Permissions for Secrets

Permissions allow a Management Tool user with the Management Tool Access administrative permission to define which functions a user will be able to perform with a secret (or with the secrets stored in a folder in the Tree-View folder structure) and are defined on the Permissions tab when editing or adding a secret (or when editing or adding a folder).

Table of Contents

1. Granting Permissions to Users of Secrets

Role Type permissions are granted to users / user groups of a secret by selecting (in the Role Type column) either:

• Owner: Allows the user (or the users in a user group) to grant any Role Type or advanced permissions, view secret/folder data (including the credentials of shared privileged accounts), edit the secret/folder, delete the secret/folder, configure remote password rotation, use the secret to access the associated account, and use the Account Discovery feature.

NOTE: As a root user, the built-in default admin user of Syteca has the "Owner" Role Type permissions for all secrets, and is therefore able to both edit and access all secrets added by other Syteca users.

• Editor: Allows the user (or the users in a user group) to grant the Editor and PAM User Role Type permissions and the View Password advanced permissions, view the secret data/folder, edit the secret/folder, use the secret to access the associated account, and use the Account Discovery feature.

• PAM User: Allows the user (or the users in a user group) to use the secret to access the associated account.

Advanced permissions are granted to users / user groups of a secret, by selecting the appropriate checkboxes (

• File Transfer (

• View Password (

• Copy Password (

NOTE: If permissions are granted to a user group, all users belonging to this group will inherit these permissions.

2. Viewing Role-Type Permissions

A list of the Role Type permissions granted to users of secrets (in the selected folder) is displayed on the Permissions tab of the Password Management page. The list is displayed in the form of grid that includes the following information in the corresponding columns:

• User/Group Name: The name of the user / user group of the secret to which the Role Type permissions are granted.

• Secret Name: The name of the secret for which the Role Type permissions are granted to the user / user group.

• Secret Type: The type of the secret for which the Role Type permissions are granted to the user / user group.

• Permissions: The Role Type permissions granted (Owner, Editor, or PAM User) to the user / user group of the secret.

• Description: The description of the secret for which the Role Type permissions are granted to the user / user group.

To search for the required permissions, type a search expression (i.e. keyword).

To filter the information about the permissions in the grid, use the filters:

• Secret Name: Allows filtering of the permissions by the specific name of a secret for which the permissions are granted.

• User group: Allows filtering of the permissions by a specific user group to whom the permissions are granted.

• User: Allows filtering of the permissions by a specific user to whom the permissions are granted.

To sort the columns in the grid, click the required column header. You can change the column sort order from ascending to descending, and vice versa by clicking the corresponding column header again. If the data is not sorted by a column, the Sort arrow is not shown in the column header.