Directory service users and roles

Privileged Access Service provides two predefined roles:

  • System Administrator
  • Everybody

The account used to log on for the first time is a Privileged Access Service service user account and is automatically made a member of the System Administrator role with all administrative rights. Roles control what different sets of users can do and you can add roles to define the policies that apply to different groups of users.

By default, all new Privileged Access Service service users are added to the Everybody role.

Roles are a key element for all of the Privileged Access Service you choose to deploy. For example, the Privileged Access Service assigns applications and applies administrative rights based on role membership. For more information about how role membership affects user access and how policies are applied, see Users and Roles.

If all of your users are going to be Privileged Access Service users, the next step is to begin adding account information for those users to the Privileged Access Service service.

If you are using another identity store—such as Active Directory or another LDAP-based service—for all or some of your user accounts, the next step is to install a connector to point to that identity store. For more information about installing a connector, see Installing a Centrify Connector. For more information about using different identity stores, see Selecting an identity repository.