Privileges and Permissions
Overall access to individual parts is controlled by privileges defined at the admin level, and work with individual objects is then controlled by permissions defined for each individual object.
- Privileges - privileges are defined in the Admin console by users with admin rights, define the accessibility of specific sections of ANT PAM and some operation with higher impact to the ANT PAM.
- Permissions - permissions are defined by the owner (or user with specific permission) of every object in the ANT PAM within the object creation or within modification. Can be defined for almost every type of ANT PAM object.
List of available privileges for access to ANT PAM and permission for access to ANT PAM objects is following:
Available PRIVILEGES ready to set up in TAC Group management section by user with admin rights - define accessible sections of the ANT PAM: |
USER |
Access to secrets section. |
CONNECTIONS |
Access to Connections section. |
REPORTS |
Access to Reports section. |
ORPHANS_ADMIN |
Access to secret orphan section, can view Orphans and move them to specific location. |
TEMPLATE_ADMIN_VIEW |
Access to Secret templates section, can view page with templates, can modified if owner. |
TEMPLATE_ADMIN_MODIFY |
Can create a new template. |
PASSWORD_POLICY_ADMIN |
Access to Password policies section, can view and create new Password policies. |
LAUNCHER_ADMIN |
Access to Launchers section, can view launchers based on privileges and create a new launcher. |
TEMPLATE_SUPERADMIN_MODIFY |
Overcome ownership - can modify any template. |
TEMPLATE_SUPERADMIN_VIEW |
Overcome ownership - can see anything. |
CREATE_ROOT_FOLDER |
Can create secret root folder. |
CREATE_CONNECTION_ROOT_FOLDER |
Can create connection root folder. |
INTEGRATION |
Can access to Integration part of ANT PAM settings |
API |
Can access for ANT PAM API |
REINDEX |
Can run reindext feature for search engine |
Available PERMISSIONS for SECRETS - define the accessibility of the Secrets for users - can be defined in the ANT PAM: |
READ |
Can display the detail of the Secret
|
WRITE |
Can edit the Secret |
DELETE |
Can delete the Secret |
USE |
Can use the Secret in the Connection |
PERM_WRITE |
Can adjust the permissions for the Secret |
VIEW_PASSWORD |
Can view the password |
EDIT_PASSWORD |
Can edit the password |
OWN |
Can do all operations with the Secret |
Available PERMISSIONS for SECRET FOLDERS - define the accessibility of the Secret folders for users - can be defined in the ANT PAM: |
READ |
Can see the content of the folder |
WRITE |
Can edit the folder |
DELETE |
Can delete the folder |
LIST |
Can see the folder in the folder structure |
PERM_WRITE |
Can adjust the permissions for the folder |
CREATE_SUBFOLDER |
Can create subfolder |
CREATE_SECRET |
Can create the Secret in the folder |
OWN |
Can do all operations with the folder |
Available PERMISSIONS for CONNECTIONS - define the accessibility of the Connections for users - can be defined in the ANT PAM: |
OWN |
Can do all operations with the Connection |
USE |
Can use the Connection = launch the connection |
Available PERMISSIONS for CONNECTION FOLDERS - define the accessibility of the Connection folders for users - can be defined in the ANT PAM: |
OWN |
Can do all operations with the connections folder (edit, adjust permissions, move...) |
USE |
Can see the connection folder in the connections folder structure |
Available PERMISSIONS for SECRET TEMPLATES - define the accessibility of the Secret templates for users - can be defined in the ANT PAM: |
OWN |
Can do all operations with the Secret template (modify, adjust permissions...) |
USE |
Can use the Secret template to create the Secret |
Available PERMISSIONS for LAUNCHERS - define the accessibility of the Launchers for users - can be defined in the ANT PAM: |
OWN |
Can do all operations with the Launcher (modify, adjust permissions...) |
USE |
Can use the Launcher in the Secret template launcher mapping, can run Connections. |