Define Vault User Security Roles

Security role administration provides you the ability to assign granular sets of permissions to users and user groups. By assigning specific roles to a user or user group, you are controlling what actions users can and cannot perform within Vault.

Bomgar Vault comes with five user security roles with permissions pre-configured based on common use cases and tasks. These roles are:

  • System administrator - Grants users full administrative rights and allows complete access to all system functions.
  • Users administrator - Grants users all permissions related to the management of Vault users and user groups.
  • Credential administrator - Grants users all permissions related to the management of credentials and credential policies, as well as endpoints and endpoint groups.
  • Auditor - Grants users permissions related to reporting and auditing tasks in Vault.
  • User - Grants users permissions to read and check out credentials only.

These roles can be edited to suit your needs by assigning or unassigning permissions. Navigate to Administration > User Management > Roles to set up new security roles or to view, edit, or delete existing security roles.

User Security Roles Dashboard

Filter Roles

Filter existing roles and refresh the list to show exactly what you need, such as a specific user or roles with specific permissions.

The search fields allow you to specify the following to filter the roles listed:

  • Role name
  • Description
  • User
  • User Group
  • Permissions

You can also use the dropdown menu labeled Number of records to display to specify the number of search results displayed per page.

New Role

New Role Button

Follow the steps below to create and configure a new user security role.


New User Security Role

  1. Click the New Role button.
  2. Enter a Name for the new role.
  3. Enter a Description for the new role.
  4. Select the permissions to be granted to users or user groups assigned to the new role. Permissions are grouped into five types, listed on the left side of the Permissions dialog:
    • Credential actions
    • Endpoint actions
    • User actions
    • Reporting actions
    • Settings actions
  5. Click once on the permission(s) in the Unassigned column that you would like to assign to the new security role. The selected permissions are highlighted in the Unassigned column.
  6. Click the > arrow to move the permission(s) from the Unassigned column to the Assigned column.
  7. Click Save to create the new user security role.