What permissions do Satellite Vaults typically have?

Satellite Vaults typically have read-only access because their primary role is to function as a backup or extension of the main vault, allowing for the secure retrieval of sensitive information without allowing modifications to that information. This design ensures that the integrity of the data housed within the Satellite Vault remains intact and secure, as it prevents any unauthorized changes or deletions.

This access level is crucial in environments where data security and compliance are paramount. By limiting permissions to read-only, organizations can ensure that sensitive credentials and information can be accessed as needed while minimizing the risk of accidental or malicious alterations. Additionally, this configuration supports the overall security architecture of the organization's CyberArk implementation by establishing a clear separation of duties and reducing attack vectors related to data modification.

Other choices such as full administrative access, no access, and write access do not align with the intended purpose of Satellite Vaults. Granting full administrative access would pose significant security risks, while no access would inhibit the functionality of retrieving information. Meanwhile, write access would undermine the primary objective of maintaining secure and unaltered backups.