Application Roles

The following table provides an overview of Privilege Manager Application Roles.

In general, the Privilege ManagerUser role can view reports, but access may be dependent on each report and the viewing rights assigned to the user's account.

Privilege Manager Administrators

Summary: Can do anything

CRUD Users/
Groups
View Reports Run Tasks Approve Approval Requests Disclose Passwords Modify  Config, View Install Codes Modify Policies, Filters, and LSS View All Items Upload Files Create or Revoke Install Codes
yes yes yes yes yes yes yes yes yes yes

Privilege Manager Field Engineering

Summary: Cannot do anything out of the box. Reserved for future use.

CRUD Users/
Groups
View Reports Run Tasks Approve Approval Requests Disclose Passwords Modify  Config, View Install Codes Modify Policies, Filters, and LSS View All Items Upload Files Create or Revoke Install Codes
                   

 

Privilege Manager Helpdesk Users

Summary: This role has the least permissions. It can disclose passwords and manage approvals only.

CRUD Users/
Groups
View Reports Run Tasks Approve Approval Requests Disclose Passwords Modify  Config, View Install Codes Modify Policies, Filters, and LSS View All Items Upload Files Create or Revoke Install Codes
      yes yes          

Privilege Manager macOS Administrators

Summary: Can do anything an administrator can, but only for macOS policies and resource targets.

CRUD Users/
Groups
View Reports Run Tasks Approve Approval Requests Disclose Passwords Modify  Config, View Install Codes Modify Policies, Filters, and LSS View All Items Upload Files Create or Revoke Install Codes
yes (macOS) yes yes yes yes yes yes (macOS) yes yes yes

Privilege Manager Unix/Linux Administrators

Summary: Can do anything an administrator can, but only for Unix/Linux policies and resource targets.

CRUD Users/
Groups
View Reports Run Tasks Approve Approval Requests Disclose Passwords Modify  Config, View Install Codes Modify Policies, Filters, and LSS View All Items Upload Files Create or Revoke Install Codes
yes (Unix/
Linux)
yes yes yes yes yes yes (Unix/
Linux)
yes yes yes

Privilege Manager Users

Summary: This is a read only role that can view all items, disclose passwords, and manage approvals.

CRUD Users/
Groups
View Reports Run Tasks Approve Approval Requests Disclose Passwords Modify  Config, View Install Codes Modify Policies, Filters, and LSS View All Items Upload Files Create or Revoke Install Codes
  yes   yes yes     yes    

Privilege Manager View Password Role

Summary: Can only view current passwords and password change histories of managed users

CRUD Users/
Groups
View Reports Run Tasks Approve Approval Requests Disclose Passwords Modify  Config, View Install Codes Modify Policies, Filters, and LSS View All Items Upload Files Create or Revoke Install Codes
        yes          

Privilege Manager Windows Administrators

Summary: Can do anything an administrator can, but only for Windows policies and resource targets

CRUD Users/
Groups
View Reports Run Tasks Approve Approval Requests Disclose Passwords Modify  Config, View Install Codes Modify Policies, Filters, and LSS View All Items Upload Files Create or Revoke Install Codes
yes (Win) yes yes yes yes yes yes (Win) yes yes yes