Roles and permissions

The level of access within a Okta Privileged Access team depends on the role that you're assigned and the permissions granted to that role. The table below discusses the types of roles, and each has a unique set of permissions and restrictions.

Role Description
PAM admin Assigns administrative roles to Okta Privileged Access groups and users. This is the role with the highest privilege in Okta Privileged Access.
Resource admin Allows group members to administer project resources. They can create, update, or delete resource groups and assign one or more user groups as owners of a resource group. Also, they have implicit list permissions across all secret folders.

Delegate resource admin

Can manage projects in the context of a resource group assigned to them. Also, they have implicit list permissions for secret folders within the resource groups they're delegated to.

Security admin

Can create one or more Okta Privileged Access security policies to control access to the team's privileged accounts and resources.

Delegated security admin

Can create and update policies that apply to resource groups that they're assigned as security admins.

User

Can view and access resources granted by security policies. Every user who is assigned the Okta Privileged Access app in the Admin Console is assigned this role.