Role-Based Access Control

PDQ Connect supports the use of Role-Based Access Control (RBAC) to limit user permissions based on predefined roles. RBAC allows administrators to enhance security and control by ensuring that users only have access to the resources they need. 

Settings Page

To access the settings for Role-Based Access Control in PDQ Connect, click the gear icon located at the bottom left of the PDQ Connect interface. This will take you to the Teammates tab of the Settings page where user roles may be viewed and assigned. 

Assigning Roles

The Teammates tab contains a list of all users with access to your PDQ Connect organization along with their existing user role as seen in the Role column. To change a user’s role, click the down arrow to the right of their role and select a new role from the drop-down list.

Default Roles

PDQ Connect has two preconfigured roles: Admin and Member.


  • The Admin role has access to the full capabilities of Connect, including the ability to create groups, deployments, automations, and manage other users. 


  • The Member role has the same capabilities as the Admin role but cannot invite additional users or manage user permissions. 
  • The built-in user roles cannot be deleted or edited. 
  • The user who initially signs up for Connect will be granted the role of Admin. 
  • Users added in the future will be assigned the Member role by default.
  • The default role assigned to new teammates may be changed under the Roles tab of the Settings page.
  • Only users with the Admin role can change another users role. 
  • Users with the Admin role cannot change their own role. But they can change the role of other Admins.
  • To "demote" an Admin, grant another user the Admin role who will then change the previous Admin's role. 

Configuring Roles

The Roles tab of the Settings page displays all user roles currently available in PDQ Connect. Both default roles will be seen here in addition to any custom roles created by administrators. Custom roles will be listed as such under the "Type" column, while the two built-in roles will be labeled as "PDQ." 

The Name column displays the friendly name of each role along with the designated default user role, noted by the blue "Default" icon. The default role is the initial role assigned to any teammate invited to join a PDQ Connect organization. Any role can be set as the default. 

To edit, delete, or set a role as the default, click on the vertical ellipsis located on the right side of the row for that role.

To Create a new Role, use the "Create role" button at the top right of the page. This will present a popup with options to name the new role and configure its permissions. The options shown when creating a new role are identical to those available when editing an existing one.

Available Permissions

Below is a complete list of the available permissions available in PDQ Connect for Role-Based Access Control, along with a brief description what each permission does. All permissions may be enabled or disabled based with the exception of Manage Teammates, which is reserved for the Admin role. 

  • Deploy packages
    • User can initiate, cancel, and re-deploy package deployments
  • Manage automations
    • User can create, edit, and delete automations
    • This permission is unavailable if "Deploy packages" is disabled.
  • Manage custom packages
    • User can create, edit, and delete custom packages
  • Manage groups
    • User can create, edit, and delete device groups
  • Manage reports
    • User can create, edit, and delete reports
  • Manage custom scanners
    • User can create, edit, and delete custom scanners
  • Manage custom fields
    • User can create, edit, and delete custom fields
  • Run commands
    • User can run CMD and PowerShell commands directly on a device
  • Delete devices
    • User can permanently delete devices
  • Manage roles
    • User can create, edit, and delete teammate roles
  • Invite teammates
    • User can invite teammates to use Connect
  • Manage teammates
    • User can change teammate roles and remove them from the organization
    • Only users with the admin role can manage teammates.
  • Manage custom variables
    • User can create, edit, and delete custom variables
  • Manage API keys
    • User can view, create, and revoke API keys
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.