Assigning Roles to Users
System administrator staff can assign specific roles to each user in an organization. VGS supports organization-level roles and vault-level roles to ensure appropriate separation of duties throughout an enterprise. This article explains the specific permissions that are available to each role.
Organization Roles
Admin: Users with full access to the Organization and its resources, including sensitive and destructive actions like managing and deleting vaults and applications.
User: Users who actively work on Organization resources (Vaults).
Below is a detailed table of the permissions each user may have access to based on their Organization-level role:
View Organization details
✓
✓
View my resources (Vaults)
✓
Create new resources (Vaults)
✓
✓
Manage resource users (add, edit roles, revoke access)
✓
✓
View own permissions on resources
✓
Update Organization details (Org name)
✓
✓
Manage Organization users (invite, edit roles, remove)
✓
✓
Manage (view, create, delete) service accounts via CLI tool
✓
Manage authentication settings (SSO, MFA)
✓
Activate Organization
✓
View Usage Reports
✓
Vault Roles
Admin: Users with full administrative access to the vault and its routes, including permissions to delete the vaults and its routes.
Write: Users with write access to vault settings and routes.
Read: Users with view access to vault settings and routes.
Below is a detailed table of the permissions each user may have access to based on their Vault-level role:
View list of Vaults
✓
✓
✓
Create Vaults
✓
✓
✓
View list of Routes
✓
✓
✓
Create, edit and remove Routes
✓
✓
Manage Vault Settings (Access Credential, mTLS, CNames, Preferences)
✓
View Logs
✓
✓
✓
View Developer Resources
✓
✓
✓
View Integration templates
✓
✓
✓
Apply integration template to a Route
✓
✓
Manage Vault users (add, edit permissions, remove from Vault)
✓
Last updated