Jump Item Roles

What are Jump Item Roles?

Jump Item Roles are a collection of permissions created for different roles in your organization which allow you to grant specific permissions for a user to access a Jump group. It allows you to grant specific permissions for a user to access a Jump Group. Jump Item Roles are applied to users from the Jump > Jump Item Roles page or from the Users & Security > Group Policies page.

How are Jump Item Roles useful to my organization?

Jump Item Roles help administrators manage access control and ensure users can only perform the necessary tasks for their role, enhancing security and efficiency during remote access sessions.

How do I access the Jump Item Roles page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Jump.
    The Jump page opens and the Jump Clients tab displays by default.
  3. Click the Jump Item Roles.
    The Jump Item Roles page displays.

The Jump Item Roles page

An image of the Privileged Remote Access interface showing the Jump Item Roles tab. It displays a table with three roles—Administrator, Auditor, and Start Sessions Only—each with different permissions for actions like Jump, Create/Deploy, Remove, Move/Copy, Edit, and View Reports.
  1. Left menu: Easy access to all pages in Privilege Remote Access, including Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Management, and Appliance pages.
  2. Status: Opens the Status page.
  3. Header: Change your tenant site, manage your profile, and access documentation.
  1. Add: Adds a new Jump Item Role.

  2. Jump Item Roles columns- The list of Jump Item Roles columns.

    Jump Item Roles columns
    • Name: Unique name of the Jump Item Role.
    • Jump: Defines if the Start Sessions permission is enabled. The values are Yes or No.
    • Create/Deploy: Defines if the Create and deploy new Jump Items or upgrade Jump Clients permission is enabled.
    • Remove: Defines if the Remove existing Jump Items permission is enabled.
    • Move/Copy: Defines if the Move and Copy Jump Items permission is enabled. These permissions must be set on the Jump Item's origin and destination.
    • Edit: Defines if the following permissions are enabled:
      • Edit Jump Policy:
      • Edit Behavior and Experience
      • Edit Tag
      • Edit Session Policy
      • Edit Comments
      • Edit Connectivity and Authentication

    If one of the policies is enabled, then value of Some displays. If all six permissions are enabled, the value of All displays.

    • View Reports: Defines if the View Reports permission is enabled.
  3. Jump Item Roles options: You can edit or delete a Jump Item role.

How to configure Jump Item Roles

If more than one role is assigned to a user, then the most specific role for a user is always used. The order of specificity for Jump Item Roles, from most specific to least specific, is:

  • The role assigned to the relationship between a user and a Jump Group on the Jump > Jump Item Roles page.
  • The role assigned to the relationship between a user and a Jump Group on the Users & Security > Group Policies page.
  • The Jump Item Roles configured for a user on the Users & Security > Users page or the Users & Security > Group Policies page.

ℹ️

Note

A new Jump Item Role called Auditor is automatically created on new site installations. On existing installations it has to be created. This role only has a single View Reports permission enabled, giving admins the option to grant a user just the permission to run Jump Item reports, without the need to grant any other permission.

Add a Jump Item Role

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Jump.
    The Jump page opens and the Jump Clients tab displays by default.
  3. Click the Jump Item Roles.
    The Jump Item Roles page displays.
  4. Click Add.
    The Add a Jump Item Role page displays.
  5. In the Name field, type a unique name to help identify this role. This name helps when linking a Jump Item Role with a user or group of users in a Jump Group.
  6. In the Description field, type a description to summarize the purpose of this role.
  7. In the Permissions section, on the Jump Group or Personal Jump Items setting, you can set the following options:
Field nameDescription
Create and deploy new Jump Items or upgrade Jump ClientsWith this setting selected, you can create Jump items and install them on a remote system. This permission is required to upgrade Jump Clients through the Access Console and Privileged Web Access Console. It is also required for access to the Jump Shortcuts Mass Import Wizard .

ℹ️ Note

The user must be a member of a Jumpoint to deploy.



Move and Copy Jump ItemsWith this setting selected, you can move or copy Jump Items from one Jump Group into another.

ℹ️ Note

This permission must be set on the Jump Item Roles used in both the Jump Item's origin and destination.



Remove existing Jump ItemsWith this setting selected, you can delete Jump Items.
View ReportsWith this setting selected, you can view reports. This applies to the Jump Group to which the user is added with this role.
  1. In the Jump Item section, you can set the following options:
Field nameDescription
Start SessionsYou can Jump to a remote system.
Edit Jump PolicyYou can set any Jump Policy that is applied to a Jump Item
Edit Behavior and ExperienceYou are able to modify the behavior of Jump Items. This includes the following field types:

Remote RDP
  • Quality, Console session

Shell Jump
  • Terminal type, Keep Alive

Protocol Tunnel Jump
  • Local address
Edit TagYou are able to edit a Jump Item's tag field.
Edit Session PolicyYou set which session policy a Jump Item should use. Changing the session policy may affect the permissions allowed in the session. Applies to all Jump Item types.
Edit CommentsYou are able to edit a Jump Item's comments field.
Edit Connectivity and AuthenticationYou can modify a Jump Item's connection and authentication information. This includes such fields as hostname, Jumpoint, port, and username, among others.

Edit a Jump Item Role

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Jump.
    The Jump page opens and the Jump Clients tab displays by default.
  3. Click the Jump Item Roles.
    The Jump Item Roles page displays.
  4. Select a role from the list, click the pencil.
    The Edit Jump Item Role page displays.
  5. Make your changes, and then click Save.

Delete a Jump Item Role

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the main menu, click Privileged Remote Access > Jump.
    The Jump page opens and the Jump Clients tab displays by default.

  3. Click the Jump Item Roles.
    The Jump Item Roles page displays.

  4. Click the trash can .
    The following message displays:

    A confirmation to delete a jump group is displayed. Choose Yes or No.
  5. Click Yes.


©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.