Application Roles
The following table provides an overview of Privilege Manager Application Roles.
In general, the Privilege ManagerUser role can view reports, but access may be dependent on each report and the viewing rights assigned to the user's account.
| Role | Summary | CRUD Users/Groups | View Reports | Run Tasks | Approve Approval Requests | Disclose Passwords | Modify Config, View Install Codes | Modify Policies, Filters, and LSS | View All Items | Upload Files | Create or Revoke Install Codes |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Privilege Manager Administrators | Can do anything. | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
| Privilege Manager Field Engineering | Cannot do anything out of the box. Reserved for future use. | ||||||||||
| Privilege Manager Helpdesk Users | This role has the least permissions. It can disclose passwords and manage approvals only. | yes | yes | ||||||||
| Privilege Manager macOS Administrators | Can do anything an administrator can, but only for macOS policies and resource targets. | yes (macOS) | yes | yes | yes | yes | yes | yes (macOS) | yes | yes | yes |
| Privilege Manager Unix/Linux Administrators | Can do anything an administrator can, but only for Unix/Linux policies and resource targets. | yes (Unix/Linux) | yes | yes | yes | yes | yes | yes (Unix/Linux) | yes | yes | yes |
| Privilege Manager Users | This is a read only role that can view all items, disclose passwords, and manage approvals. | yes | yes | yes | yes | ||||||
| Privilege Manager View Password Role | Can only view current passwords and password change histories of managed users | yes | |||||||||
| Privilege Manager Windows Administrators | Can do anything an administrator can, but only for Windows policies and resource targets. | yes (Win) | yes | yes | yes | yes | yes | yes (Win) | yes | yes | yes |
