User roles are essential for managing access and permissions in the Sectona PAM platform. When a certain user is assigned a particular user role, a set of permissions which come with the role are allocated to that user which in turn enables the user to perform his role effectively. For example, consider a large IT environment. It will have a wider, more complex network, spanning multiple physical locations and IP address segments. One or two global administrators will be in charge of creating user accounts, maintaining the system, and generating high-level, executive reports on all company assets. They create instances for different business groups of the company. They assign security managers and administrators to manage assets, accounts and users for specific business groups. Global Administrators also create various account groups. Some will be focused on small subsets of assets. Different users in the system will have varied roles to play. Auditors may require only view access to the configuration and session logs related tasks. There may be administrators who are assigned certain target assets managed by offshore teams.

This chapter consists of the following:

List of system-defined roles

The following table provides information about privilege levels associated

Role

Description

Privilege

Administrator

The Administrator role differs from all other preset roles in the sense that this role has complete master access to all system functionalities.

Asset Management

  • Manage Assets

  • Bulk Asset Management

Account Management

  • Manage Accounts

  • Manage Account Groups

  • Manage Account Dependencies

  • Bulk Account Management

User Management

  • Manage Users

  • Manage Roles

  • Manage Groups

  • Bulk User Management

Discovery

  • Manage Jobs

Task Management

  • Manage Tasks

App-App Password Management

  • API Management

  • Vault Extensions

Analytics

  • System Reports

  • Design New Report

  • Schedule Report

Policy Management

  • Manage User Access Policy

  • Active Mapping

  • Manage Server Access Policy

  • Password Management Policies

  • Risk Scoring

Password Management

  • Manage jobs

Workflow Administration

  • Workflow Logs

  • Manage Workflow

Session Management

  • Session View

  • Risk View

  • Activity View

  • Live Session

  • Password Checkout

System Configuration

  • System Configuration

  • SMS Gateway

  • Network Proxy

  • Email Gateway

  • SIEM Log Forwarding

  • Service Desk

Authentication Management

  • Multifactor Authentication

  • AD Directory store

  • Certificates

Notification Management

  • Notification Rules

  • Notification Templates

System Management

  • Instance Manager

  • System Management

  • Landing Proxy Server

  • License

  • Backup

  • High Availability

  • Satellite Vault

Account Lifecycle

  • Account Lifecycle

End-User Interface

  • Manage Tasks

  • Execute Tasks

  • Raise Request

  • Request Approval

  • Asset Access

Dashboard

  • System Dashboard

User

User level role allows a user to access target devices, retrieve passwords, and access workflow functions.

End-User Interface

  • Manage Tasks

  • Execute Task

  • Raise Request

  • Request Approval

  • Asset Access

Auditor

Auditor role allows a user to view Session Management logs.

Session Management

  • Session View

  • Risk View

  • Activity View

  • Live Session

  • Password Checkout

Approver

Approver role is a role for executive users to approve workflow or maker checker requests raised by end-users in the system.

End-User Interface

  • Request Approval

Procedure for custom roles

Whether you create a custom user role or assign a system defined user role for Sectona PAM platform user, it depends on a few parameters: the tasks that you want the user to perform and the data that should be visible to the user on the Sectona PAM platform.

  • Login with an Administrator user

  • Navigate to Manage → User Role Management

  • Click on +Add a New Role

  • Role Name: Provide a unique role name

  • Select the permission you would like to assign this role

  • Click Save