View Available Permissions of an Administrator
Under some configurations, a lower-privileged administrator, for example, an administrator assigned the default Help Desk Administrator role, may be able to modify the account of a higher-privileged administrator. To audit the permissions assigned to administrators and verify that lower-privileged administrators do not have permissions that allow them to modify the accounts of higher-privileged administrators, use the following procedure.
Before you begin
You must be a Super Admin.
Procedure
In the Security Console, click Identity > Users.
Use the search fields to find Administrators.
Click the name of the administrator and select Available Permissions from the context menu.
The user's assigned administrative roles are displayed. For each role, the following information displays:
Security Domain. The security domain of the administrators who are allowed to manage the assigned role.
Security Domain Scope. The scope of the administrator's role, i.e., where the administrator can perform the tasks for this administrative role.
Identity Source Scope. The identity sources the administrator may access, if her administrative role includes managing users or user groups.
Permission Delegation. Whether the assigned administrator can create new administrative roles that include this role's permissions.
Administrative Tasks and Permissions. The permissions the administrator has to modify objects in the system, for example, permission to add users, or just view them.
After you finish
If you find that an administrator has scope or permissions that give more privileges than appropriate, you can do the following:
Add or remove roles from the set of roles assigned to the administrator. For more information, see Assign an Administrative Role.
Edit one or more of the administrator’s roles to change the scope, set of permissions or both that role includes. This affects all administrators assigned the role. For more information, see Edit an Administrative Role.
Create a new role having the correct scope and the exact set of permissions required, and assign it to the administrator. You can create a new role or duplicate an existing role and modify it. For more information, see Add an Administrative Role.
Related Articles
Add, Edit, or Delete an Administrator in the Cloud Administration Console Number of Views Unable to login to RSA Authentication Manager Security Console as super admin Number of Views View All Administrative Roles Assigned to an Administrator Number of Views Administrative Role Scope and Permissions Number of Views How to prevent a local administrator from setting a reserve password in the RSA Authentication Agent for Windows Control C… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
