

Permission Name	Description	Permission String
Activate PRA Engine	Activate Privileged Remote Access engine.	delinea.platform/administration/remoteaccess/engine/activate
Add Federation Profile	Add a federation profile.	delinea.platform/administration/federation/profile/create
Add Group Role Assignment	Assign groups to roles.	delinea.platform/administration/groups/roleassignment/create
Add PRA Engine	Add Privileged Remote Access engine.	delinea.platform/administration/remoteaccess/engine/create
Add Roles	Add roles.	delinea.platform/administration/roles/create
Add Secret Server On Premises Templates	Add Secret Server On Premises templates. (Formerly Add Secret Server Templates.)	delinea.platform/administration/remoteaccess/secrettemplate/create
Add User Role Assignments	Assign users to roles.	delinea.platform/administration/users/roleassignment/create
Configure Secret Server On Premises integration	Configure Secret Server On Premises integration.	delinea.platform/administration/remoteaccess/vault/configure
Create PRA Site	Create a new Remote Access site to install engines.	delinea.platform/administration/remoteaccess/site/create
Delete Federation Profile	Delete a federation profile.	delinea.platform/administration/federation/profile/delete
Delete Group Role Assignment	Remove groups from roles.	delinea.platform/administration/groups/roleassignment/delete
Delete PRA Engine	Delete Privileged Remote Access engine.	delinea.platform/administration/remoteaccess/engine/delete
Delete PRA Site	Delete Privileged Remote Access site.	delinea.platform/administration/remoteaccess/site/delete
Delete Roles	Delete roles.	delinea.platform/administration/roles/delete
Delete Secret Server On Premises Templates	Delete Secret Server On Premises templates. (Formerly Delete Secret Server Templates.)	delinea.platform/administration/remoteaccess/secrettemplate/delete
Delete User Role Assignment	Remove users from roles.	delinea.platform/administration/users/roleassignment/delete
Read Federation Profile	Read federation profiles.	delinea.platform/administration/federation/profile/read
Update Federation Profile	Update a federation profile.	delinea.platform/administration/federation/profile/update
Update PRA Engine	Upgrade Privileged Remote Access engine.	delinea.platform/administration/remoteaccess/engine/update
Update PRA Site	Update Privileged Remote Access site.	delinea.platform/administration/remoteaccess/site/update
Update Roles	Modify roles.	delinea.platform/administration/roles/update
Update Tenant Profile	Edit and update any information under the Tenant Profile page. This permission is not additive, so by only having the "Update Tenant Profile" permission, you do not get the ability to also see the data.	delinea.platform/administration/tenantprofile/update
View Group Role Assignment	View roles assigned to groups.	delinea.platform/administration/groups/roleassignment/read
View Other User/Group Permissions	Read the permissions of other users and groups.	delinea.platform/administration/haspermission/read
View Permissions	Grants a user permission to view permissions .	delinea.platform/administration/permissions/read
View Platform Groups	View platform groups.	delinea.platform/administration/groups/read
View Platform Users	View platform users.	delinea.platform/administration/users/read
View PRA Engine	View Privileged Remote Access engine.	delinea.platform/administration/remoteaccess/engine/read
View PRA Site	View Privileged Remote Access Site.	delinea.platform/administration/remoteaccess/site/read
View Roles	View roles.	delinea.platform/administration/roles/read
View Tenant Profile	View tenant profile.	delinea.platform/administration/tenantprofile/read
View Secret Server On Premises Integration	View Secret Server On-Premises integration. (Formerly View Secret Server integration.)	delinea.platform/administration/remoteaccess/vault/read
View Secret Server On Premises Templates	View Secret Server On-Premises templates. (Formerly View Secret Server Templates.)	delinea.platform/administration/remoteaccess/secrettemplate/read
View User Role Assignments	View roles assigned to users.	delinea.platform/administration/users/roleassignment/read

