Application Roles

The following table provides an overview of Privilege Manager Application Roles.

In general, the Privilege ManagerUser role can view reports, but access may be dependent on each report and the viewing rights assigned to the user's account.

Privilege Manager Administrators

Summary: Can do anything

CRUD Users/ Groups	View Reports	Run Tasks	Approve Approval Requests	Disclose Passwords	Modify  Config, View Install Codes	Modify Policies, Filters, and LSS	View All Items	Upload Files	Create or Revoke Install Codes
yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

Privilege Manager Field Engineering

Summary: Cannot do anything out of the box. Reserved for future use.

CRUD Users/ Groups	View Reports	Run Tasks	Approve Approval Requests	Disclose Passwords	Modify  Config, View Install Codes	Modify Policies, Filters, and LSS	View All Items	Upload Files	Create or Revoke Install Codes

 

Privilege Manager Helpdesk Users

Summary: This role has the least permissions. It can disclose passwords and manage approvals only.

CRUD Users/ Groups	View Reports	Run Tasks	Approve Approval Requests	Disclose Passwords	Modify  Config, View Install Codes	Modify Policies, Filters, and LSS	View All Items	Upload Files	Create or Revoke Install Codes
			yes	yes

Privilege Manager macOS Administrators

Summary: Can do anything an administrator can, but only for macOS policies and resource targets.

CRUD Users/ Groups	View Reports	Run Tasks	Approve Approval Requests	Disclose Passwords	Modify  Config, View Install Codes	Modify Policies, Filters, and LSS	View All Items	Upload Files	Create or Revoke Install Codes
yes (macOS)	yes	yes	yes	yes	yes	yes (macOS)	yes	yes	yes

Privilege Manager Unix/Linux Administrators

Summary: Can do anything an administrator can, but only for Unix/Linux policies and resource targets.

CRUD Users/ Groups	View Reports	Run Tasks	Approve Approval Requests	Disclose Passwords	Modify  Config, View Install Codes	Modify Policies, Filters, and LSS	View All Items	Upload Files	Create or Revoke Install Codes
yes (Unix/ Linux)	yes	yes	yes	yes	yes	yes (Unix/ Linux)	yes	yes	yes

Privilege Manager Users

Summary: This is a read only role that can view all items, disclose passwords, and manage approvals.

CRUD Users/ Groups	View Reports	Run Tasks	Approve Approval Requests	Disclose Passwords	Modify  Config, View Install Codes	Modify Policies, Filters, and LSS	View All Items	Upload Files	Create or Revoke Install Codes
	yes		yes	yes			yes

Privilege Manager View Password Role

Summary: Can only view current passwords and password change histories of managed users

CRUD Users/ Groups	View Reports	Run Tasks	Approve Approval Requests	Disclose Passwords	Modify  Config, View Install Codes	Modify Policies, Filters, and LSS	View All Items	Upload Files	Create or Revoke Install Codes
				yes

Privilege Manager Windows Administrators

Summary: Can do anything an administrator can, but only for Windows policies and resource targets

CRUD Users/ Groups	View Reports	Run Tasks	Approve Approval Requests	Disclose Passwords	Modify  Config, View Install Codes	Modify Policies, Filters, and LSS	View All Items	Upload Files	Create or Revoke Install Codes
yes (Win)	yes	yes	yes	yes	yes	yes (Win)	yes	yes	yes