Administrative rights and permissions control what different users see and can do with the applications, systems, domains, databases, secrets, services, accounts, and sets stored in the Privileged Access Service. You can assign and manage different permissions based on the type of object you have selected. For example, the permissions available for managing systems or applications are different from the permissions available for managing databases or when working with sets of those objects. In addition, the specific permissions available for you to assign and the specific activities those permissions control depend on the permissions you have, the type of object you are managing, and the scope for where the permission applies.
You can assign different levels of permissions:
- Permissions that are specific for individual resources and applications.
- Permissions that apply to logical sets of resources and applications.
- Permissions that apply globally for specific accounts and systems.
See Common permissions and the additional permissions topics in this section for more information.