RBAC Window

<< Click to Display Table of Contents >>

RBAC Window

RBAC, or Role-Based Access Control, provides a way to limit the ability of individual users to make changes in PDQ Inventory and PDQ Deploy.

All roles and user assignments are defined in PDQ Inventory and available to PDQ Deploy via integration. For more information, see the RBAC section of the integration help page.

The PDQ Deploy RBAC window has two tabs for managing RBAC:

View

Control

 

Important: Role-Based Access Control (RBAC) within this product is not intended to replace Windows or other system-level access control mechanisms, and it should not be relied upon to enforce security restrictions on user activity. Due to the local nature of the software and its limited authority over the surrounding environment (unlike a hosted web application), RBAC is best understood as a mechanism for feature availability and user interface presentation rather than an ultimate security boundary.
 
Appropriate external access controls should continue to be used to govern access to systems managed through Deploy and Inventory, as well as any credentials stored within those systems.

View Tab

The View tab displays details about the current user and their assigned role. All available permissions are listed along with indicators to show whether or not each permission is granted by the assigned role.

If the user is assigned a different role or their assigned role is modified while the RBAC window is open, the View tab will update automatically. A notification will appear within the tab to indicate the date and time of the most recent update.

The View tab is read-only. No changes can be made within the tab.

If RBAC is disabled, the View tab will display the Super User role for all users and the contents of the tab will be grayed out.

Role

The View tab includes the name of the current user and the name of their assigned role. Role names may be custom or reserved.

Super User

The Super User role is reserved and cannot be modified. This role always grants all available permissions.

Default

The Default role is reserved and cannot be modified. This role always denies all available permissions.

Custom

Custom roles are defined in PDQ Inventory and can have any name that is not reserved or in use by another role.

Any combination of the permissions described below can be granted by a custom role.

Permissions

Name

Description

Applies to

Manage RBAC

Assign roles, define roles, and disable RBAC

PDQ Inventory*

Modify Collections

Create, edit, and delete Collections

PDQ Inventory

Modify Scan Profiles

Create, edit, and delete Scan Profiles

PDQ Inventory

Modify Reports

Create, edit, and delete Reports in PDQ Inventory

PDQ Inventory

View Audit Logs

View and export Audit Log records for all users in PDQ Inventory

PDQ Inventory

Modify Audit Log Settings

Make changes to the way PDQ Inventory Audit Log records are stored and retained

PDQ Inventory

Modify Database Settings

Make changes to Database settings in PDQ Inventory

PDQ Inventory

Manage Deployments

Create, edit, and delete Deployment Schedules. Deploy schedules and packages manually.

PDQ Deploy

Modify Packages

Create, edit, and delete Packages

PDQ Deploy

Modify Target Lists

Create, edit, and delete Target Lists

PDQ Deploy

Modify Reports

Create, edit, and delete Reports in PDQ Deploy

PDQ Deploy

View Audit Logs

View or export Audit Log records for all users in PDQ Deploy

PDQ Deploy

Modify Audit Log Settings

Make changes to the way PDQ Deploy Audit Log records are stored and retained

PDQ Deploy

Modify Database Settings

Make changes to Database settings in PDQ Deploy

PDQ Deploy

*NOTE: "Manage RBAC" applies to the ability to modify role definitions and assignments in PDQ Inventory but is also used to determine a user's ability to disable RBAC in both PDQ Inventory and PDQ Deploy.

Control Tab

The Control tab allows RBAC to be enabled or disabled for PDQ Deploy.

If RBAC is enabled in PDQ Deploy, access to all features will be determined by the console user's role as assigned in PDQ Inventory. Portions of PDQ Deploy may be disabled or read-only if the user's role does not grant permission to make use of the corresponding feature.

If RBAC is disabled in PDQ Deploy, all PDQ Deploy users will be treated as having access to the Super User role.

The Control tab also displays the current RBAC state (enabled or disabled) in PDQ Inventory and its impact on RBAC behavior in PDQ Deploy. Additional information about how PDQ Inventory may impact RBAC behavior in PDQ Deploy can be found in the RBAC section of the integration page.

In order to make changes within the Control tab, the RBAC window must not be locked by a different console session and one of the following must be true:

RBAC is currently enabled in PDQ Deploy and the current console user is assigned a role that gives them permission to Manage RBAC.

OR

RBAC is currently disabled in PDQ Deploy and the current console user is the PDQ Deploy background service user.

NOTE: RBAC is not available when running PDQ Deploy in local mode.

See Also

RBAC Integration with PDQ Inventory

 

 

 

© 2026 PDQ.com Corporation. All rights reserved.

PDQ.com is a trademark of PDQ.com Corporation. All other product and company names are the property of their respective owners.

Help Version: 20.0.5.0