Documentation

Role settings

Suggest Edits

What are role settings?

Role settings are where you assign roles to your users. Users are assigned roles based on the level of access they need to do their EPM Cloud for Linux job functions.

⚠️

Important

Pages and functions in EPM Cloud for Linux require certain permissions, which are distributed by roles. If a user is not assigned the appropriate role, they cannot access the associated features in EPM Cloud for Linux. For example, the policyadmin role is required for an authenticated user to interact with a policy.

Role types

Role nameTypical responsibilitiesKey functionsAccess rights
sysadminConfigures and manages the Endpoint Privilege Management system.
Sets up users, groups, and roles.
Defines and enforces privilege policies.
Monitors system health and usage logs.		Policy creation and deployment.
Integration with directory services (e.g., LDAP, Active Directory).
System updates and maintenance.		Full access to all pages in EPM Cloud for Linux.

Full rights (create, view, update, and delete) to all pages in EPM Cloud for Linux.
policyadminDesigns and implements policies for managing privileges on Linux endpoints.
Ensures compliance with organizational and regulatory requirements.		Defines rules for privilege elevation or restriction.
Creates workflows for just-in-time access requests.
Audits policies for effectiveness and compliance.		Full access to all policy management pages (Roles, Secure Users, Secure Groups, Command Groups, Host groups, Schedule Groups, Entitlement Reports) in EPM Cloud for Linux.

Full rights (create, view, update, and delete) to the above pages in EPM Cloud for Linux.
auditorReviews logs and audit trails to ensure adherence to privilege policies.
Identifies anomalies or potential misuse of privileges.		Analyzes user activity and system logs.
Prepares reports for audits or security reviews.
Flags potential policy violations for investigation.		Full access to all audit pages (Unified Search, Events, and Search and Replay) in EPM Cloud for Linux.

Full rights (create, view, update, and delete) to the above pages in EPM Cloud for Linux.
accountadminDay-to-day use of the Linux system with role-appropriate privileges.
Requests temporary privilege escalation when needed.		Manages users and role assignments.Full access to the EPM-L Settings page. EPM Cloud for Linux.

Full rights (create, view, update, and delete) to the above page in EPM Cloud for Linux.
apiuserConnects the privilege management system to other tools and platforms.
Ensures seamless functionality across systems.		Configures APIs for custom integrations.
Synchronizes data with SIEM tools, ticketing systems, or identity providers.
Troubleshoots connectivity or integration issues.		Minimal access to the EPM Cloud for Linux pages.
softwareadminProvides first-line support for users experiencing issues with privilege management.
Facilitates access requests or resolves minor system issues.		Assists with privilege elevation requests if automated mechanisms fail.
Escalates complex issues to administrators or policy managers.
Educates users on the privilege management system.		Full access to the Installers page in EPM Cloud for Linux.

Full rights (create, view, update, and delete) to the above pages in EPM Cloud for Linux.
Custom roleOrganizations may define custom roles tailored to their specific needs. Examples:
DevOps Role: Manages privileges specific to development and operations teams.
Incident Responder: Has temporary elevated access for responding to security incidents.

View all secure users assigned to a role

  1. Click > Endpoint Privilege Management for Linux > Roles.
    The Roles by user page displays.
  2. In the left Roles panel, click the role you want to view.
    The role page displays a list of all users, regardless of role assigned.
  3. Click Users with this role.
    The list refines and displays only those users with the role assigned.

View all secure users not assigned to a role

  1. Click > Endpoint Privilege Management for Linux > Roles.
    The Roles by user page displays.
  2. In the left Roles panel, click the role you want to view.
    The role page displays a list of all users, regardless of role assigned.
  3. Click Users without this role.
    The list refines and displays only those users without the role assigned.

Assign a role to one or more secure users

  1. Click > Endpoint Privilege Management for Linux > Roles.
    The Roles by user page displays.
  2. In the left Roles panel, click the role to which you want to add one or more users.
  3. In the right panel, click Users without this role.
    The list filters to only those users without the specified role.
  4. Select the user(s) to whom you want to assign the role.
  5. Click Add selected users.
    The role assigns to the user(s), and a success message displays.

Remove a role from one or more secure users

  1. Click > Endpoint Privilege Management for Linux > Roles.
    The Roles by user page displays.
  2. In the left Roles panel, click the role to which you want to remove one or more users.
  3. In the right panel, click Users with this role.
    The list filters to only those users with the specified role.
  4. Select the user(s) to whom you want to remove from the role.
  5. Click Remove selected users.
    The role removes from the user(s), and a success message displays.

Updated 14 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.