DocumentationAPI ReferenceRelease Notes
Log In
Documentation

Roles

Suggest Edits

A role is a group of permissions that can be assigned to one or more users at a time.

  • Builtin: Predefined roles included with EPM.
  • Custom: Create a role that permits access based on your user's responsibilities and required access.

You cannot change or delete builtin roles.

Built in roles:

  • Administrator: Full access and permissions across EPM.
  • Auditor:
    • View and analyze all computer groups.
    • View all policies.
    • View all settings.
    • View user requests.
  • Computer Manager:
    • Create, edit, and view all computer groups.
    • Assign any available policy to any computer group.
    • Analyze computer groups. View all policies.
  • Policy Manager: Create, edit, and view all policies.
  • Request Manager: View and approve all user request management requests.

The Roles page

Use the Roles list to view at-a-glance data about roles in EPM for Windows and Mac.

The Roles page
  1. Left menu: Easy access to all pages in Endpoint Privilege Management, including the Home, Policies, Computers, Computer Groups, Management Rules, Analytics, Just-in-Time Access Management, Configuration, Auditing, and User Management pages.
  2. Header: Enter keywords to run a global search across computer groups, policies, computers, and users, view your notifications, change your site language, change your time zone, and log out of EPM for Windows and Mac.

  1. Click a tab to navigate to:

    • Users
    • Roles

  2. Filters: Click the drop arrow to select a filter type. The selected filter displays to the left of the drop-down. Click Clear Filters to remove all filters and search results.

    👍

    Filter types

    • Name

    • Description

    • Type

  3. Create Role: Click to create a new role.

  4. List options: Click to refresh the list or to select which columns to display on the page.

  5. Roles list columns: Not all columns display in the image above.

    👍

    Column names
    • Name:
    • Description:
    • Users:
    • Is Admin:
    • Assign Policy to Computer Groups:
    • Edit Computer Groups:
    • View Computer Groups:
    • Analyze Computer Groups:
    • View Policies:
    • Edit Settings:
    • View Settings:
    • View Requests:
    • Manage Requests:
    • View Admin Requests:
    • Manage Admin Requests:

  6. List navigation options: Navigate in the Roles list.

Create a role

Customize permissions to create a role that fulfills the access requirements for your EPM users.

  1. Select User Management from the main menu.
  2. Select the Roles tab.
  3. Select Create Role.
  4. Enter a name and description.
  5. In the Roles and Resources section, select the permissions to add to the role:
    • Under Computer Groups, select either All Computer Groups, or select individual groups and roles.
      • If you select All Computer Groups, select one or more permissions from the Computer Groups Permission list. The user will have the permissions across all existing and future computer groups. The View Groups role is automatically selected with any of the other options.
      • To select individual groups and permissions, check the boxes for the permissions to apply to each group. Use a filter to narrow the scope of groups displayed.
    • Under Policies, select either All Policies, or select individual policy and permissions.
      • If you select All Policies, select one or more permissions from the Policies Permission list. The user will have the permissions across all existing and future policies. The View Policies permission is automatically selected with any of the other options.
      • To select individual policies and permissions, check the boxes for the permissions to apply to each policy. Use a filter to narrow the scope of policies displayed.
    • Under Settings, select the configuration items the user needs access to.
  6. In the User Assignment section, add users to the role.
  7. Click Create Role.

Assign users

Assign your EPM users to roles, either builtin or custom roles.

To assign users:

  1. Select User Management from the main menu.
  2. Select the Roles tab.
  3. Navigate to the role, and then select Assign Users.

View role details

On the Role Details page, view the properties of the role:

  • Permissions on computer groups. Drill down on the computer group to view details.
  • Permissions on the policies. Drill down on a policy to view details.
  • Permission on the settings.
  • Users assigned the role.

You can view details on a builtin role or custom role.

To view details:

  1. Select User Management from the main menu.
  2. Select the Roles tab.
  3. Navigate to the role, and then select View Role Details from the menu.
  4. To view permissions assigned to a role, select the Computer Groups, Policies, or Settings tabs.
  5. Select Users to view a list of users assigned to the role.

Edit a role

You can change the permissions configured in a role. Additionally, update the user assignment.

  1. Select User Management from the main menu.
  2. Select the Roles tab.
  3. Update permissions.
  4. Change the role assignment, if needed.
  5. Select Save Changes.

Delete a role

Delete a role when the role is no longer required.

You cannot delete builtin roles.

To delete a role:

  1. Select User Management from the main menu.
  2. Navigate to the role, and then select Delete Role.

Updated 3 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.