You use roles to create Privileged Access Service administrators. Only users in the sysadmin role and users in roles with administrative rights can open the Admin Portal.
To create a Privileged Access Service administrator, you create a role, assign one or more Admin Portal administrative rights, and then add users to the role. The administrative rights let you define roles with separate application, user, device, report, and role management permissions.
For example, you can create a role that limits the administrator to managing applications and application-to-roles assignments only. In this role, the administrators can perform all the functions on the Apps page and read-only access to the Users and Roles pages. Similarly, you can create administrative roles with just device, user, and report management permissions.