Portal Roles and Permissions for Access Management¶
In Privacera, user access to different features within the Privacera Portal is controlled through Portal Roles. These roles define what administrative or governance capabilities a user can perform ranging from full account control to limited auditing.
Assigning users the appropriate portal role helps enforce separation of duties, least privilege, and governance accountability.
Common Portal Roles¶
Below is a list of common built-in portal roles and their associated permissions:
| Role Name | Description |
|---|---|
ROLE_ACCOUNT_ADMIN | Has full administrator privileges. Can manage all services, policies, zones, audits, and users. |
ROLE_POLICY_ADMIN | Has policy management privileges. Can create, modify, and delete policies. Cannot manage users or system configurations. |
ROLE_POLICY_AUDITOR | Has read-only privileges. Can view policies and audit logs. Cannot modify policies or access sensitive data directly. |
Role Capabilities Summary¶
| Capability | ROLE_ACCOUNT_ADMIN | ROLE_POLICY_ADMIN | ROLE_POLICY_AUDITOR |
|---|---|---|---|
| Manage Users | ✅ | ❌ | ❌ |
| Manage Policies | ✅ | ✅ | ❌ |
| View Policies | ✅ | ✅ | ✅ |
| Access Audit Logs | ✅ | ✅ | ✅ |
| Manage Security Zones | ✅ | ❌ | ❌ |
| View Service Explorer | ✅ | ✅ | ✅ |
Best Practices¶
- Account Administration: Assign
ROLE_ACCOUNT_ADMINonly to system owners or trusted security leads. - Policy Management: Use
ROLE_POLICY_ADMINfor data stewards or governance leads who need to manage access policies. - Audit and Compliance: Use
ROLE_POLICY_AUDITORfor audit, compliance, or oversight teams who need read-only visibility. - Scoped Control: Combine portal roles with Security Zones or Delegated Admin features for scoped control.