The Security Admins group is a built-in group created during the installation of Privileged Threat Analytics (PTA). By default, members of this group are granted the specific authorizations required to view and manage PTA settings within the PVWA. This includes the configuration of security policies, automatic remediation actions, and session analysis and response rules on the Security Configuration page. This role is purpose-built for administering the threat analytics and response capabilities of the CyberArk platform.

A. Vault Admins: While Vault Admins have high-level privileges, the Security Admins group is the designated role specifically for managing PTA security configurations.

C. Security Operators: This group is designed for monitoring and responding to security incidents identified by PTA, not for configuring the core policies and remediation rules.

D. Auditors: This is a read-only role with permissions to view reports and session recordings for compliance and review purposes; they cannot perform any configuration.

---

1. CyberArk Privileged Threat Analytics Documentation (Self-Hosted)

Version 13.0

"PTA users and groups".

Section/Reference: In the "PTA users and groups" section

the documentation states

"The Security Admins group is created in the Vault during PTA installation... This group is authorized to manage PTA settings in the PVWA Security Configuration page." This directly confirms that Security Admins have the required configuration permissions.

2. CyberArk Privileged Access Manager Documentation (Self-Hosted)

Version 13.2

"Built-in Users and Groups".

Section/Reference: The description of the Auditors group specifies its role is to "view activities and access reports and recordings

" confirming its lack of configuration rights. The description for Vault Admins focuses on Vault-level management (Safes

users)

distinguishing it from the security policy focus of Security Admins.