What vault authorizations are automatically granted to users mapped to the role of Vault Admin?

When users are mapped to the role of Vault Admin, they are granted a wide range of permissions necessary for effective management of vault operations. This role is designed to enable users to perform all critical activities related to vault administration, including managing safes, user accounts, and policies.

However, one specific permission that is typically not included in the Vault Admin's automatic authorizations is the ability to perform backups of all safes, which is reflected in the authorization known as BACKUP ALL SAFES. This segregation ensures that sensitive operations related to backups may require additional clearance or roles, potentially limiting access for security reasons.

Thus, while Vault Admins have extensive control over various vault configurations and users, their permissions deliberately exclude certain high-risk operations such as full backup access to all safes. This selective granting of permissions is a crucial design approach to maintaining security and accountability within the vault management system.