Reference Guide
Security Management Server Virtual v10.2.10 AdminHelp
91
Delegate Administrator Roles
Administrator Roles
Administrator login is integrated with Active Directory to simplify the process of managing administrators
and to allow you to leverage your existing user authentication infrastructure. Administrators are
assigned roles that define what level of access each administrator is allowed. For example, some
administrators may only be allowed to implement help desk assisted recovery while others have full
access to edit security policies. You can assign administrator roles to Active Directory groups so you
can easily change the level of administrator access users have with a simple change to AD group
membership. Non-domain users can be granted reporting-only access via Compliance Reporter.
There are 11 types of administrators. Distributed administration is key to the secure administration of
your environment. It allows you to divide roles appropriately among your administrators and ensures the
proper level of privileges are assigned to each administrator. A single administrator can have privileges
of more than one administrator type. However, it is recommended to have a maximum of one super
administrator (an administrator who has privileges of all administrator types).
The following table shows the tasks each administrator can perform in the Management Console or
Compliance Reporter.
Task
Performed by Type of Administrator
Help
Desk
System
Security
Log
Account
Forensic
1
Policy
2
R
Log in ● ● ● ● ●
●
Log out ● ● ● ● ●
●
View current
system state
● ● ● ●
Search for Users,
Groups, and
Endpoints
● ● ● ●
Add Users and
Groups
● ● ●
Browse Domains ● ● ● ●
Add and edit
Domains
● ●
Upload licenses
●
Recover an
endpoint -
Authentication
Failure
● ●
Remove an
endpoint
●
Change Dell
Server Options
● ●