Behavioral Analytics Permissions

Permission Name	Description	Permission String
Create Behavioral Analytics Notes	Create behavioral analytics notes.	delinea.platform/analytics/notes/create
Create Behavioral Analytics Settings	Create behavioral analytics settings.	delinea.platform/analytics/settings/create
Delete Behavioral Analytics Notes	Delete behavioral analytics notes.	delinea.platform/analytics/notes/delete
Delete Behavioral Analytics Settings	Delete behavioral analytics events.	delinea.platform/analytics/settings/delete
Manage Behavioral Analytics	Manage behavioral analytics settings.	delinea.platform/analytics/settings/manage
Update Behavioral Analytics Alerts	Update behavioral analytics alerts.	delinea.platform/analytics/alerts/update
Update Behavioral Analytics Notes	Update behavioral analytics notes.	delinea.platform/analytics/notes/update
Update Behavioral Analytics Settings	Update behavioral analytics settings.	delinea.platform/analytics/settings/update
View Behavioral Analytics	View the Behavioral Analytics page (Insights > Behavioral Analytics).	delinea.platform/analytics/read
View Behavioral Analytics Alerts	View behavioral analytics alerts.	delinea.platform/analytics/alerts/read
View Behavioral Analytics Events	View behavioral analytics events.	delinea.platform/analytics/events/read
View Behavioral Analytics Notes	View behavioral analytics notes.	delinea.platform/analytics/notes/read
View Behavioral Analytics Settings	View behavioral analytics settings.	delinea.platform/analytics/settings/read

Platform Audit Permissions

Permission Name	Description	Permission String
Add Session Recording Comments	Write comments in session recording. (Formerly Write Session Recording Comments.)	delinea.platform/audit/sessionrecording/comment/write
Modify Session Recording AIDA Settings	Access AIDA setting page.	delinea.platform/audit/sessionrecording/aida/settings
Read Audit events	Read all administrative and privileged activity events.	delinea.platform/audit/event/read
Read Own Audit events	Grants a user permission to read their own administrative and privileged activity events.	delinea.platform/audit/event/own/read
View AIDA results	Read AIDA results in session recording.	delinea.platform/audit/sessionrecording/aida/read
View Authorized Session Recordings	Grants a user permission to vew all authorized session recordings. (Formerly View All Session Recordings or View Session Recordings UI.)	delinea.platform/audit/sessionrecording/admin/read
View Own Session Recordings	Grants a user permission to open and view their personal session recordings.	delinea.platform/audit/sessionrecording/own/read
View Session Recording Comments	Read comments in session recording.	delinea.platform/audit/sessionrecording/comment/read

Delinea Expert Permissions

Permission Name	Description	Permission String
Access Delinea Expert	Chat with Delinea Expert.	delinea.platform/gpt/conversation/create
Configure Delinea Expert	Configure Delinea Expert.	delinea.platform/gpt/conversation/configure

Posture Check Permissions

Permission Name	Description	Permission String
Manage Checks	Manage posture checks.	delinea.platform/checks/manage
View Checks	View posture checks.	delinea.platform/checks/view

Identity Permissions

Permission Name	Description	Permission String
Administer RADIUS Server Configuration	Manage RADIUS client settings.	delinea.platform/identity/radius/administer
Manage Identity settings	Manage all Identity-related settings such as users, groups, policies, and more.	delinea.platform/identity/admin/manage
View Identity settings	View Identity-related settings such as users, groups, policies, and more.	delinea.platform/identity/admin/read
View RADIUS Server Configuration	View RADIUS client settings.	delinea.platform/identity/radius/read

Inventories Permissions

Permission Name	Description	Permission String
View Inventory	View inventories in the navigation menu.	delinea.platform/inventory/view

Analytics Management Permissions

Permission Name	Description	Permission String
Create Active Directory entities	Create Active directory entities.	delinea.platform/itp/activedirectory/create

Marketplace Permissions

Permission Name	Description	Permission String
Customize Marketplace Integration View	Customize Marketplace integration view.	delinea.platform/marketplace/integrationview/update
View Marketplace	Show Marketplace to the user.	delinea.platform/marketplace/read
View Marketplace Download Center	Show Marketplace Download Center to the user. (Formerly View Download Center.)	delinea.platform/marketplace/downloadcenter/read
View Subscriptions	View subscriptions in Marketplace.	delinea.platform/marketplace/subscriptions/read

