Managing user roles
User roles are essential for managing access and permissions in the Sectona PAM platform. When a certain user is assigned a particular user role, a set of permissions which come with the role are allocated to that user which in turn enables the user to perform his role effectively. For example, consider a large IT environment. It will have a wider, more complex network, spanning multiple physical locations and IP address segments. One or two global administrators will be in charge of creating user accounts, maintaining the system, and generating high-level, executive reports on all company assets. They create instances for different business groups of the company. They assign security managers and administrators to manage assets, accounts and users for specific business groups. Global Administrators also create various account groups. Some will be focused on small subsets of assets. Different users in the system will have varied roles to play. Auditors may require only view access to the configuration and session logs related tasks. There may be administrators who are assigned certain target assets managed by offshore teams.
This chapter consists of the following:
List of system-defined roles
The following table provides information about privilege levels associated
Role | Description | Privilege |
---|---|---|
Administrator | The Administrator role differs from all other preset roles in the sense that this role has complete master access to all system functionalities. | Asset Management
Account Management
User Management
Discovery
Task Management
App-App Password Management
Analytics
Policy Management
Password Management
Workflow Administration
Session Management
System Configuration
Authentication Management
Notification Management
System Management
Account Lifecycle
End-User Interface
Dashboard
|
User | User level role allows a user to access target devices, retrieve passwords, and access workflow functions. | End-User Interface
|
Auditor | Auditor role allows a user to view Session Management logs. | Session Management
|
Approver | Approver role is a role for executive users to approve workflow or maker checker requests raised by end-users in the system. | End-User Interface
|
Procedure for custom roles
Whether you create a custom user role or assign a system defined user role for Sectona PAM platform user, it depends on a few parameters: the tasks that you want the user to perform and the data that should be visible to the user on the Sectona PAM platform.
Login with an Administrator user
Navigate to Manage → User Role Management
Click on +Add a New Role
Role Name: Provide a unique role name
Select the permission you would like to assign this role
Click Save
Related How-to Articles