Role Permissions
Add Secret
Allows users to create new Secrets. The Add permission will include the role permission View Secret. (Note this is scheduled to be updated so the Add Secret will not have Secret View.)
Administer Active Directory
Allows users to view domains, edit existing domains, delete domains, and add new domains. Also allows a user to force synchronization or set the synchronization interval.
Administer Backup
Allows users to view and configure automated backups for Secret Server. Users with this role permission can change the backup path, disable backups, and set the backup schedule.
Administer Configuration
Allows users to view and edit general configuration options. For example, a user with this role permission can turn on “Force HTTPS/SSL” and disable “Allow Remember Me”.
Administer ConnectWise Integration
Allows users to view and edit configuration options for synchronizing with ConnectWise. This can be accessed through the “Folder Synchronization” link on the Administration page.
Administer DoubleLock Keys
Allows a user to view, edit, create, and disable DoubleLock keys. A DoubleLock key acts as a separate encryption key to protect your most sensitive secrets. This option allows users to access and use the “DoubleLocks” link on the Administration page.
Administer Export
Allows users to view the export log. Also allows users to export Secrets to which they have access to a clear text, CSV file.
Administer Folders
Allows users to view, edit, create, move, and delete folders. Users still need the relevant view, edit, and owner permissions on the folders to perform these tasks.
Administer Groups
Allows users to view, edit, create, and disable groups. Also allows users to assign users to groups and remove users from groups.
Administer IP Addresses
Allows users to create, edit, and delete IP Address Ranges. These ranges are used to restrict certain users to specific IP Addresses.
Administer Languages
Allows users to change the default language of Secret Server.
Administer Licenses
Allows users to view, edit, install, and delete licenses.
Administer RADIUS
Allows users to view and edit RADIUS settings. RADIUS is used for two-factor authentication with RADIUS compliant devices such as RSA SecurId tokens.
Administer Remote Password Changing
Allows users to turn HeartBeat and Remote Password Changing on and off globally. Also allows users to create new password changers and install password changing agents on remote machines.
Administer Reports
Allows users to view, edit, delete, and create reports. Also allows users to customize report categories.
Administer Role Assignments
Allows users to view which users and groups are assigned to which roles. Also allows users to assign users and groups to different roles.
Administer Role Permissions
Allows users to view, edit, create and delete roles. Also allows users to assign different permissions to each role.
Administer Search Indexer
Allows users to view and edit search indexer options. These options control how searching in Secret Server works. For example, a user with this role permission could enable search indexing, which allows users to search on fields within a secret.
Administer Secret Templates
Allows users to view, edit, disable and create Secret Templates.
Administer Security Configuration
Allows users to view and edit security configuration options in Secret Server. Currently, these include enabling FIPS compliance mode and protecting the encryption key.
Administer System Log
Allows users to view and clear the System Log, which shows general diagnostics information for Secret Server.
Administer Unlimited Admin Configuration
Allows a user to turn on Unlimited Admin Mode. When this mode is enabled, users with the “Unlimited Administrator” role permission can view and edit all Secrets in the system, regardless of permissions. Note that you can assign “Administer Unlimited Admin Configuration” to one user and “Unlimited Administrator” to another user. This would require one user to turn on the mode and another user to view and edit secrets.
Administer Users
Allows a user to create, disable, and edit users in the system.
Copy Secret
Allows a user to copy secrets.
Delete Secrets
Allows a user to mark secrets as deleted.
Edit Secret
Allows users to edit secrets. Note that they still require the “Edit” or “Owner” permissions on the individual secrets they are editing.
Share Secret
Allows users to share secrets with other users. Also allows users to perform more advanced tasks on secrets of which they are “Owners”, such as configuring expiration schedules.
Unlimited Administrator
Allows a user to view and edit all secrets in the system, regardless of permissions, when Unlimited Admin Mode is on. Note that another user with the “Administer Unlimited Admin Configuration” role permission would still need to turn this mode on.
User Audit Expire Secrets
Allows a user to view the “User Audit” report, which shows all secrets that have been accessed by a particular user in a specified date range. Also allows the user to force expiration on all these secrets, which would make Secret Server automatically change the password.
View Active Directory
Allows a user to view, but not edit, the Active Directory settings in the system.
View Backup
Allows a user to view, but not edit, the automated backup settings.
View Configuration
Allows a user to view, but not edit, general configuration settings.
View Connectwise Integration
Allows a user to view, but not edit, the ConnectWise integration settings.
View Deleted Secrets
Allows a user to view Secrets that have been deleted in the system.
View Discovery
Allows a user to view, but not edit, Computer and accounts that are found by Discovery.
View DoubleLock Keys
Allows a user to view which DoubleLock keys exist in the system.
View Export
Allows a user to view the export log of the system to see when users exported secrets. Does not allow a user to export.
View Folders
Allows a user to view, but not edit, folders in the system.
View Group Roles
Allows a user to see which groups and users are assigned to which roles. Does not allow a user to change these assignments.
View Groups
Allows a user to see which groups exist in the system. Also allows a user to see which users belong to each group.
View Inactive Secrets
Allows a user to view secrets that have been deleted.
View IP Addresses
Allows a user to view IP Address Ranges that have been created to restrict access. Does not allow a user to edit these ranges.
View Launcher Password
Allows a user to unmask the password on the view screen of secrets with a launcher. Typically, this includes Web Passwords, Active Directory accounts, Local Windows accounts, and Linux accounts.
View Licenses
Allows a user to view, but not edit, the licenses in the system,
View RADIUS
Allows a user to view, but not edit, the RADIUS configuration settings.
View Nodes
Allows a user to view, but not edit, the Secret Server web server nodes
View Remote Password Changing
Allows a user to view, but not edit, HeartBeat and Remote Password Changing settings.
View Reports
Allows a user to view, but not edit, reports.
View Roles
Allows a user to view roles in the system. Also allows a user to see which groups are assigned to which roles.
View Search Indexer
Allows a user to view, but not edit, search indexer settings.
View Secret
Allows a user to view secrets in the system. Note that they will still need at least “View” permissions on secrets in order to view them.
View Secret Audit
Allows users to view the audit log for secrets.
View Secret Templates
Allows a user to view Secret Templates in the system.
View Security Configuration
Allows a user to view the security configuration of Secret Server.
View Security Hardening Report
Allows a user to view the Security Hardening Report.
View Session Recording
Allows a user to view a recorded launcher session.
View System Log
Allows a user to view the System Log, which contains general diagnostic information.
View Unlimited Admin Configuration
Allows a user to view the Unlimited Admin Mode configuration. Also allows a user to view the Unlimited Admin Mode audit log.
View User Audit Report
Allows a user to view the User Audit Report. This will allow them to see which secrets have been accessed by a user for a specific date range.
View Users
Allows a user to see which users exist in the system.
Article ID: 133, Created On: 11/23/2010, Modified: 3/30/2012