System administrator role permissions
The sysadmin role members have access to all Admin Portal tabs and the Centrify Connector Configuration Program settings. They are also the only administrators who can perform the following tasks:
- Add users to or remove them from the sysadmin role.
- Modify the Account Customization tab on the Settings page in Admin Portal
- Modify connector settings in the Centrify Connector tab on the Settings page in Admin Portal.
- Modify policy sets.
- Create a Discovery Systems profile.
- Grant Global Account permissions.
- Grant Global System permissions.
These rights cannot be assigned to other roles. However, you can add users to the sysadmin role. See Adding roles.
Note: Discovery jobs run with very high privilege as they update accounts and systems regardless of the access rights associated with the objects. As such, the sysadmin may not want all PAS administrators granted permission for discovery. As such, the sysadmin can create a system discovery profile, and if they choose, explicitly grant rights to view, edit, and run the profile (for example, they can assign all rights to a "PAS Admins" role). Other administrative functions such as Global Account Permissions and Global System Permissions are, similarly, only available to the sysadmin as not all PAS Admins may have rights to assign permissions.