Remote Access Permissions

Permission Name	Description	Permission String
Close PRA session	Close a Privileged Remote Access session.	delinea.platform/remoteaccess/sessions/end
Create Remote Applications	Create remote applications.	delinea.platform/remoteaccess/remoteapplication/create
Create Web Application	Create Web application.	delinea.platform/remoteaccess/webapplication/create
Delete Remote Applications	Delete remote applications.	delinea.platform/remoteaccess/remoteapplication/delete
Delete Web Application	Delete web application.	delinea.platform/remoteaccess/webapplication/delete
Download files with PRA	Download a file from the target system during a remote access session.	delinea.platform/remoteaccess/filetransfer/download
Launch PRA Session	Launch a Privileged Remote Access session.	delinea.platform/remoteaccess/session/launch
Launch Web Application	Launch web application.	delinea.platform/remoteaccess/webapplication/launch
Read Remote Applications	Read remote applications.	delinea.platform/remoteaccess/remoteapplication/read
Read Web Applications	Read web applications.	delinea.platform/remoteaccess/webapplication/read
Update PRA Configuration	Update Privileged Remote Access Configuration.	delinea.platform/remoteaccess/configuration/update
Update Remote Applications	Update remote applications.	delinea.platform/remoteaccess/remoteapplication/update
Update Web Application	Update web application.	delinea.platform/remoteaccess/webapplication/update
Upload files with PRA	Upload a file to the target system during a remote access session.	delinea.platform/remoteaccess/filetransfer/upload
View PRA Configuration	View Privileged Remote Access Configuration.	delinea.platform/remoteaccess/configuration/read
View Secrets	Vew Secrets to launch Privileged Remote Access sessions.	delinea.platform/remoteaccess/secret/read

Vaultbroker Configuration Permissions

Permission Name	Description	Permission String
Allow creating vaultbroker connection information	Create the vaultbroker connection information. Still requires an admin to log into SecretServer first and configure the platform configuration.	delinea.platform/vaultbroker/vault/create
Allow editing vaultbroker connection information	Modify the vaultbroker connection information.	delinea.platform/vaultbroker/vault/update

