Hey Guys,

I have got a use case where my client does not have a centralise PAM team to control end to end asset/accounts onboarding to Password Safe (PS) and manage the BT upgrade. 

I can think of a solution as BT tool related tasks (patching/upgrading etc.) can be taken by Infra/ IT team and 1 person from each application team (Linux, Windows, Database etc.) can be given permission to perform a set of actions like onboard asset/account, manually trigger update/change password, approve request etc.

Application Team owners will be provided with End User Guide explaining each task they can perform so they have all the resources they need.

I see there is ISA role which I can leverage for Application Owners but it gives a lot of unwanted permission.

Is there any other way where I can create another role in BeyondTrust Password Safe to cater my specifics?

Thanks in advance!   :)

Disclaimer: I have worked in other PAM tools where this was achievable but not sure in BT aspect as I’m new to BT.