Granting User Permissions
PrivX users gain permissions from roles. Roles may allow their users to:
-
Access target hosts.
-
Approve/deny requests.
-
Manage connections.
-
View/Manage secrets.
-
Perform PrivX administration.
Members of a role automatically receive the permissions from their roles. In other words, users gain permissions by becoming members of roles. Users may become role members in either of the following ways:
-
The user is included in the role via rules (mapped users). For more information about configuring rules for roles, see Managing Roles.
-
The user has been approved as a member of the role (approved users). For more information about approval mechanisms, see Requesting and Approving Memberships.
All users automatically start as members of the privx-user
role.
Note
For active PrivX users, permission changes take effect when their access token is refreshed. The interval is specified in
/opt/privx/etc/oauth-shared-config.toml
, by thesetting access_token_validity
.
Updated over 3 years ago