Roles and Permissions onhttps://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/protegrity_agent/agent_roles_permissions/Recent content in Roles and Permissions onHugoenRequired Roles and Permissionshttps://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/protegrity_agent/agent_roles_permissions/agent_roles/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/protegrity_agent/agent_roles_permissions/agent_roles/<p>The Protegrity Agent uses role-based access control (RBAC) to govern access to its features. The Protegrity Policy Cloud gateway enforces all permissions through JSON Web Token (JWT) authentication. The Agent API does not perform permission checks internally.</p> <h1 id="roles">Roles</h1> <p>The following table lists the permissions assigned to the roles.</p> <table> <thead> <tr> <th>Roles</th> <th>Description</th> <th>Permissions</th> </tr> </thead> <tbody> <tr> <td>agent_admin</td> <td>Grants full read-write access to policy, packages, and Insight</td> <td>proagent_conversations_permission , proagent_responses_permission, proagent_health_permission, proagent_readiness_permission, proagent_liveness_permission, proagent_version_permission, proagent_ui_permission, proagent_doc_permission, proagent_log_permission, workbench_policy_view, workbench_policy_manage, workbench_certificate_export, workbench_package_export_dynamic, workbench_package_export_encrypted, insight_viewer, insight_admin, can_create_token</td> </tr> <tr> <td>agent_reader</td> <td>Restricts access to read-only operations</td> <td>proagent_conversations_permission, proagent_responses_permission, proagent_health_permission, proagent_readiness_permission, proagent_liveness_permission, proagent_version_permission, proagent_ui_permission, proagent_doc_permission, proagent_log_permission, workbench_policy_view, insight_viewer, can_create_token</td> </tr> </tbody> </table> <p>For more information about creating the role, refer to <a href="https://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/protegrity_agent/agent_roles_permissions/agent_creating_roles/">Working with Roles</a>.</p>Working with Roleshttps://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/protegrity_agent/agent_roles_permissions/agent_creating_roles/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/protegrity_agent/agent_roles_permissions/agent_creating_roles/<p>This section describes about creating roles and users for the Protegrity Agent on a Protegrity Policy Cloud cluster. Roles define the features that a user can access. Users inherit permissions from their assigned roles.</p> <p>For more information about permissions, refer to <a href="https://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/protegrity_agent/agent_roles_permissions/agent_roles/">Required Roles and Permissions</a>.</p> <h1 id="prerequisites">Prerequisites</h1> <ul> <li>A running PPC cluster with the Protegrity Agent deployed.</li> <li><code>kubectl</code> is configured and is accessible for the target PPC cluster.</li> <li>An admin account on the PPC cluster with required permissions to create roles and users.</li> </ul> <h1 id="retrieving-the-gateway-host">Retrieving the Gateway Host</h1> <p>To store the PPC gateway address in a shell variable, run the following command .</p>