Quest On Demand uses the Role-based Access Control (RBAC) security policy that restricts information system access to authorized users. Your Quest On Demand organization comes configured with a number of default roles which cannot be changed, but subscribers can create custom roles with the permissions to perform needed operations on the assets of the organization.
If you are the On Demand administrator or the owner of the subscription, you can add users to an existing organization and assign the required roles. If you are not the subscription owner or administrator, contact your On Demand administrator for access.
When you add a user to an organization, you also assign one or more roles. The role assignment determines what permission level a user has and ultimately, what tasks the user can perform. Assigning roles and setting user permissions is referred to as access control.
Access control is a process by which users are granted access and certain privileges to systems, resources, or information. In On Demand, you can grant authenticated users access to specific resources based on your company policies and the permission level assigned to the user.
On Demand comes configured with a number of default roles. The default role permissions settings cannot be changed, but you can create custom roles with specific permission settings to align with your company policies. You can assign multiple roles to each user in order to combine permission sets.
NOTE: Every user must be assigned to at least one role. You cannot remove all roles from a user.
For more information about the various roles that can be assigned to users, please see the On Demand Global Settings Current - User Guide.
The Security Administrator role gives users full access to Security Guardian, as well as the following permissions for On Demand global settings:
Export data
Read access control roles
Read Activity Trails
For more information on assigning roles, see Users and Roles in the On Demand Global Settings User Guide.