Assigning permissions

Administrative rights and permissions control what different users see and can do with the applications, systems, domains, databases, secrets, services, accounts, and sets stored in the Privileged Access Service. You can assign and manage different permissions based on the type of object you have selected. For example, the permissions available for managing systems or applications are different from the permissions available for managing databases or when working with sets of those objects. In addition, the specific permissions available for you to assign and the specific activities those permissions control depend on the permissions you have, the type of object you are managing, and the scope for where the permission applies.

You can add an account by clicking Add. From there, you assign permissions. In most cases, you can assign permissions on some combination of the following:

  • Permissions that are specific for individual applications, systems, domains, databases, secrets, services, and accounts.
  • Permissions that apply to logical sets of applications, systems, domains, databases, secrets, services, and accounts.
  • Permissions that apply globally for specific accounts and systems.
  • Grant.
  • View.
  • Checkout.
  • Login.
  • File Transfer.
  • Manage Session.
  • Edit.
  • Delete.
  • Agent Auth.
  • Offline Rescue.
  • Add Account.
  • Unlock Account.
  • Update Password.
  • Rotate.
  • Expires.

Permissions can include but are not limited to the following:

Note:   Some permissions can apply to any type of object. Other permissions only apply in a specific context, such as when you are managing applications, accounts, or systems.