Permission Level Guide

Passportal contains a number of default user roles - these cannot be edited or deleted.

Should Edit or Delete/Disable options not be present for you when attempting these actions on a custom role, this indicates that your role permissions does not include Permissions: Edit or Permissions: Delete.

Passportal Pro Users

Default Permission Levels

Description

Organization Admin

A permission level for owners, chief engineers/technicians and other top-level leadership roles. This permission level grants full access to everything, including the ability to set organization-wide settings and export data from Passportal.

This permission level also includes a built-in override, and users with this level cannot get locked out of passwords, clients or areas of Passportal,or via Security Groups.

Included Permissions: ALL

Manager - Assigned Access

A permission level for department heads, team leaders and other sub-administrator leadership roles. This permission level grants the ability to manage other users, use Passportal's auditing features and fully manage clients. Clients need to be manually assigned to the user for them to manage that Client.

Included Permissions

Admin: Download Marketing Materials	Admin: Manage User Lockouts	Article: Add/Edit	Article: Delete
Article: View	Client: Add	Client: Disable	Client: Edit
Client: View List	Credential Types: Add/Edit	Document: Add/Edit	Document: Delete
Document: View	Domain: Add/Edit	Domain: Disable	Domain: View
Edit Access Assignments	File: Add/Edit	File: Delete	File: Folder Add/Edit
File: Folder Delete	File: View	Password: Add	Password: Archive
Password: Edit	Password: View	Permissions: Add	Permissions: Delete
Permissions: Edit	Permissions: View	Plugin Access	Report: Changed Passwords
Report: Client Audit Log	Report: Client Passwords	Report: Password Complexity	Report: Passwords Input by User
Report: Recently Run Reports	Report: Unchanged Passwords	Setup AD Sync	Site User: Add
Site User: Disable	Site User: Edit	SSL: Add/Edit	SSL: Disable
SSL: View	User: Add	User: Disable	User: Edit
Vault Access

Manager - Default Access

Included Permissions

Admin : Manage User Lockouts	Article: Add/Edit	Article: Delete	Article: View
Client: Add	Client: Disable	Client: Edit	Client: Default Access
Client: View List	Credential Types: Add/Edit	Document: Add/Edit	Document: Delete
Document: View	Domain: Add/Edit	Domain: Disable	Domain: View
Edit Access Assignments	File: Add/Edit	File: Delete	File: Folder Add/Edit
File: Folder Delete	File: View	Password: Add	Password: Archive
Password: Edit	Password: View	Permissions: Add	Permissions: Delete
Permissions: Edit	Permissions: View	Plugin Access	Report: Changed Passwords
Report: Client Audit Log	Report: Client Passwords	Report: Password Complexity	Report: Passwords Input by User
Report: Recently Run Reports	Report: Unchanged Passwords	RMM: Action Tools	Setup AD Sync
Site User: Add	Site User: Disable	Site User: Edit	SSL: Add/Edit
SSL: Disable	SSL: View	User: Add	User: Disable
User: Edit	Vault Access

Technician - Assigned Access

A permission level for regular users. This default level is intended for the day-to-day user by your technicians and engineers. Clients need to be manually assigned to the user for them to access that Client.

Included Permissions

Article: Delete	Article: Add/Edit	Article: View	Client: Edit
Client: View List	Document: Add/Edit	Document: Delete	Document: View
Domain: Add/Edit	Domain: Disable	Domain: View	File: Add/Edit
File: Delete	File: Folder Add/Edit	File: Folder Delete	File: View
Password: Add	Password: Archive	Password: Edit	Password: View
Plugin Access	Report: Password Complexity	Report: Recently Run Reports	Report: Unchanged Passwords
SSL: Add/Edit	SSL: Disable	SSL: View	Vault Access

Technician - Default Access

A permission level for regular users. This default level is intended for the day-to-day user by your technicians and engineers. Can access all Clients by default.

