Roles and Permissions
List of Roles and Permissions
Roles are templates that include permissions and users can be assigned to one or more roles. All users in the appliance must be associated with a role.
The roles packaged with PPC are as follows:
| Roles | Description | Permissions |
|---|---|---|
| directory_administrator | Role to manage users, groups, and their attributes | saml_admin, role_admin, user_manager_admin, can_create_token, password_policy_admin, group_admin |
| directory_viewer | Role to query and view users and groups and their attributes | saml_viewer, password_policy_viewer, user_manager_viewer, role_viewer, group_viewer |
| security_administrator | Role to manage users, roles, groups, and security‑related configurations, including SAML, certificates, packages, and insights | can_fetch_package, role_admin, web_admin, cli_access, saml_admin, can_export_certificates, user_manager_admin, can_create_token, password_policy_admin, group_admin, insight_admin |
| security_viewer | Role with Read access | saml_viewer, password_policy_viewer, insight_viewer, user_manager_viewer, role_viewer, group_viewer |
The capabilities of a role are defined by the permissions attached to the role. Though roles can be created, modified, or deleted from the appliance, permissions cannot be edited. The permissions that are available to map with a user and packaged with PPC as default permissions are as follows:
| Permissions | Description |
|---|---|
| role_admin | Permission to manage roles with read-write access |
| role_viewer | Permission to view roles with read-only access |
| user_manager_admin | Permission to manage users with read-write access |
| user_manager_viewer | Permission to view users with read-only access |
| group_admin | Permission to manage groups with read-write access |
| group_viewer | Permission to view groups with read-only access |
| password_policy_admin | Permission to update password policies with read-write access |
| password_policy_viewer | Permission to view password policies with read-only access |
| saml_admin | Permission to update SAML configurations with read-write access |
| saml_viewer | Permission to view SAML configurations with read-only access |
| can_fetch_package | Permission to download resilient packages |
| can_create_token | Permission to create/refresh tokens |
| can_export_certificates | Permission to download protector certificates |
| web_admin | Permission to perform all operations available as part of the Web UI |
| cli_access | Permission to access CLI |
| insight_admin | Permission to view and edit Insight Dashboard with admin access |
| insight_viewer | Permission to view Insight Dashboard with read-only access |
Feedback
Was this page helpful?