Jump Item Roles
What are Jump Item Roles?
Jump Item Roles are a collection of permissions created for different roles in your organization which allow you to grant specific permissions for a user to access a Jump group. It allows you to grant specific permissions for a user to access a Jump Group. Jump Item Roles are applied to users from the Jump > Jump Item Roles page or from the Users & Security > Group Policies page.
How are Jump Item Roles useful to my organization?
Jump Item Roles help administrators manage access control and ensure users can only perform the necessary tasks for their role, enhancing security and efficiency during remote access sessions.
How do I access the Jump Item Roles page?
- Sign into app.beyondtrust.io.
The BeyondTrust Home page displays. - From the main menu, click Privileged Remote Access > Jump.
The Jump page opens and the Jump Clients tab displays by default. - Click the Jump Item Roles.
The Jump Item Roles page displays.
The Jump Item Roles page
- Left menu: Easy access to all pages in Privilege Remote Access, including Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Management, and Appliance pages.
- Status: Opens the Status page.
- Header: Change your tenant site, manage your profile, and access documentation.
-
Jump Item Roles columns- The list of Jump Item Roles columns.
Jump Item Roles columns
- Name: Unique name of the Jump Item Role.
- Jump: Defines if the Start Sessions permission is enabled. The values are Yes or No.
- Create/Deploy: Defines if the Create and deploy new Jump Items or upgrade Jump Clients permission is enabled.
- Remove: Defines if the Remove existing Jump Items permission is enabled.
- Move/Copy: Defines if the Move and Copy Jump Items permission is enabled. These permissions must be set on the Jump Item's origin and destination.
- Edit: Defines if the following permissions are enabled:
- Edit Jump Policy:
- Edit Behavior and Experience
- Edit Tag
- Edit Session Policy
- Edit Comments
- Edit Connectivity and Authentication
If one of the policies is enabled, then value of Some displays. If all six permissions are enabled, the value of All displays.
- View Reports: Defines if the View Reports permission is enabled.
-
Jump Item Roles options: You can edit or delete a Jump Item role.
How to configure Jump Item Roles
If more than one role is assigned to a user, then the most specific role for a user is always used. The order of specificity for Jump Item Roles, from most specific to least specific, is:
- The role assigned to the relationship between a user and a Jump Group on the Jump > Jump Item Roles page.
- The role assigned to the relationship between a user and a Jump Group on the Users & Security > Group Policies page.
- The Jump Item Roles configured for a user on the Users & Security > Users page or the Users & Security > Group Policies page.
Note
A new Jump Item Role called Auditor is automatically created on new site installations. On existing installations it has to be created. This role only has a single View Reports permission enabled, giving admins the option to grant a user just the permission to run Jump Item reports, without the need to grant any other permission.
Add a Jump Item Role
- Sign into app.beyondtrust.io.
The BeyondTrust Home page displays. - From the main menu, click Privileged Remote Access > Jump.
The Jump page opens and the Jump Clients tab displays by default. - Click the Jump Item Roles.
The Jump Item Roles page displays. - Click Add.
The Add a Jump Item Role page displays. - In the Name field, type a unique name to help identify this role. This name helps when linking a Jump Item Role with a user or group of users in a Jump Group.
- In the Description field, type a description to summarize the purpose of this role.
- In the Permissions section, on the Jump Group or Personal Jump Items setting, you can set the following options:
- In the Jump Item section, you can set the following options:
| Field name | Description |
|---|---|
| Start Sessions | You can Jump to a remote system. |
| Edit Jump Policy | You can set any Jump Policy that is applied to a Jump Item |
| Edit Behavior and Experience | You are able to modify the behavior of Jump Items. This includes the following field types: Remote RDP
Shell Jump
Protocol Tunnel Jump
|
| Edit Tag | You are able to edit a Jump Item's tag field. |
| Edit Session Policy | You set which session policy a Jump Item should use. Changing the session policy may affect the permissions allowed in the session. Applies to all Jump Item types. |
| Edit Comments | You are able to edit a Jump Item's comments field. |
| Edit Connectivity and Authentication | You can modify a Jump Item's connection and authentication information. This includes such fields as hostname, Jumpoint, port, and username, among others. |
Edit a Jump Item Role
- Sign into app.beyondtrust.io.
The BeyondTrust Home page displays. - From the main menu, click Privileged Remote Access > Jump.
The Jump page opens and the Jump Clients tab displays by default. - Click the Jump Item Roles.
The Jump Item Roles page displays. - Select a role from the list, click the pencil
.
The Edit Jump Item Role page displays. - Make your changes, and then click Save.
Delete a Jump Item Role
-
Sign into app.beyondtrust.io.
The BeyondTrust Home page displays. -
From the main menu, click Privileged Remote Access > Jump.
The Jump page opens and the Jump Clients tab displays by default. -
Click the Jump Item Roles.
The Jump Item Roles page displays. -
Click the trash can
.
The following message displays:
-
Click Yes.
Updated 12 days ago
