User Administrator
This user can create new user and read only those users which are assigned to the groups assigned to the user. Additionally the user can create group and read only those group(s) which are assigned to logged in user.
The user can grant or revoke the Application, Shared & System roles to Groups/Users.
- The User Administrator will be assigned the User Administrator and Restricted User Administrator permission set by default.
- The User Administrator will be assigned the following permissions by default:
Description | Remarks |
User Administrator Permissions | |
Applications\Can Read All Applications | This permission gives you the right to read all the applications. |
Restricted User Administrator Permissions | |
Audit and Reporting\Can Generate Documentation | This permission gives you the right to generate the documentation. |
Audit and Reporting\Can Read Event Log | This permission gives you the right to read an Event Log. |
Groups\Can Create Group | This permission gives you the right to create a group. |
Groups\Can Delete Group | This permission gives you the right to delete a group. |
Groups\Can Read Group | This permission gives you the right to read a group. |
Groups\Can Update Group | This permission gives you the right to update a group. |
Roles\Can Create Application Role | This permission gives you the right to create an application role |
Roles\Can Create Shared Role | This permission gives you the right to create a shared role |
Roles\Can Delete Application Role | This permission gives you the right to delete an application role |
Roles\Can Delete Shared Role | This permission gives you the right to delete a shared role |
Roles\Can Grant Revoke Application Roles To Groups | This permission gives you the right to grant or revoke application roles to the groups. |
Roles\Can Grant Revoke Application Roles To Users | This permission gives you the right to grant or revoke application roles to the users. |
Roles\Can Grant Revoke Shared Roles To Groups | This permission gives you the right to grant or revoke shared roles to the groups |
Roles\Can Grant Revoke Shared Roles To Users | This permission gives you the right to grant or revoke shared roles to the users |
Roles\Can Read Application Role | This permission gives you the right to read an application role. |
Roles\Can Read Shared Role | This permission gives you the right to read a shared role. |
Roles\Can Read System Role | This permission gives you the right to read a system role |
Roles\Can Update Application Role | This permission gives you the right to update an application role |
Roles\Can Update Shared Role | This permission gives you the right to update a shared role |
Users\Can Approve Pending Users | This permission gives you the right to approve or deny users |
Users\Can Assign Remove Users To Groups | This permission gives you the right to assign or remove users to the group |
Users\Can Approve Pending Users | This permission gives you the right to approve or deny the users |
Users\Can Assign Remove Users To Groups | This permission gives you the right to assign or remove users to the group |
Users\Can Create User | This permission gives you the right to create an user |
Users\Can Delete User | This permission gives you the right to delete an user |
Users\Can Lock Unlock User | This permission gives you the right to lock or unlock an user |
Users\Can Read User | This permission gives you the right to read an user |
Users\Can Update User | This permission gives you the right to update an user |
- To explore the impact of permissions please click on the relevant link below:
Please Note: The sections on which the role has no impact has not been listed
Impact of user administrator role on applications
This module explains the impact on the applications if the user has been granted the User Administrator Role.
- The User will be assigned following permissions:
Description | Remarks |
Can Read All Application | This permission gives you the right to read all applications. |
- Once the user logs in using the assigned mode of authentication, the following screen will be displayed.

- The user will be able to view list of all the applications (A).
- Since the user has permissions to Can Read All Applications the user will be able to view the details of all the applications.
- The user can click on the Application name to view the application information as shown below:

- The application information will be available in read only mode.
Impact of User Administrator Role on Audit and Reporting
This module explains the impact on the audit and reporting if the user has been granted the User Administrator Role.
- The User will be assigned the following permissions:
Description | Remarks |
CanGenerateDocumentation | This permission gives you the right to generate documentation. |
Can Read Event Log | This permission gives you the right to read an Event Log. |
- Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
- The user will be able to view list of all the applications (A).

Since the user has permissions to Can Generate Documentation he can use the Generate Documentation option to generate the documentation of each entity in the Visual Guard console.

- Can Read Event Log permission allows access to viewing the event log as shown below:

Impact of User Administrator Role on Groups
This module explains the impact on the groups if the user has been granted the User Administrator Role.
- The User will be assigned the following permissions:
Description | Remarks |
Can Create Group | This permission gives you the right to create a group. |
Can Delete Group | This permission gives you the right to delete a group. |
Can Read Group | This permission gives you the right to read group. |
Can Update Group | This permission gives you the right to update a group. |
- Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
- The user will be able to view list of all the applications (A).

- Since the user has permissions to Can Read Groups, the user will be able to view the group that has been assigned to him.
- The parent groups of the assigned group will also be displayed.

- Depending on the user privileges and assigned group privileges the list of privileges will be decided automatically.
- The Can Create Group privilege allows the user to create a group. This option will be available only if a group has been assigned to the user.