Secret Server Permissions

Permission Name	Description	Permission String
Access Offline Secrets on Mobile	User can cache their secrets in the Secret Server mobile application for offline use. This permission does not automatically come with the Administrator role.	delinea.vault/secretserver/secret/mobile/offlinesecrets/allow
Add Custom Audit Entry for Secrets	Make a custom audit entry when accessing a secret using the web services API.	delinea.vault/secretserver/secret/customaudit/create
Add Secret	Create new secrets. The Add permission no longer includes the role permission View Secret.	delinea.vault/secretserver/secret/create
Add Users or Groups From Identity	Search for users and groups from Identity sources and add those users or groups to Secret Server.	delinea.vault/secretserver/administration/identity/usersandgroups/add
Administer Analytics Challenge	Allows user to be challenged by analytics if their behavior deviates from their normal behavior and meets requirements specified by analytics. Administrators do not have this permission by default.	delinea.vault/secretserver/administration/securityanalytics/accesschallenge/allow
Administer Application Accounts in Secret Server	Create application user accounts to be used exclusively for accessing Secret Server via the API. Formerly Create Application Account.	delinea.vault/secretserver/administration/users/applicationaccounts/create
Administer Auto Export	Do everything the other automatic export permissions allow and edit the automatic export configuration.	delinea.vault/secretserver/administration/autoexport/administer
Administer Custom Columns on Secret Templates	Enable the Expose for Display setting of a secret's template field to make it available for use in Dashboard custom columns.	delinea.vault/secretserver/administration/secrettemplate/customcolumns/administer
Administer Custom Password Requirements	View and edit custom password requirements that can be configured under the Security tab for individual secrets.	delinea.vault/secretserver/administration/passwordrequirements/custom/administer
Administer Devops Secret Vault Tenants	Add, remove, and edit DSV tenants that automatically synchronize with Secret Server on a schedule.	delinea.vault/secretserver/administration/devopssecretvault/tenants/administer
Administer Disaster Recovery	Configure instances as data sources or replicas for disaster recovery; initiate or test data replication and view related logs and audits.	delinea.vault/secretserver/administration/disasterrecovery/administer
Administer Distributed Engine Configuration	Update the Distributed Engine configuration.	delinea.vault/secretserver/administration/distributedengine/administer
Administer DoubleLock Keys	View, edit, create, and disable DoubleLock keys. A DoubleLock key acts as a separate encryption key to protect your most sensitive secrets. This option allows users to access and use the DoubleLocks link on the Administration page.	delinea.vault/secretserver/administration/doublelockkeys/administer
Administer Dual Control Settings	View, edit, create, and disable Dual Control settings for reports and recorded sessions.	delinea.vault/secretserver/administration/dualcontrol/administer
Administer Event Subscriptions	View, edit, and create event subscriptions.	delinea.vault/secretserver/administration/eventsubscriptions/administer
Administer Export	View the export log and export secrets to which they have access to a clear text, CSV file.	delinea.vault/secretserver/administration/export/administer
Administer HSM Configuration	Change configuration or disable the use of a Hardware Security Module (HSM).	delinea.vault/secretserver/administration/hsm/administer
Administer Jumpbox	Create, edit, or deactivate jump server routes.	delinea.vault/secretserver/administration/jumpboxroutes/administer
Administer Key Management	Enable, change, or disable the Key Management (Secret Server Cloud only).	Delinea.vault/secretserver/administration/keymanagement/administer
Administer Platform Integration	Manage the Secret Server connection to the Delinea Platform.	delinea.vault/secretserver/administration/platformintegration/administer
Administer Platform Migration	Manage the Secret Server migration to the Delinea Platform.	delinea.platform/identity/radius/administer
Administer Remote Password Changing Settings	Turn Heartbeat and Remote Password Changing on and off globally. Also allows users to create new password changers and install password changing agents on remote machines.	delinea.vault/secretserver/administration/remotepasswordchanging/administer
Administer SSH Cipher Suite	View and edit the SSH Cipher Suite.	delinea.vault/secretserver/administration/sshciphersuite/administer
Administer SSH Menus	Create and edit SSH Menus, used in allowlisting commands that can be used on a SSH session.	delinea.vault/secretserver/administration/sshmenus/administer
Administer Secret Encryption Key Rotation	Start a process that rotates the Secret encryption keys.	delinea.vault/secretserver/administration/encryptionkeys/rotate
Administer Secret Policy	Create and edit Secret Policies.	delinea.vault/secretserver/administration/secretpolicy/administer
