Roles and Permissions in PingOne
The ability to perform an action in PingOne is determined by Role-Based Access Control (RBAC). For example, when you initiate a request to a PingOne endpoint, you must have the role required by the endpoint to execute the request. Roles define the permissions available to users with that role.
Refer to:
-
Built-in Admin Roles for the PingOne built-in admin roles that can be assigned.
-
Custom Admin Roles to create your own roles for PingOne administrators.
-
-
PingOne Permissions by Identifier for the permission identifiers and descriptions. This information is returned by Read All Built-in Admin Roles.
-
PingOne Permissions by Service when assigning admin roles per PingOne service.
-
PingOne Permissions by Resource when assigning admin roles per PingOne resource.
-
PingFederate SSO admin permissions for the available PingFederate roles.
Admin assignments to roles are set either by:
The built-in PingOne roles are:
| Role | Can Assign |
|---|---|
Organization Admin |
Environment Admin |
Environment Admin |
All roles except Organization Admin |
Identity Data Admin |
Identity Data Admin, Identity Data Read-Only Admin, Help Desk Admin |
DaVinci Admin |
DaVinci Admin, DaVinci Read-Only Admin |
Custom Role Admin |
None |
Application Owner |
None |
Identity Data Read-Only Admin |
None |
Configuration Read-Only Admin |
None |
DaVinci Read-Only Admin |
None |
Client Application Developer |
None |
Help Desk Admin |
None |
Privilege Admin |
None |