Included Permissions

Article: Add/Edit	Article: Delete	Article: View	Client: Edit
Client: View List	Client: Default Access	Document: Add/Edit	Document: Delete
Document : View	Domain: Add/Edit	Domain: Disable	Domain: View
File: Add/Edit	File: Delete	File: View	File: Folder Add/Edit
File: Folder Delete	Password: Add	Password: Archive	Password: Edit
Password: View	Plugin Access	Report: Password Complexity	Report: Recently Run Reports
Report: Unchanged Passwords	RMM: Action Tools	SSL: Add/Edit	SSL: Disable
SSL: View	Vault Access

Site Users

Default Permission Levels

Description

Site Administrator

This is permission level is only available for client-based users, unlocked through the Site feature. This allows the Site based user to fully manage their organization.

This permission level also includes a built-in override, and users with this level cannot get locked out of passwords, clients or areas of Passportal, or via Security Groups.

Included Permissions

Admin: Export Data	Admin: Manage User Lockouts	Credential Types: Add/Edit	Domain: View
Domain: Add/Edit	Domain: Disable	Edit Access Assignments	Folder: Add/Edit
Import Data	Password: Add	Password: Edit	Password: Archive
Password: Clear Flags	Password: View	Password: TOTP Add/Remove	Permission Share
Permissions: Add	Permissions: Delete	Permissions: Edit	Permissions: View
Plugin Access	Report: Changed Passwords	Report: Client Audit Log	Report: Passportal Logins
Report: Password Audit by User	Report: Password Complexity	Report: Passwords Input by User	Report: Passwords Known by User
Report: Recently Run Reports	Report: Unchanged Passwords	Security Groups: Manage	Site Administrator
Site User: Add	Site User: Disable	Site User: Edit	SSL: Add/Edit
SSL: Disable	SSL: View	User: Add	User: Disable
User: Edit	Vault Access

Site User

This permission level is only available for Site based users, unlocked through the Site feature. This is for a regular Site based user, giving them capabilities to access and use their passwords, but no control over settings or managing their own organization.

Site User - Limited

This limited permission level is only available for Site based users, unlocked through the Site feature. This is for a regular Site based user, giving them capabilities to access and use their passwords, but no control over settings or managing their own organization.

