Define Vault User Security Roles
Security role administration provides you the ability to assign granular sets of permissions to users and user groups. By assigning specific roles to a user or user group, you are controlling what actions users can and cannot perform within Vault.
Bomgar Vault comes with five user security roles with permissions pre-configured based on common use cases and tasks. These roles are:
- System administrator - Grants users full administrative rights and allows complete access to all system functions.
- Users administrator - Grants users all permissions related to the management of Vault users and user groups.
- Credential administrator - Grants users all permissions related to the management of credentials and credential policies, as well as endpoints and endpoint groups.
- Auditor - Grants users permissions related to reporting and auditing tasks in Vault.
- User - Grants users permissions to read and check out credentials only.
These roles can be edited to suit your needs by assigning or unassigning permissions. Navigate to Administration > Roles to set up new security roles or to view, edit, or delete existing security roles.
Filter existing roles and refresh the list to show exactly what you need, such as a specific user or roles with specific permissions.
The search fields allow you to specify the following to filter the roles listed:
- Role name
- User Group
You can also use the dropdown menu labeled Number of records to display to specify the number of search results displayed per page.
Follow the steps below to create and configure a new user security role.
- Click the New Role button.
- Enter a Name for the new role.
- Enter a Description for the new role.
- Select the permissions to be granted to users or user groups assigned to the new role. Permissions are grouped into five types, listed on the left side of the Permissions dialog:
- Credential actions
- Endpoint actions
- User actions
- Reporting actions
- Settings actions