> For the complete documentation index, see [llms.txt](https://docs.patchmypc.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.patchmypc.com/patch-my-pc-cloud/manage/settings/users/user-roles-reference.md). # User Roles Reference for Patch My PC Cloud *Applies to: Patch My PC Cloud* User roles in the Patch My PC (PMPC) Cloud portal control which administrative tasks a user can perform. * [Available Roles](#available-roles) * [Permissions Reference](#permissions-reference) ## Available Roles Users can be assigned the following User Roles in the PMPC Cloud Portal:
RoleDescription
Read-Only AdminCan access all areas of the Cloud portal, but cannot make any changes. This role is intended for audit purposes.
Read-Only Report Admin

Only have Read-Only access to the Advanced/Patch Insights and Settings nodes.

They have Read-Only access to:

  • All reports in the PMPC Cloud (both PMPC Client and Intune Reports).
  • The Company and Users sections of the Settings node.

They cannot create, edit or delete existing reports or clients.

Custom App Admin

Can perform the following Custom App-related actions in PMPC Cloud:

  • Create
  • Modify
  • Delete custom applications in Patch My PC Cloud.

They cannot:

  • Create or edit On-Premises Publisher and Intune connections.
  • Access the Settings node.
  • Manage Branding.
  • Manage User access requests.
Intune App Admin

Can perform the following actions in PMPC Cloud:

  • Create, modify and delete deployments.
  • Manage licensing, branding, notifications and the Sync schedule.

They cannot:

  • Create, edit or delete On-Premise Publisher and Custom Apps.
  • Access the Settings node.
  • Manage User access requests.
Full AdminCan manage all aspects of PMPC Cloud, except for user management.
Full Admin with Access ManagementCan manage all aspects of PMPC Cloud, including user management.
## Permissions Reference Use the following tables to help you decide which role you should assign a user in Patch My PC Cloud either directly through the Portal or by making them a member of the relevant Entra ID Security Group assigned a role: | [App Catalog](#app-catalog) | [Discovery](#discovery) | [Deployments](#deployments) | [Domains](#domains) | | --------------------------- | ----------------------- | --------------------------- | ------------------- | | [Events](#events) | [Migration](#migration) | [Settings](#settings) | | ### App Catalog
FunctionalityRead-Only AdminRead-Only Report AdminCustom App AdminIntune App AdminFull AdminFull Admin with Access Management
Patch My PC AppsReadReadReadReadReadRead
Custom AppsReadReadRead and WriteReadRead and WriteRead and Write
Binary Free AppsReadReadReadRead and WriteRead and WriteRead and Write
### Deployments | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | -------------- | --------------------------------- | | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | ### Discovery | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | -------------- | --------------------------------- | | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | ### Domains | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | ---------- | --------------------------------- | | No Access | No Access | No Access | No Access | No Access | Read and Write | ### Events | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | ---------- | --------------------------------- | | Read | No Access | No Access | Read | Read | Read | ### Migration | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | --------------- | ---------------------- | ---------------- | ---------------- | -------------- | --------------------------------- | | Read | No Access | No Access | No Access | Read and Write | Read and Write | ### Settings | Functionality | Read-Only Admin | Read-Only Report Admin | Custom App Admin | Intune App Admin | Full Admin | Full Admin with Access Management | | ----------------------- | --------------- | ---------------------- | ---------------- | ---------------- | -------------- | --------------------------------- | | Company | Read | Read | Read | Read | Read and Write | Read and Write | | Users | Read | Read | No Access | No Access | No Access | Read and Write | | Environments & Licenses | Read | Read | Read | Read and Write | Read and Write | Read and Write | | Connections | Read | No Access | Read | No Access | Read and Write | Read and Write | | Branding | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | | Notifications | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | | Sync Schedule | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | | Naming Conventions | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | | Templates | Read | No Access | No Access | Read and Write | Read and Write | Read and Write | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.patchmypc.com/patch-my-pc-cloud/manage/settings/users/user-roles-reference.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.