Administer Secret Server Configuration	View and edit general configuration options. For example, a user with this role permission can turn on Force HTTPS/SSL and disable Allow Remember Me.	delinea.vault/secretserver/administration/configuration/administer
Administer Secret Server Data	Manage metadata fields and sections added to secrets and users in Secret Server.	delinea.vault/secretserver/administration/metadata/administer
Administer Secret Server Folders	View, edit, create, move, and delete folders. Users still need the relevant view, edit, and owner permissions on the folders to perform these tasks.	delinea.vault/secretserver/administration/folders/administer
Administer Secret Server Lists	Add, remove, and modify lists and list contents in Admin > Lists.	delinea.vault/secretserver/administration/lists/administer
Administer Secret Server Maintenance	Administer Secret Server maintenance.	delinea.vault/secretserver/administration/maintenancemode/administer
Administer Secret Server Password Requirements	View and edit character sets and password requirements.	delinea.vault/secretserver/administration/passwordrequirements/administer
Administer Secret Server Pipelines	Create, edit, and remove event pipelines and event pipeline policies.	delinea.vault/secretserver/administration/pipelines/administer
Administer Secret Server Reports	View, edit, delete, and create reports. Also allows users to customize report categories.	delinea.vault/secretserver/administration/reports/administer
Administer Secret Server Scripts	View, edit, and add PowerShell, SQL, and SSH scripts on the Scripts Administration page.	delinea.vault/secretserver/administration/scripts/administer
Administer Secret Server Security Configuration	View and edit security configuration options in Secret Server. Currently, these include enabling FIPS compliance mode and protecting the encryption key. Formerly Administer Security Configuration.	delinea.vault/secretserver/administration/securityconfiguration/administer
Administer Secret Server SSH Proxy Configuration	View and edit SSH Proxy settings.	delinea.vault/secretserver/administration/proxyingconfiguration/administer
Administer Secret Server System Logs	View and clear the System Log, which shows general diagnostics information for Secret Server.	delinea.vault/secretserver/administration/systemlog/administer
Administer Secret Server Teams	Create, delete, and view all teams.	delinea.vault/secretserver/administration/teams/administer
Administer Secret Templates	View, edit, disable, and create secret templates.	delinea.vault/secretserver/administration/secrettemplate/administer
Administer Workflows	Manage workflows (advanced access management).	delinea.vault/secretserver/administration/workflows/administer
Advanced Import	Import secrets from an XML file. Users with the this permission can import groups, folders, site connectors, sites, and secret templates, without having to create a secret. Users must have the Secret Server permissions needed for the objects listed in the XML.	delinea.vault/secretserver/administration/import/advancedimport/allow
Allow List Secret Access For Assigning Policy	Users with list access to a secret can assign policies. Users need the view permission if they do not have this one.	delinea.vault/secretserver/administration/secretpolicy/listsecretaccessforassigningpolicy/allow
Assign Secret Policy	Assign Secret Policies to folders and secrets.	delinea.vault/secretserver/secretpolicy/assign
Assign Secret Server Pipelines	Assign an event pipeline policy to secret policies, or folders.	delinea.vault/secretserver/administration/pipelines/assign
Audit Secret Server Session Recordings	Users with at least List Access permission on a secret can access the session recording of the secret. Administrators do not have this permission by default.	delinea.vault/secretserver/secret/sessionrecording/auditor
Browse Secret Server Reports	Access reports restricted by permissions. Permissions are configurable at the category and report levels and share a similar inheritance model to secrets and folders. You can define users or groups with view or edit permissions for each category or report.	delinea.vault/secretserver/administration/reports/browse
Bypass Direct API Authentication Restriction	Ignore the PreventDirectApiAuthentication advanced setting and log in through the API with a non-application account	delinea.vault/secretserver/user/directapiauthenticationrestriction/bypass
Bypass SAML Login	Log in with local account without using SAML (Secret Server specific).	delinea.vault/secretserver/user/samllogin/bypass
Copy Secret	Copy secrets when the user also has Own Secret role permission.	delinea.vault/secretserver/secret/copy
Create External Vault Links	Link external vaults in Secret Server.	delinea.vault/secretserver/externalvault/create
Create Root Folders in Secret Server	Create new folders at the root level of the folder structure.	delinea.vault/secretserver/administration/folders/rootfolders/create
Deactivate Secret	Mark secrets as deactivated.	delinea.vault/secretserver/secret/deactivate
Deactivate a Secret within a Report	Run the Delete Secrets action from a report.	delinea.vault/secretserver/administration/reports/secretfromreport/deactivate