Permissions Details

Permission	Description
Admin: Cancel Account	Grants the ability for a user to cancel the subscription with Passportal.
Admin: Download Marketing Materials	Grants the ability for an admin to access the marketing materials downloads.
Admin: Export Data	Grants the ability to export all passwords, clients and/or users in a CSV file format.
Admin: Manage User Lockouts	Grants the ability for an admin to receive and handle user lockout incidences.
Admin: Organization Branding	Grants the ability for a user to upload custom logo's and change the colours of the website.
Admin: Payment Details	Grants the ability for a user to change and update the payment details for the ocular account.
Admin: PSA Sync	Grants the ability for a user to set up and manage the PSA Integration.
Article: Add/Edit	Grants the ability to add or edit Articles within Documentation Manager
Article: Delete	Grants the ability to delete Articles within Documentation Manager
Article: View	Grants the ability to view Articles within Documentation Manager
Blink User Reset	Grants the ability for the user to send Blink SMS resets to Blink users
Client: Add	Grants the ability to add new clients.
Client: Default Access	Grants the ability for a user to have default access to clients, instead of having to request access.
Client: Disable	Grants the ability to disable existing clients.
Client: Edit	Grants the ability to edit existing clients and the Client Overview Panel.
Client: View List	Grants the ability to view and navigate the client list. Users need this Permission to access client passwords.
Credential Types: Add/Edit	Grants the ability to add and remove custom credential types.
Dashboard: Edit	Grants the ability to edit the client Notification Banner
Document: Add/Edit	Grants the ability to add or edit documents
Document: Delete	Grants the ability to disable documents
Document: View	Grants the ability to only view documents
Domain: Add/Edit	Grants the ability to add or edit domain assets
Domain: Disable	Grants the ability to disable domain assets
Domain: View	Grants the ability to view only
Edit Access Assignments	Grants the ability for an admin to assign a user access to a client.
File: Add/Edit	Grants the ability to add or edit a file
File: Delete	Grants the ability to delete a file
File: Folder Add/Edit	Grants the ability to edit or create folders in the files section
File: Folder Delete	Grants the ability to delete folders in the files section
File: View	Grants the ability to view/download files
Folder: Add/Edit	Grants the ability to create/edit folders.
Import Data	Grants the ability to use the CSV import templates to bulk add passwords, clients and/or users.
Organization: Admin	An override permission. Grants access to all areas of Passportal , independently of other permissions. Overrides all security group and access assignments. Also grants access to the Security Groups (Add/Edit/Disable), Branding, Downloads, PSA Sync, Payment Details etc.
Password: Add	Grants ability to control who can create new passwords.
Password: Archive	Grants the ability to disable existing passwords.
Password: Clear Flags	Grants the ability to reset password flags for flagged passwords.
Password: Edit	Grants the ability to edit and modify existing passwords. (When granted also provides the permission Password: View even if that permission has not been explicitly granted).
Password: External Link Share	Grants the ability to create and share a credential link externally from Passportal using the Temporary Password Share feature.
Password: View	Grants the ability to view passwords.
Password: TOTP Add/Remove	Grant the ability to add/remove TOTP
Permissions: Add	Grants the ability to create custom permission levels.
Permissions: Delete	Grants the ability to delete existing permission levels.
Permissions: Edit	Grants the ability to modify existing custom permission levels as well as the ability to assign permission levels to users.
Permission: Share	Grants the ability to share passwords with client based users.
Permissions: View	Grants the ability to view the permission levels.
Plugin Access	Grants the ability to use Passportal plug-ins such as browser extensions, and RMM plugins. ConnectWise plugins Control and Automate Take Control plugin Passportal Browser Extension Firefox Chrome Edge Passportal Mobile App access Android Apple
Publish Item	Grants the ability to publish a document so that it is accessible publicly.
Report: Changed Passwords	Grants the ability to view which passwords were changed over a given date range via this report.
Report: Client Audit Log	Grants the ability to view all activities performed for a client(s) over a given date range via this report.
Report: Client Passwords	Grants the ability to view passwords for a particular client in plain text. This will be recorded in the password access logs.
Report: Passportal Logins	Grants the ability to view all logins for a user(s) at your organization over a given date range via this report.
Report: Password Audit by User	Grants the ability to view all activities performed by a user(s) over a given date range via this report.
Report: Password Complexity	Grants ability to audit the strength and complexity of passwords via this report.
Report: Passwords Input by User	Grants the ability to view which current passwords were input by a given user/users via this report.
Report: Passwords Known by User	Grants the ability to view all passwords known by a user(s) for their entire lifespan using Passportal via this report.
Report: Recently Run Reports	Grants the ability to view and re-run previously run reports.
Report: Unchanged Passwords	Grants the ability to view what passwords have not been changed after a chosen date via this report.
RMM: Action Tools	Grant the ability to see and use the special actions available within each RMM when viewing an asset (Remote Access, Shortcut to record in RMM, Software Audit, etc.)
Security Groups: Manage	Grants the ability to edit all security groups
Security Groups: View	Grants the ability to view all security groups
Setup AD Sync	Grants the ability to configure and change settings related to the Active Directory Sync service - Includes Blink Setup - Grants access to Agent Key information required to install AD Sync agents
Site User: Add	Grants the ability to add site users
Site User: Disable	Grants the ability to disable site users
Site User: Edit	Grants the ability to edit existing site users
SSL: Add/Edit	Grants the ability to add or edit SSL certifications
SSL: Disable	Grants the ability to disable SSL certifications
SSL: View	Grants the ability to view only SSL certifications
Template: Add/Edit	Grants the ability to create new templates and edit existing templates
Template: Delete	Grants the ability to delete templates
User: Add	Grants the ability to create new users
User: Auto-provision	Grants the ability to set Auto-provisioning. This permission is only available to for Admins.
User: Disable	Grants the ability to disable existing users.
User: Edit	Grants the ability to edit existing users.
Vault Access	Give the user a My Vault section

The list of permissions is constantly being updated in order to gradually improve the system by eliminating ambiguity and granting more granular control. If you have any questions, please contact support.