Role Based Access Control

PMC functions on a role-based access control (RBAC) system, in which the role assigned to a user dictates what features this user has access to.

User Roles

Each user in PMC has an associated user role. You can view the roles by navigating to Users > Edit User > Next: Roles and Resources.

There are two user roles:

  • Administrator: This role allows the user to access and manage all areas of the system.
  • Standard User: This role limits the user to only access and manage resources that you identify in the Roles and Resources section. The Configuration and Auditing menu options are not visible to the Standard User role.

Main menu items and icons that appear on the left side depend on which user role is assigned to a user. For example, if you only assign access to policies for a standard user, when logging in the user will see only the Home and Policies menu items.

Home page and Policies option image

Resources Access for a Standard User

A standard user can access a variety of resources according to the Computer Groups Roles and Policies Roles that you assign.

Computer Groups Roles

The following computer group roles can be assigned to a standard user, for either all groups or individually selected groups.

Role Menu access to Description
Assign Policy to Group Home, Policies, and Computer Groups

User can view policies and computer groups, and assign policies and revisions to selected computer groups.

Edit Group Home and Computer Groups User can view and edit selected computer group properties.
Analyze Group Home, Computer Groups and Analytics User can view data analytics for selected computer groups.
View Group Home and Computer Groups User can only view selected computer groups. This option is automatically selected when any of the other options are selected.

Policies Roles

The following policies roles can be assigned to a standard user, for either all policies or individually selected policies.

Role Access to Description
Edit Policy Home and Policy User can view and edit selected policies.
View Policy Home and Policy User can only view selected policies. This option is automatically selected when the edit option is selected.

Automatic Role Mappings on Upgrade

When upgrading from PMC 22.7 and earlier to version 22.8, existing roles will be mapped as follows.

PMC 22.7 and Earlier Role 22.8 Role and Access
Administrator Administrator
Computer Administrator Group Editor and Viewer, Policy Viewer and Assigner
Policy Administrator Group Viewer, Policy Editor, Policy Viewer, Policy Assigner, Analytics
Policy Editor Group Viewer, Policy Editor and Viewer, Analytics
Standard User Group Viewer, Policy Viewer, Analytics
Automation Client Automation Client

For more granular access, you can manually edit users and assign access to computer group and policy records.

Edit Roles and Resources for a User Account

As an administrator user, you can edit roles and resources for a user account.

  1. On the sidebar menu, click Users.
  2. Locate the user account you want to edit. Use the filter option to quickly reduce the list size.
  3. To the right of the user you want to edit, click the vertical ellipsis icon, and then select Edit User. You can also click the email address of the user in the grid to access the panel.
  4. At the bottom of the User Profile section, click Next: Roles and Resources.
  5. Make the role and resources changes you want for the user.
  6. Click Save Changes.

If you remove all access for a standard user account here, the user may log in to PMC, but will be greeted with a home page with a message indicating to contact their administrator, to be granted access to groups and policies to work in PMC.

Home page with no menu options image

For more information on assigning roles and resources, see Assign Roles and Resources for a Standard User.