Download Auto Export	View all automatic export tabs and download exports from cloud storage (Secret Server Cloud only).	delinea.vault/secretserver/administration/autoexport/download
Edit Secret	Without this permission, a user cannot edit secrets, regardless of the secret permission.	delinea.vault/secretserver/secret/update
Enable Unlimited Administrator in Secret Server	Turn on Unlimited Admin Mode. When this mode is enabled, users with the Unlimited Administrator role permission can view and edit all secrets in the system, regardless of permissions. You can assign Enable Unlimited Administrator in Secret Server to one user and Unlimited Administrator to another user. This would require one user to turn on the mode, which enables another user to view and edit secrets.	delinea.vault/secretserver/administration/unlimitedadmin/administer
Erase Secret	Permanently erase a secret (as opposed to deactivate a secret, which is reversible).	delinea.vault/secretserver/secret/delete
Expire Secrets from Reports	Expire secrets listed in a report.	delinea.vault/secretserver/administration/reports/secretsfromreport/expire
Launch Secret in Secret Server	Launch a secret. Previously, a user could launch a secret if their user role had the View Secret permission. As of Version 11.5, a user needs this permission to launch. A user will also need the Secret Launch Remote Access (Platform) permission to be able to launch.	delinea.vault/secretserver/secret/launch
Own Secret	Perform advanced tasks on secrets the user “owns,” such as configuring expiration schedules, configuring the web launcher, converting secret template, and copying secrets.	delinea.vault/secretserver/secret/own
Personal Folder in Secret Server	Have personal folder when the global personal folders configuration options is enabled.	delinea.vault/secretserver/user/personalfolder/allow
Run Auto Export	View all automatic export tabs and run the export manually by clicking the Run Export button.	delinea.vault/secretserver/administration/autoexport/run
Run Disaster Recovery Replication	Initiate or test data replication.	delinea.vault/secretserver/administration/disasterrecovery/datareplication/run
Run Secret Server Scripts	Separates privileges in script management. Holders of the View Scripts role permission cannot execute test runs of scripts, and this permission must be assigned to perform this task.	delinea.vault/secretserver/administration/scripts/run
Secret Force Check In	Force a secret that is checked out by another user to be checked in.	delinea.vault/secretserver/secret/checkin/override
Secret Server Web Services Impersonate	Send an approval request to act as another user within their organization when accessing Secret Server programmatically. Administrators do not have this permission by default.	delinea.vault/secretserver/user/impersonatewebservices/allow
Unlimited Administrator in Secret Server	View and edit all secrets in the system, regardless of permissions, when Unlimited Admin Mode is on. Another user with the Enable Unlimited Administrator in Secret Server role permission still needs to turn this mode on.	delinea.vault/secretserver/administration/unlimitedadmin/unlimitedadministrator
Unrestricted by Teams in Secret Server	View all users, groups, and sites, regardless of team affiliation. Essentially, teams do not exist for the users with this permission, and the Teams page is not available to them. The default user role has this permission.	delinea.vault/secretserver/user/unrestrictedbyteams/allow
User Audit Expire Secrets	View the User Audit report, which shows all secrets accessed by a particular user in a specified date range. Also allows the user to force expiration on all these secrets, which would make Secret Server automatically change the password.	delinea.vault/secretserver/administration/useraudit/expiresecrets
View Advanced Secret Options	View the Remote Password Changing, Security, and Dependency tabs on a Secret they have access to.	delinea.vault/secretserver/secret/advancedoptions/read
View Auto Export	View all automatic export tabs.	delinea.vault/secretserver/administration/autoexport/read
View Devops Secret Vault Tenants	View (not edit) the DSV tenants set to synchronize with Secret Server.	delinea.vault/secretserver/administration/devopssecretvault/tenants/read
View Disaster Recovery	View configuration, logs and audits for Disaster Recovery.	delinea.vault/secretserver/administration/disasterrecovery/read
View Distributed Engine Configuration	View the Distributed Engine configuration.	delinea.vault/secretserver/administration/distributedengine/read
View DoubleLock Keys	View which DoubleLock keys exist in the system.	delinea.vault/secretserver/administration/doublelockkeys/read
View Dual Control Settings	View configured Dual Control settings for reports and secret sessions.	delinea.vault/secretserver/administration/dualcontrol/read
View Enterprise Objects	View user and secret metadata.	delinea.vault/secretserver/administration/enterpriseobjects/read
View Event Subscriptions	View event subscriptions.	delinea.vault/secretserver/administration/eventsubscriptions/read
