Granting User Permissions

PrivX users gain permissions from roles. Roles may allow their users to:

  • Access target hosts.

  • Approve/deny requests.

  • Manage connections.

  • View/Manage secrets.

  • Perform PrivX administration.

Members of a role automatically receive the permissions from their roles. In other words, users gain permissions by becoming members of roles. Users may become role members in either of the following ways:

  • The user is included in the role via rules (​​mapped users​​). For more information about configuring rules for roles, see Managing Roles.

  • The user has been approved as a member of the role (​​approved users​​). For more information about approval mechanisms, see Requesting and Approving Memberships.

All users automatically start as members of the ​privx-user​​ role.

📘

Note

For active PrivX users, permission changes take effect when their access token is refreshed. The interval is specified in ​/opt/privx/etc/oauth-shared-config.toml​​, by the setting ​access_token_validity​​.


Did this page help you?