Modeled after the role-based access control (RBAC) mechanism, role-based security (RBS) is Secret Server's method of regulating permission to system access. Each user and group must be assigned to a role. Secret Server ships with three roles: Administrator, User, and Read-Only User. Each role contains various permissions to match the job function of the user. With RBS, strict granular access to Secret Server is ensured. A list of role permissions and their descriptions can be found in the Secret Server Role Permissions List.

You can assign multiple permissions to a role. For example, you could assign Administer Users, Edit Secret, Own Secret, and View Active Directory permissions to a role. That role can then be assigned to a user or group.

The Unlimited Administrator permission allows the user to have unlimited administrator rights when Unlimited Administrator is enabled in the configuration. By default, it is disabled.
to see the built-in roles and what permissions they possess, click the desired role link on the Admin > Roles page.