# Cloud User Roles Reference *Applies to: Patch My PC Cloud* User roles in the Patch My PC (PMPC) Cloud portal control which administrative tasks a user can perform. * [Available Roles](#available-roles) * [Permissions Reference](#permissions-reference) ### Available Roles Users can be assigned the following User Roles in the PMPC Cloud Portal:
RoleDescription
Read-Only AdminCan access all areas of the Cloud portal, but cannot make any changes. This role is intended for audit purposes.
Read-Only Report Admin

Only have Read-Only access to the Advanced/Patch Insights and Settings nodes.

They have Read-Only access to:

  • All reports in the PMPC Cloud (both PMPC Client and Intune Reports).
  • The Company and Users sections of the Settings node.

They cannot create, edit or delete existing reports or clients.

Custom App Admin

Can perform the following Custom App-related actions in PMPC Cloud:

  • Create
  • Modify
  • Delete custom applications in Patch My PC Cloud.

They cannot:

  • Create or edit On-Premises Publisher and Intune connections.
  • Access the Settings node.
  • Manage Branding.
  • Manage User access requests.
Intune App Admin

Can perform the following actions in PMPC Cloud:

  • Create, modify and delete deployments.
  • Manage licensing, branding, notifications and the Sync schedule.

They cannot:

  • Create, edit or delete On-Premise Publisher and Custom Apps.
  • Access the Settings node.
  • Manage User access requests.
Full AdminCan manage all aspects of PMPC Cloud, except for user management.
Full Admin with Access ManagementCan manage all aspects of PMPC Cloud, including user management.
### Permissions Reference Use the following tables to help you decide which role you should assign a user in Patch My PC Cloud either directly through the Portal or by making them a member of the relevant Entra ID Security Group assigned a role: | [App Catalog](#app-catalog) | [Discovery](#discovery) | [Deployments](#deployments) | [Domains](#domains) | | --------------------------- | ----------------------- | --------------------------- | ------------------- | | [Events](#events) | [Migration](#migration) | [Settings](#settings) | | #### App Catalog
FunctionalityRead-Only AdminRead-Only Report AdminCustom App AdminIntune App AdminFull AdminFull Admin with Access Management
Patch My PC AppsReadReadReadReadReadRead
Custom AppsReadReadRead and WriteReadRead and WriteRead and Write
Binary Free AppsReadReadReadRead and WriteRead and WriteRead and Write
#### Deployments | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | -------------- | --------------------------------- | | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | #### Discovery | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | -------------- | --------------------------------- | | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | #### Domains | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | ---------- | --------------------------------- | | No Access | No Access | No Access | No Access | No Access | Read and Write | #### Events | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | ---------- | --------------------------------- | | Read | No Access | No Access | Read | Read | Read | #### Migration | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | -------------- | --------------------------------- | | Read | No Access | No Access | No Access | Read and Write | Read and Write | #### Settings | Functionality | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | ----------------------- | --------------- | ---------------------- | ---------------- | ---------------- | -------------- | --------------------------------- | | Company | Read | Read | Read | Read | Read and Write | Read and Write | | Users | Read | Read | No Access | No Access | No Access | Read and Write | | Environments & Licenses | Read | Read | Read | Read and Write | Read and Write | Read and Write | | Connections | Read | No Access | Read | No Access | Read and Write | Read and Write | | Branding | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | | Notifications | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | | Sync Schedule | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | | Naming Conventions | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | | Templates | Read | No Access | No Access | Read and Write | Read and Write | Read and Write |