Roles and permissions
The level of access within a Okta Privileged Access team depends on the role that you're assigned and the permissions granted to that role. The table below discusses the types of roles, and each has a unique set of permissions and restrictions.
| Role | Description |
|---|---|
| PAM admin | Assigns administrative roles to Okta Privileged Access groups and users. This is the role with the highest privilege in Okta Privileged Access. |
| Resource admin | Allows group members to administer project resources. They can create, update, or delete resource groups and assign one or more user groups as owners of a resource group. Also, they have implicit list permissions across all secret folders. |
|
Delegate resource admin |
Can manage projects in the context of a resource group assigned to them. Also, they have implicit list permissions for secret folders within the resource groups they're delegated to. |
|
Can create one or more Okta Privileged Access security policies to control access to the team's privileged accounts and resources. |
|
|
Delegated security admin |
Can create and update policies that apply to resource groups that they're assigned as security admins. |
|
Can view and access resources granted by security policies. Every user who is assigned the Okta Privileged Access app in the Admin Console is assigned this role. |