Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Role-Based Access Control in PDQ Deploy & Inventory

PDQ
06/22/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


Okay, this is a beta release channel, right? So, and there's some beta features here that we want your help testing. We want the feedback about this. They're features that have been long awaited and it's a feature of role-based access control, right? So, you can now control who can do what inside of PDQ Deploy and PDQ Inventory. Okay, a couple of questions. What version were they on when you started? Do you remember? My goodness, I'm trying to remember. Version two? No, it was, no, eight, seven, seven, seven or eight. Okay, sorry, go ahead, continue. Yeah, it was version seven or eight. And internally, we've been talking about role-based access control for, I don't know, eight years. Okay. Pretty much, we mentioned yesterday, we were in the old building back when we were first formulating this. So, like I said, this is beta. This is early access. To get into it, join Discord, get into the Deploy and Inventory beta channel, and you can get version 20 out of that and you can test it yourself. Link is in the chat right now. Thanks so much, Kelly. Additionally, anyone who does that and gives us some really good feedback and the person who reads it is in a good mood and they happen to find it, we'll send you some socks. Wow. Right? So, there's some incentive to go in and try and break it, try and tell us what's missing, what's not missing, what you find useful, what's not useful, all kinds of that, we wanna know. Okay. Okay, let's show it, should we? Yes. Okay, but first, we're gonna show the other new feature because there's another one here too. You're really dragging this out, Josh. Look, you only get to do this one time. Man, okay, go ahead. So, it's the audit log. This is also new in this version, right? So, this audit log that I'm in right now, ooh, I need to actually switch because I'm in the wrong one. I need to go over here. I swear I logged on this morning and timed out. I'm so sorry. That's okay. We're back. All right, let's jump into the audit log here and you can see everything that our user, Randy Marsh, has been doing. Okay? So, you can see that Randy Marsh has edited some user roles from yesterday. Wonder why. Maybe created a collection called Josh's collection. The audit log does not report on anything that is system generated. So, think deploy schedules or scheduled scans. Those aren't gonna show up here. What's gonna show up here is everything that a user might do. So, think of these two things now together. I've got an audit log and I've got roles-based access control. So, I can control and also check to make sure that my controls are working and people aren't doing what they're not supposed to do. Ooh, okay. So, I can spy on my junior people and see what they're up to. Yeah, exactly. Okay. To get to any preferences on the audit log, it's just from there, edit preferences. It uses nlog under the hood so you can use this advanced configuration file. We're not gonna dive into that today, but you can. You can start streaming these logs to Sims, to databases, to files in the format you want. You can start dumping all of that out. Okay. Okay, let's get to what we really wanna get to, which is role-based access control. RBAC. Everything is controlled via PDQ inventory. Okay. So, even the RBAC for PDQ deploy is defined inside of inventory. Got it. The only thing that you can do inside of deploy, we'll bounce over there and show you, is you can view what your current console user can do. These are tied to console users. And you can turn off RBAC, right? That's all you can do here. So, we're gonna live in inventory to show this, okay? Okay. You can see I've got two console users here. I've got Randy Marsh, which is our background service user, default console user, and we'll default to the super user role. The super user role can do everything. And then we've got another console user who I've just happened to call Helpdesk. Helpdesk and any new console users, when you enable this will default to the default role. Okay. The default role cannot be edited and it cannot do anything. Okay. So, that's an important call out. When you upgrade and you enable this, do it as the background service user, or else you're gonna get yourself in a point where you're like, I can't do anything. So, do it as a background service user, log in, and then we're gonna create a role. Okay. So, let's go create a role, should we? Yes, I want to. Okay. Let's call one called Helpdesk right here. What do we want this person to be able to do? Probably not much. This is gonna be a level one Helpdesk person, so we're gonna lock it down pretty heavily. Okay. We want them to maybe manage deployments? Yes. Anything else? I don't think so. We don't want to modify any deployments. We don't want to modify packages. No, no, no. Just send deployments, that's it. Okay. We just want them to do that. Okay. Yes. So, we're gonna create our role. It's called the same thing as the other, it's Helpdesk. Is that a problem? Nope. Okay. Because this is my console user named Helpdesk, and now I've got a role named Helpdesk. Okay. And then we're gonna come back here, and we're gonna assign that role here. Okay, so now I'm gonna switch gears here, and I'm gonna jump into, oops, this one. Okay. Where I am, and I'll bring up a, who am I? I am Helpdesk. I am now that user, and I'm on Cocoa Pebbles. Now, if you look, if I wanted to do something like, edit this collection. You don't have to log out? No. Oh. These are live. Oh, that's nice. These happen in real time, right? So, I can't, this current user doesn't have permission to modify collections, because I didn't give it access to do anything, but I can still read the data here. But we did give Helpdesk the ability to deploy a package, right? So, it can deploy GIMP here, for example, to itself. And I can't, notice I can't delete. Maybe I want them to be able to delete, okay? Okay. So, we're gonna switch gears again. We're gonna come back over here. We're gonna define another role here, to where it can modify package, and modify collections, apply it. We're gonna come back again over here, and now, look at that. Now, I can. It happens that fast? It's that fast. As soon as you change it, oh, wow. Love that. Yep, yep. Okay. Now, check out what's in here. Now, in my audit log, I can't view other users' audit logs, but I can view the things that I did. But if you're the super user, you could view everybody's. Then, I see everybody's, right? Love it. Okay, and what else do we do? I think we said that we could now modify collections. Yes, you did. All right, so now, that lock is out of here, and I can add another filter, and computer, online, or we can just do something like this, and blow this whole thing up. Oh, I love that. Okay. Oh, that's nice. Okay. There we go. That is a very quick, brief tour of role-based access control inside of PDQ Deployment Inventory. I love it. Again, this is only available in the beta. If you wanna get the beta, join Discord, join the Deployment Inventory beta channel, and let us know what you think. You might win some socks. Okay, thank you. ♪♪♪

TL;DR

  • PDQ version 20 beta introduces role-based access control (RBAC) and audit logging, features that have been in development for approximately eight years and address critical security and governance needs.
  • RBAC allows administrators to create custom roles with granular permissions (deploy packages, modify collections, etc.) and assign them to console users, with all role management centralized in PDQ Inventory.
  • Permission changes take effect immediately in real time—users see updated capabilities without logging out, enabling dynamic access control in fast-paced IT environments.
  • The audit log tracks all user-initiated actions (excluding system-generated events) and integrates with RBAC to provide visibility into who did what, with super users able to view all activity across the organization.

