Role permissions
| Permission | Usage |
|---|---|
| sources-view | Allow viewing user and host directory configuration. |
| sources-manage | Allow creating and modifying user and host directories, bringing new users and hosts to PrivX. |
| roles-view | Allow viewing existing roles and role configurations. |
| roles-manage | Allow creating and modifying roles. NOTE: this will give permissions to grant roles to any user, so granting this permission will be effectively the same as granting superuser permissions. |
| workflows-view | Allow viewing existing workflows and permissions. |
| workflows-manage | Allow creating and modifying workflows. NOTE: this can be used for granting approval access to restricted roles. Use carefully. |
| workflows-requests | Allow creating role approval requests via workflows. |
| workflows-requests-on-behalf | Allow creating role approval request on behalf of other user. For example, manager can ask more permissions on behalf of employee. |
| users-view | Allow viewing existing users. |
| users-manage | Allow modifying existing local users. Does not apply to users from third party user directories, like AD. |
| hosts-view | Allow viewing existing hosts for the access group defined for the role. |
| hosts-manage | Allow modifying existing hosts' configuration for the access group defined for the role. |
| vault-add | Allow creating vault secrets. |
| vault-manage | Allow creating and modifying existing vault secrets. |
| connections-view | Enable connection monitoring view, show the connection metadata. Access groups are taken into account. |
| connections-manage | Enable access role grant, revoke and listing for the connections. |
| connections-playback | Enable connection playback and playback search Access groups are taken into account. |
| connections-trail | Enable viewing connection logs. Logs reveal all user inputs some of which may not be revealed in connection playback. Enable viewing transferred files in the connection. Enable viewing clipboard contents in RDP connection. Access groups are taken into account. |
| connections-terminate | Enable ongoing connection termination. |
| connections-manual | Enable manual connections. |
| access-groups-manage | Allow creating and modifying access groups. |
| logs-view | Allow viewing audit event logs. |
| logs-manage | Allow creating and modifying cloud log collectors. |
| role-target-resources-view | Allow viewing AWS role <-> PrivX role mappings. |
| role-target-resources-manage | Allow modifying AWS role <-> PrivX role mappings. |
| authorized-keys-manage | Allow importing and modifying current user's authorized keys for SSH Bastion login. |
| api-clients-manage | Allow creating and modifying API Clients for scripted access via REST API. |
| licenses-manage | Allow modifying PrivX license. |
| settings-view | Allow viewing PrivX settings |
| settings-manage | Allow viewing and modifying PrivX settings |
Updated over 3 years ago