View Export	View the export log of the system to see when users exported secrets. Does not allow a user to export.	delinea.vault/secretserver/administration/export/read
View External Vaults	View external vaults in Secret Server.	delinea.vault/secretserver/externalvault/read
View HSM Configuration	View the Hardware Security Module (HSM) configuration settings.	delinea.vault/secretserver/administration/hsm/read
View Inactive Secrets	View secrets that have been deleted in the system.	delinea.vault/secretserver/secret/inactivesecrets/read
View Jumpbox	View the details of all jump server routes in the Admin Jumpbox Route page but not make any changes.	delinea.vault/secretserver/administration/jumpboxroutes/read
View Key Management	View the Key Management settings (Secret Server Cloud only).	delinea.vault/secretserver/administration/keymanagement/read
View Launcher Password on Secrets	Unmask the password on the view screen of secrets with a launcher. Typically, this includes Web Passwords, Active Directory accounts, Local Windows accounts, and Linux accounts.	delinea.vault/secretserver/secret/launcherpassword/read
View Platform Integration	View the Secret Server connection to the Delinea Platform.	delinea.vault/secretserver/administration/platformintegration/read
View Remote Password Changing Settings	View, but not edit, heartbeat and remote password changing settings.	delinea.vault/secretserver/administration/remotepasswordchanging/read
View SSH Cipher Suite	View (only) the SSH Cipher Suite.	delinea.vault/secretserver/administration/sshciphersuite/read
View SSH Menus	View existing SSH menus, used in allow-listing commands that can be used on a SSH session.	delinea.vault/secretserver/administration/sshmenus/read
View Secret	View secret. Without this permission, a user cannot view secrets, regardless of the secret permission.	delinea.vault/secretserver/secret/read
View Secret Audit	View Secret Audit.	delinea.vault/secretserver/secret/audit/read
View Secret Password and Private Key History	View the history of passwords, private keys, or passphrases in both old and new UI.	delinea.vault/secretserver/secret/passwordandprivatekeyhistory/read
View Secret Policy	View, but not edit, secret policies.	delinea.vault/secretserver/administration/secretpolicy/read
View Secret Server Advanced Dashboard	View advanced dashboard. Without this permission, users can only view the basic dashboard.	delinea.vault/secretserver/user/advanceddashboard/read
View Secret Server Configuration	View, but not edit, general configuration settings.	delinea.vault/secretserver/administration/configuration/read
View Secret Server Folders	View, but not edit, folders in the system.	delinea.vault/secretserver/administration/folders/read
View Secret Server Lists	View lists and list contents in Admin > Lists.	delinea.vault/secretserver/administration/lists/read
View Secret Server Password Requirements	View character sets and password requirements.	delinea.vault/secretserver/administration/passwordrequirements/read
View Secret Server Pipelines	View event pipeline policies and policy activities.	Delinea.vault/secretserver/administration/pipelines/read
View Secret Server Reports	View, but not edit, reports.	delinea.vault/secretserver/administration/reports/read
View Secret Server Scripts	View PowerShell, SQL, and SSH scripts on the Scripts Administration page.	delinea.vault/secretserver/administration/scripts/read
View Secret Server Security Configuration	View the security configuration of Secret Server. Formerly View Security Configuration.	delinea.vault/secretserver/administration/securityconfiguration/read
View Secret Server Security Hardening Report	View the Security Hardening Report.	delinea.vault/secretserver/administration/securityhardeningreport/read
View Secret Server Session Recording Audit	See who has viewed a session recording in the secret audit.	delinea.vault/secretserver/administration/sessionrecording/audit/read
View Secret Server SSH Proxy Configuration	View, but not edit, SSH Proxy settings.	delinea.vault/secretserver/administration/proxyingconfiguration/read
View Secret Server System Logs	View (only) the System Log, which shows general diagnostics information for Secret Server.	delinea.vault/secretserver/administration/systemlog/read
View Secret Server Teams	View all teams. This is essentially a read-only Administer Teams.	delinea.vault/secretserver/administration/teams/read
View Secret Server Templates	View, but not edit, Secret Templates.	delinea.vault/secretserver/administration/secrettemplate/read
View Secret Session Recording	View recorded sessions within Secret Server.	delinea.vault/secretserver/administration/sessionrecording/read
View Unlimited Administrator Audit	View the Unlimited Admin Mode configuration and the Unlimited Admin Mode audit log. Formerly View Unlimited Admin Configuration.	delinea.vault/secretserver/administration/unlimitedadmin/read
View User Audit Report	View, but not edit, the User Audit Report.	delinea.vault/secretserver/administration/useraudit/report/read
View Workflows	View, but not edit, workflows used for multi-tier secret-access approvals and secret erase requests.	delinea.vault/secretserver/administration/workflows/read