|Article:HOWTO55478|||||Created: 2011-06-29|||||Updated: 2011-12-16|||||Article URL http://www.symantec.com/docs/HOWTO55478|
You use administrators to manage your company's organizational structure and network security. For a small company, you may only need one administrator. For a large company with multiple sites and domains, you most likely need multiple administrators, some of whom have more access rights than others.
To help you manage the network, the Symantec Endpoint Protection Manager console provides the following types of administrator roles: system administrator, administrator, and limited administrator. The system administrator is the root administrator for a site. System administrators can view and manage all domains in an organization, which may include servers, databases, and Enforcers, if applicable.
Domain administrators can view and manage a single domain. Also, a domain administrator who has been authorized to fully manage sites has the same privileges as a system administrator, but only for a single domain. That is, the domain administrator can manage the database and all servers for a site, which may include Enforcers, if applicable.
Limited administrators do not have access rights by default. You must explicitly grant access rights to allow a limited administrator to perform tasks within a single domain. For example, you can configure group rights to allow a limited administrator full access, no access, or read-only access to specific groups in a domain. Or, you can grant site rights that allow a limited administrator to view or manage databases and servers.
See About domains.
See About access rights.
Table: Administrator roles and responsibilities
An administrator who installs the management server and the client installation packages. After the product is installed, an administrator in charge of operations takes over. These administrators are most likely system administrators.
An operations administrator maintains the servers, databases, and installs patches. If you have a single domain, the operations administrator could be a domain administrator who is fully authorized to manage sites.
A desktop administrator, who is in charge of security and creates and maintains the Firewall policies and Intrusion Prevention policies for the clients. This administrator is most likely to be a domain administrator.
A help desk administrator, who creates reports and has read-only access to the policies. The antivirus administrator and desktop administrator read the reports that the help desk administrator sends. The help desk administrator is most likely to be a limited administrator who is granted reporting rights and policy rights.
Article URL http://www.symantec.com/docs/HOWTO55478