Permission Level
Last modified on November 27, 2024
The permission level of a user determines the user’s ability to add resources to the organization, edit those resources, or to manage other users. You can delegate various levels of administrative permissions to users within your account, including Administrator, Database Administrator, Team Leader, and/or User. You do not need to have all administrative types set up.
Permission Level Descriptions
An Administrator has full administrative access to the entire organization. Only Administrators can create roles and grant access to datasources and servers.
An Auditor has full read access to the entire organization. Auditors can see all settings, roles, users, and so forth, but they cannot create, modify, or delete any of these items.
A Database Administrator can configure and manage resources (such as datasources, servers, clusters, clouds, and websites).
A Team Leader can manage users within a particular role. This permission level is designed for managers who are in charge of a team but don’t necessarily control the infrastructure they use. Team Leaders can invite new users exclusively to the role they manage, and those users inherit the same access as the Team Leader.
User is the default for any person invited to the account. Users can query and access the datasources and servers to which they have been granted access.
Another type of user is the non-SSO user, a user whose permission level is only User and who can only log in to StrongDM with a password.
Non-SSO users cannot be upgraded to Administrator, Team Leader, or Database Administrator. A regular user, however, can be upgraded to one of those permission levels. To change a non-SSO user to a regular user, remove and recreate the user.
Permission Level Summary
Action | Administrator | Auditor | Database Administrator | Team Leader | User |
---|---|---|---|---|---|
Access datasources, servers, clusters, clouds, and websites | ✔ | ✔ | ✔ | ✔ | ✔ |
Access dashboards | ✔ | ✔ | |||
Audit activities, queries, and SSH captures | ✔ | ✔ | |||
Audit account configuration | ✔ | ✔ | |||
Grant administrative access | ✔ | ||||
Grant access to datasources, servers, clusters, clouds, and websites | ✔ | ||||
Invite and suspend users | ✔ | ✔ | |||
Manage user details | ✔ | ||||
Manage service accounts, admin tokens, and API keys | ✔ | ||||
Create roles and manage their access | ✔ | ||||
Move users into and out of roles | ✔ | ✔ | |||
Manage datasources, servers, clusters, clouds, and websites | ✔ | ✔ | |||
Manage relays and gateways | ✔ | ||||
Update account settings | ✔ |