Managing user roles
User roles are essential for managing access and permissions in the Sectona PAM platform. When a user is assigned a particular user role, a set of permissions that come with the role are allocated to that user, enabling the user to perform his role effectively. For example, consider a large IT environment. It will have a wider, more complex network, spanning multiple physical locations and IP address segments. One or two global administrators will create user accounts, maintain the system, and generate high-level executive reports on all company assets. They create instances for different business groups of the company. They assign security managers and administrators to manage specific business groups' assets, accounts, and users. Global Administrators also create various account groups. Some will be focused on small subsets of assets. Different users in the system will have varied roles to play. Auditors may require only view access to the configuration and session logs-related tasks. Administrators may be assigned certain target assets managed by offshore teams.
This chapter consists of the following:
List of system-defined roles
The following table provides information about privilege levels associated
Role | Description | Privilege |
---|---|---|
Administrator | The Administrator role differs from all other preset roles because this role has complete master access to all system functionalities. | Asset Management
Account Management
User Management
Discovery
Task Management
App-App Password Management
Analytics
Policy Management
Password Management
Workflow Administration
Session Management
System Configuration
Authentication Management
Notification Management
System Management
Account Lifecycle
End-User Interface
Dashboard
|
User | User level role allows a user to access target devices, retrieve passwords, and access workflow functions. | End-User Interface
|
Auditor | Auditor role allows a user to view Session Management logs. | Session Management
|
Approver | Approver role is for executive users to approve workflow or maker checker requests raised by end-users in the system. | End-User Interface
|
Procedure for custom roles
Whether you create a custom user role or assign a system-defined user role for the Sectona PAM platform user depends on a few parameters: the tasks you want the user to perform and the data that should be visible to the user on the Sectona PAM platform.
Login to Sectona and select Platform Configuration from the product navigator.
Navigate to User Role Management under the User Management section.
Click on +Add a New Role.
Role Name: Provide a unique role name
Select the permission you would like to assign this role.
Click Save
Related How-to Articles