Version 20 Beta Features Overview

PDQ introduces two major security and governance features in version 20's beta release: role-based access control (RBAC) and audit logging. These capabilities address long-standing customer requests for granular permission management and activity tracking within PDQ Deploy and Inventory. The RBAC implementation allows administrators to define precisely who can perform specific actions, from deploying packages to modifying collections. All role management is centralized in PDQ Inventory, even for controlling PDQ Deploy permissions. The audit log complements RBAC by tracking all user-initiated actions in real time, excluding system-generated events like scheduled scans. Together, these features enable organizations to enforce least-privilege access while maintaining visibility into administrative activities across their endpoint management infrastructure.

Implementing RBAC and Real-Time Permission Updates

The demonstration showcases how to create custom roles with specific permissions and assign them to console users. New console users default to a restricted 'default' role with no permissions, while the background service user maintains 'super user' status with full access. Administrators can create granular roles—such as a 'Helpdesk' role limited to deploying packages—and assign them through the Inventory console. A standout capability is real-time permission enforcement: when an administrator modifies a role's permissions, users see the changes immediately without needing to log out or restart their sessions. The audit log provides transparency by allowing users to view their own activity history, while super users can monitor all actions across the organization. This combination of flexibility and immediate enforcement makes RBAC practical for dynamic IT environments where permissions need frequent adjustment.

Chapters

0:00 - Introduction to Version 20 Beta
1:49 - Audit Log Feature Overview
3:18 - RBAC Configuration in Inventory
4:37 - Creating Custom Roles
5:21 - Real-Time Permission Demonstration
7:20 - Beta Access and Feedback

Key Quotes

0:17 "They're features that have been long awaited and it's a feature of role-based access control, right? So, you can now control who can do what inside of PDQ Deploy and PDQ Inventory."
0:45 "Internally, we've been talking about role-based access control for, I don't know, eight years."
2:43 "I've got an audit log and I've got roles-based access control. So, I can control and also check to make sure that my controls are working and people aren't doing what they're not supposed to do."
6:38 "It happens that fast? It's that fast. As soon as you change it, oh, wow."

FAQ

Do I need to upgrade both PDQ Deploy and PDQ Inventory to use RBAC?

Yes, RBAC is a version 20 feature that requires both products to be updated. All role management is performed in PDQ Inventory, even for controlling PDQ Deploy permissions, so both applications must be on the same version to function properly.

What happens to existing console users when I enable RBAC?

The background service user defaults to the 'super user' role with full permissions. Any other existing console users will default to the 'default' role, which has no permissions. You should enable RBAC while logged in as the background service user to avoid locking yourself out, then create appropriate roles and assign them to other users.

Categories:
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Identity & Access
  • Endpoint Management
  • Security Operations
  • Demo
  • Technical Deep Dive
  • Role-Based Access Control
  • RBAC
  • Audit Logging
  • User Permission Management
  • PDQ Deploy
  • PDQ Inventory
  • Endpoint Management Security
  • Console User Roles
  • IT Governance
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Role-Based Access Control in PDQ Deploy & Inventory

              XStreaminars (watch here)

              • Jul
                28

                Illumio + Netskope: Zero Trust in the Age of AI Autonomy

                07/28/202601:00 PM ET
                • Jul
                  29

                  Ask Your Cloud Anything: Unlocking Governance Silos in your Environments

                  07/29/202601:00 PM ET
                  More events

                  Industry Events (watch there)

                  • Jul
                    22

                    Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                    07/22/202601:00 PM ET
                    • Aug
                      19

                      Becoming Agent Ready: Insights from Cyera's Expertise

                      08/19/202612:00 PM ET
                      More events

                      Upcoming Webinar Calendar

                      • 07/21/2026
                        04:00 AM
                        07/21/2026
                        Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                        https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
                      • 07/22/2026
                        06:30 AM
                        07/22/2026
                        Insights and Strategies for Effective Data Privacy and Protection
                        https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
                      • 07/22/2026
                        01:00 PM
                        07/22/2026
                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                        https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
                      • 07/28/2026
                        01:00 PM
                        07/28/2026
                        Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                        https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
                      • 07/29/2026
                        04:00 AM
                        07/29/2026
                        Real-Time Strategies for Safeguarding Against Prompt Injections
                        https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
                      • 07/29/2026
                        01:00 PM
                        07/29/2026
                        Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                        https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
                      • 08/19/2026
                        12:00 PM
                        08/19/2026
                        Becoming Agent Ready: Insights from Cyera's Expertise
                        https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
                      • 09/02/2026
                        12:00 PM
                        09/02/2026
                        Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                        https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
                      • 09/30/2026
                        04:00 AM
                        09/30/2026
                        AI Command Center: Optimizing Visibility and Control in Your Operations
                        https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/
                      Truth in IT
                      • Sponsor
                      • About Us
                      • Terms of Service
                      • Privacy Policy
                      • Contact Us
                      • Preference Management
                      Desktop version
                      Standard version