DocumentationAPI ReferenceRelease Notes
Documentation

Jump Item Roles | PRA On-prem

Suggest Edits

What are Jump Item Roles?

Jump Item Roles are a collection of permissions created for different roles in your organization which allow you to grant specific permissions for a user to access a Jump group. It allows you to grant specific permissions for a user to access a Jump Group. Jump Item Roles are applied to users from the Jump > Jump Item Roles page or from the Users & Security > Group Policies page.

How are Jump Item Roles useful to my organization?

Jump Item Roles help administrators manage access control and ensure users can only perform the necessary tasks for their role, enhancing security and efficiency during remote access sessions.

How do I access the Jump Item Roles page?

  1. Use a Chromium-based browser to sign in to your Privileged Remote Access on-prem URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click Jump.
    The Jump Clients page opens and displays by default.
  3. At the top of the page, click Jump Item Roles.
    The Jump Item Roles page displays.

How to configure Jump Item Roles

If more than one role is assigned to a user, then the most specific role for a user is always used. The order of specificity for Jump Item Roles, from most specific to least specific, is:

  • The role assigned to the relationship between a user and a Jump Group on the Jump > Jump Item Roles page.
  • The role assigned to the relationship between a user and a Jump Group on the Users & Security > Group Policies page.
  • The Jump Item Roles configured for a user on the Users & Security > Users page or the Users & Security > Group Policies page.

ℹ️

Starting in 25.2, new site installations automatically include a Jump Item Role called Auditor.

  • On existing sites upgraded to 25.2+, this role is not created automatically. Admins may create it manually if needed.
  • The Auditor role has a single permission, View Reports, allowing admins to grant a user access to run Jump Item reports without any additional permissions.

Add a Jump Item Role

  1. From the Jump Item Roles page, click Add.
    The Add a Jump Item Role page displays.
  2. In the Name field, type a unique name to help identify this role. This name helps when linking a Jump Item Role with a user or group of users in a Jump Group.
  3. In the Description field, type a description to summarize the purpose of this role.
  4. In the Permissions section, on the Jump Group or Personal Jump Items setting, you can set the following options:
Field nameDescription
Create new Jump Items or upgrade Jump ClientsWith this setting selected, you can create Jump items and install them on a remote system. This permission is required to upgrade Jump Clients through the Access Console and Privileged Web Access Console. It is also required for access to the Jump Shortcuts Mass Import Wizard. When you create a Jump Item Role and have this permission selected, all the Edit permissions in the Jump Items section are automatically selected, and the following message displays:

The Create Jump Items permission grants broad creation privileges, including the ability to set all fields on items during creation. This permission should be granted to trusted users only.

ℹ️The user must be a member of a Jumpoint to deploy.
Move and Copy Jump ItemsWith this setting selected, you can move or copy Jump Items from one Jump Group into another.

ℹ️ This permission must be set on the Jump Item Roles used in both the Jump Item's origin and destination.
Remove existing Jump ItemsWith this setting selected, you can delete Jump Items.
View Session and Jump Item ReportsWith this setting selected, you can view reports. This applies to the Jump Group to which the user is added with this role.
  1. In the Jump Item section, you can set the following options:
Field nameDescription
Start SessionsYou can Jump to a remote system.
Edit TagYou are able to edit a Jump Item's tag field.
Edit CommentsYou are able to edit a Jump Item's comments field.
Edit Jump PolicyYou can set any Jump Policy that is applied to a Jump Item
Edit Session PolicyYou set which session policy a Jump Item should use. Changing the session policy may affect the permissions allowed in the session. Applies to all Jump Item types.
Edit Connectivity and AuthenticationYou can modify a Jump Item's connection and authentication information. This includes such fields as hostname, Jumpoint, port, and username, among others.
Edit Behavior and ExperienceYou are able to modify the behavior of Jump Items. This includes the following field types:

  • Remote RDP
    • Quality, Console session
  • Shell Jump
    • Terminal type, Keep Alive
  • Protocol Tunnel Jump
    • Local address

Edit a Jump Item Role

  1. From the Jump Item Roles page, select a role from the list, then click.
    The Edit Jump Item Role page displays.
  2. Make your changes, and then click Save.

Delete a Jump Item Role

  1. From the Jump Item Roles page, select a role from the list, then click .
    The following message displays:

    This Jump Item Role is associated with the following: 8 Users, 2 Group Policies, 3 Jump Group Members, 1 Jump Group Memberships in Group Policies. By deleting this Jump Item Role the following references to it will be affected: - Default Role, Personal Role, Teams Role, System Role in Users and Group Policies will be set to "No Access". - Jump Item Role in Jump Group Members and Jump Group Memberships in Group Policies will be set to "No Access". Are you sure you want to delete the role "Operator"? Yes/No

  2. Click Yes.

Updated about 22 hours ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.