Specifications
22
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE
There are four pre-configured roles:
1. System Administrator—A pre-configured role that has full rights
to manage Sophos security software on the network and roles in
Enterprise Console. The System Administrator role cannot be edited or
deleted.
2. Administrator—A pre-configured role that has rights to manage
Sophos security software on the network, but cannot manage roles in
Enterprise Console. The Administrator role can be renamed, edited, or
deleted.
3. Helpdesk—A pre-configured role that has remediation rights only, for
example, to clean up or update computers. The Helpdesk role can be
renamed, edited, or deleted.
4. Guest—A pre-configured role that has read-only access to Enterprise
Console. The Guest role can be renamed, edited, or deleted.
Sub-estate Management
By splitting your IT estate into sub-estates, you can also restrict the computers
and groups that users can perform operations on.
You can control access to the sub-estates by assigning Windows users and
groups to them. A user can only see the groups and machines relevant to their
sub-estate.
Reports are also specific to the sub-estate. Any policies will only be applicable
to the sub-estate in which they were created; an administrator cannot change
policies that are applicable outside of their sub-estate.
For reporting, administrators can only configure and run reports applicable to
their own sub-estate. A full system administrator can run reports across the
entire IT estate.
scalable information storage
Microsoft SQL Server integration
Enterprise Console integrates as standard with MSDE (Microsoft SQL Server
Desktop Engine) to store management information. If your organization is large,
you might wish to use Microsoft SQL Server, which has enhanced functionality
and greater scalability for large networks.
Figure 17: Managing role-based administration