- The new group will be listed under the Parent Group. The user can view group details by clicking on the group name.

- Since the user has the Can Delete Group and Can Update Group privileges he can remove or update group related details.

Impact of User Administrator Role on Role
This module explains the impact on the roles if the user has been granted the User Administrator Role.
- The User will be assigned the following permissions:
Description | Remarks |
Can Create Application Role | This permission gives you the right to create an application role |
Can Create Shared Role | This permission gives you the right to create a shared role |
Can Delete Application Role | This permission gives you the right to delete a application role |
Can Delete Shared Role | This permission gives you the right to delete a shared role |
Can Grant Revoke Application Roles To Groups | This permission gives you the right to grant or revoke application roles to the groups. |
Can Grant Revoke Application Roles To Users | This permission gives you the right to grant or revoke application roles to the users. |
Can Grant Revoke Shared Roles To Groups | This permission gives you the right to grant or revoke shared roles to the groups |
Can Grant Revoke Shared Roles To Users | This permission gives you the right to grant or revoke shared roles to the users |
Can Read Application Role | This permission gives you the right to read an application role. |
Can Read Shared Role | This permission gives you the right to read a shared role. |
Can Read System Role | This permission gives you the right to read a system role |
Can Update Application Role | This permission gives you the right to update an application role |
Can Update Shared Role | This permission gives you the right to update a shared role |
- Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
- The user will be able to view list of all the applications (A).

- The user can create a new role under an application since he has the Can Create Application Role privilege.

- The new role will be listed under the Application>Roles option. The user can view the role details by clicking on the role name as shown below:

- Since the user has the Can Read Application Role and Can Update Application Role privilege, the user can view and update role details by clicking on the Application>Role> Rolename.
- Since the user has also been granted the Can Grant Revoke Application Roles To Users privilege the user can grant/revoke new roles to user using options “Grant role to users” & “Revoke role from users” available under tab “Granted User”
Please Note: You can also grant/revoke roles of users Users> Username> Roles> Edit Roles option. Click here (missing link) to know more.

- Grant role to users: When you select option “Grand role to users” you are provided with a screen to select users to whom the role is to be assigned.

Once the users are successfully assigned to the Group, below message will appear

- Revoke role from users: When you select option “Revoke role from users” you will be asked for confirmation, as shown below:

Once confirmed by clicking on option “yes” , the role will be successfully revoked and below message will appear:

- The user can also grant/Revoke the role to the groups, since the user has the Can Grant Revoke Application Roles To Groups privilege.

- The new role will be listed under the application, the user can select and grant the role.

- The user can delete the application role since he has the Can Delete Application Role privilege.
- Additionally the User Administrator has access to manage the Shared Roles.
- The Can Create Shared Role privilege allows the user to create a new Shared Role.

- The new role will be listed under the Shared Roles option. The user can view the role details by clicking on the role name as shown below:

- The user has the privilege to read and update the shared roles information, since he has been granted the Can Read Shared Role and Can Update Shared Role privileges.
- Since the user has also been granted the Can Grant Revoke Shared Roles To Users privilege the user can edit the granted users option.

- The user can select and edit the members for the selected role. Click here to know more.
- The user can also grant the shared role to the groups, since the user has the Can Grant Revoke Shared Roles To Groups privilege.

- The user can assign the shared role to the group.

- The user can delete the shared role, since he has the Can Delete Shared Role privilege.
- The User administrator can just view the System Roles related information, since he has the Can Read System Role privilege.
- The user can view and update the role details by clicking on the Application>Role> Rolename.
Impact of User Administrator Role on Users
This module explains the impact on the user related permissions if the user has been granted a User Administrator Role.
- The User will be assigned following permissions:
Description | Remarks |
Can Create User | This permission gives you the right to create an user |
Can Delete User | This permission gives you the right to delete an user |
Can Lock Unlock User | This permission gives you the right to lock or unlock an user |
Can Read User | This permission gives you the right to read an user |
Can Update User | This permission gives you the right to update an user |
- Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
- The user will be able to view list of all the applications (A).

- The user can create a new user, since he has the Can Create User privilege.
- The user can create a user only under the groups assigned to him.

- When the user clicks on the new user option following screen will be displayed:

- Click “OK” to complete the user creation.
- The new user account will be created and will be displayed in the Grid on Right side.

- The user can view the user details by clicking on the user name as shown below:

- Since the user has the privilege Can Read User and Can Update User, the user will be able to update the user details.
- The user administrator has the privilege to delete the user, since the user has the Can Delete User privilege.
- Additionally the user administrator can lock a user or unlock the user accounts since he has the Can Lock Unlock User permission.
See Also:
- Special Roles
- Impact of granting multiple roles
- Special Roles & Permission Matrix