About administrators

Article:HOWTO55478  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55478
Article Type
How To


Subject


About administrators

You use administrators to manage your company's organizational structure and network security. For a small company, you may only need one administrator. For a large company with multiple sites and domains, you most likely need multiple administrators, some of whom have more access rights than others.

To help you manage the network, the Symantec Endpoint Protection Manager console provides the following types of administrator roles: system administrator, administrator, and limited administrator. The system administrator is the root administrator for a site. System administrators can view and manage all domains in an organization, which may include servers, databases, and Enforcers, if applicable.

Domain administrators can view and manage a single domain. Also, a domain administrator who has been authorized to fully manage sites has the same privileges as a system administrator, but only for a single domain. That is, the domain administrator can manage the database and all servers for a site, which may include Enforcers, if applicable.

Limited administrators do not have access rights by default. You must explicitly grant access rights to allow a limited administrator to perform tasks within a single domain. For example, you can configure group rights to allow a limited administrator full access, no access, or read-only access to specific groups in a domain. Or, you can grant site rights that allow a limited administrator to view or manage databases and servers.

See About domains.

When you install the Symantec Endpoint Protection Manager, a default system administrator that is called admin is created. You can then create accounts for additional administrators.

See About access rights.

Table: Administrator roles and responsibilities

Administrator role

Responsibilities

System administrator

A system administrator can perform the following tasks:

  • Manage all domains.

  • Create and manage all other system administrator accounts, administrator accounts, and limited administrator accounts for all domains.

  • Manage the databases and management servers.

  • Manage Enforcers.

  • Can view and manage all console settings.

Administrator

An administrator, who is also referred to as a domain administrator, can perform the following tasks:

  • Manage a single domain.

  • Create and manage administrator accounts and limited administrator accounts within a single domain.

    You can specify access rights to run reports and manage sites.

    See Configuring the access rights for a domain administrator.

    You can authorize administrators to fully manage a site through Site Rights, including the database and all servers for a site.

    Administrators who are fully authorized to manage a site can modify site rights for other administrators and limited administrators.

    Administrators cannot modify their own site rights. System administrators must perform this function.

    For administrators who are not authorized to manage a site through Site Rights, the administrator cannot modify site rights for other administrators and limited administrators.

  • Manage the password rights for limited administrators and other administrators who have equal or less restrictive access rights.

  • Cannot manage Enforcers.

Limited administrator

A limited administrator can be granted access to perform tasks within a single domain. These tasks include:

  • Run reports on specified computers, IP addresses, groups, and servers.

  • View Home, Monitors, and Reports pages in the console only if granted reporting rights.

  • Manage the groups within a single domain.

  • Remotely run commands on client computers.

  • Fully manage a site, or, view or manage the database or the selected servers for a site within a single domain.

  • View or manage installation packages.

  • Manage policies

    Limited administrators who do not have access to a specific policy and related settings cannot view or modify the policy. In addition, they cannot apply, replace, or withdraw a policy.

    See Configuring the access rights for a limited administrator.

  • Cannot create other limited administrator accounts.

    Only a system administrator or an administrator can create limited administrator accounts.

  • Manage the password rights for own account only.

You can define an administrator role for each type of administrator in your organization. For example, a large company may use the following types of administrators:

  • An administrator who installs the management server and the client installation packages. After the product is installed, an administrator in charge of operations takes over. These administrators are most likely system administrators.

  • An operations administrator maintains the servers, databases, and installs patches. If you have a single domain, the operations administrator could be a domain administrator who is fully authorized to manage sites.

  • An antivirus administrator, who creates and maintains the Virus and Spyware policies and LiveUpdate policies on the clients. This administrator is most likely to be a domain administrator.

  • A desktop administrator, who is in charge of security and creates and maintains the Firewall policies and Intrusion Prevention policies for the clients. This administrator is most likely to be a domain administrator.

  • A help desk administrator, who creates reports and has read-only access to the policies. The antivirus administrator and desktop administrator read the reports that the help desk administrator sends. The help desk administrator is most likely to be a limited administrator who is granted reporting rights and policy rights.

See Adding an administrator account

See About access rights

See Configuring the access rights for a domain administrator

See Configuring the access rights for a limited administrator


Legacy ID



v9542187_v59371754


Article URL http://www.symantec.com/docs/HOWTO55478


Terms of use for this information are found in Legal Notices