Getting started with roles
A role is an identity with a set of permissions. The role's permissions determine the tasks the identity can and cannot perform in the Secure Endpoint Console. A role is not uniquely associated with one user, rather a role could apply to anyone who needs the permissions a role provides. A role doesn't have any credentials (username or password) associated with it.
For more information about working with roles, visit the Learning Hub. To access the Learning Hub, click 
(Help and Support) on the quick access toolbar and then click Resources > The Learning Hub.
Role types
The Secure Endpoint Console includes two types of roles:
- Default roles are the user roles that are delivered with the Absolute product you purchase. Permissions are set for all users for existing features. As new features are added to Absolute, the Default user roles are updated with new features and default permissions. Default user role permissions are read-only.
-
Custom roles are created by System Administrators only, in one of two ways: by duplicating an existing default or custom role and editing its permissions, or by selecting a set of permissions and assigning a name to the role. Custom user roles show under Custom on the User Management sidebar.
As new features are added to Absolute products, you need to update your custom roles to map to the new functionality and to provide the appropriate permissions.
Each role consists of three components, which show on the following individual pages when you view a role:
- Permissions: a set of individually assigned permissions
- Manageable Roles: a list of roles that the role can manage
- Assigned Users: a list of users assigned to the role
Working with roles
Depending on the permissions associated with your user role, you may be able to perform the following role-related tasks:
