Managing user roles

User roles are essential for managing access and permissions in the Sectona PAM platform. When a certain user is assigned a particular user role, a set of permissions which come with the role are allocated to that user which in turn enables the user to perform his role effectively. For example, consider a large IT environment. It will have a wider, more complex network, spanning multiple physical locations and IP address segments. One or two global administrators will be in charge of creating user accounts, maintaining the system, and generating high-level, executive reports on all company assets. They create instances for different business groups of the company. They assign security managers and administrators to manage assets, accounts and users for specific business groups. Global Administrators also create various account groups. Some will be focused on small subsets of assets. Different users in the system will have varied roles to play. Auditors may require only view access to the configuration and session logs related tasks. There may be administrators who are assigned certain target assets managed by offshore teams.

This chapter consists of the following:

List of system-defined roles

The following table provides information about privilege levels associated

Role	Description	Privilege
Administrator	The Administrator role differs from all other preset roles in the sense that this role has complete master access to all system functionalities.	Asset Management Manage Assets Bulk Asset Management Account Management Manage Accounts Manage Account Groups Manage Account Dependencies Bulk Account Management User Management Manage Users Manage Roles Manage Groups Bulk User Management Discovery Manage Jobs Task Management Manage Tasks App-App Password Management API Management Vault Extensions Analytics System Reports Design New Report Schedule Report Policy Management Manage User Access Policy Active Mapping Manage Server Access Policy Password Management Policies Risk Scoring Password Management Manage jobs Workflow Administration Workflow Logs Manage Workflow Session Management Session View Risk View Activity View Live Session Password Checkout System Configuration System Configuration SMS Gateway Network Proxy Email Gateway SIEM Log Forwarding Service Desk Authentication Management Multifactor Authentication AD Directory store Certificates Notification Management Notification Rules Notification Templates System Management Instance Manager System Management Landing Proxy Server License Backup High Availability Satellite Vault Account Lifecycle Account Lifecycle End-User Interface Manage Tasks Execute Tasks Raise Request Request Approval Asset Access Dashboard System Dashboard
User	User level role allows a user to access target devices, retrieve passwords, and access workflow functions.	End-User Interface Manage Tasks Execute Task Raise Request Request Approval Asset Access
Auditor	Auditor role allows a user to view Session Management logs.	Session Management Session View Risk View Activity View Live Session Password Checkout
Approver	Approver role is a role for executive users to approve workflow or maker checker requests raised by end-users in the system.	End-User Interface Request Approval

Procedure for custom roles

Whether you create a custom user role or assign a system defined user role for Sectona PAM platform user, it depends on a few parameters: the tasks that you want the user to perform and the data that should be visible to the user on the Sectona PAM platform.

Login with an Administrator user
Navigate to Manage → User Role Management
Click on +Add a New Role
Role Name: Provide a unique role name
Select the permission you would like to assign this role
Click Save