By default when you do a install of Symantec Endpoint Protection Manager an 'admin' account gets created with full access and permissions to all areas of Symantc Endpoint Protection Manager.
You use administrators to manage your company's organizational structure and network security. For a small company, you may only need one administrator. For a large company with multiple sites and domains, you most likely need multiple administrators, some of whom have more access rights than others.
You can create additional administrators as per business requirement.
To add new administrator first time you need to login with 'admin' account.
Go to the Admin--> Administrators --> Add an administrator
In this demonstation I have created two more an administrators.
User1 - System administrator
User2 - Limited Administrator
By looking at an admin symbol you can gauge what kind of rights they have.
A system administrator can perform the following tasks:
Manage all domains.
Create and manage all other system administrator accounts, administrator accounts, and limited administrator accounts for all domains.
Manage the databases and management servers.
Can view and manage all console settings.
An administrator, who is also referred to as a domain administrator, can perform the following tasks:
Manage a single domain.
Create and manage administrator accounts and limited administrator accounts within a single domain.
You can specify access rights to run reports and manage sites.
You can authorize administrators to fully manage a site through Site Rights, including the database and all servers for a site.
Administrators who are fully authorized to manage a site can modify site rights for other administrators and limited administrators.
Administrators cannot modify their own site rights. System administrators must perform this function.
For administrators who are not authorized to manage a site through Site Rights, the administrator cannot modify site rights for other administrators and limited administrators.
Manage the password rights for limited administrators and other administrators who have equal or less restrictive access rights.
Cannot manage Enforcers.
A limited administrator can be granted access to perform tasks within a single domain. These tasks include:
Run reports on specified computers, IP addresses, groups, and servers.
View Home, Monitors, and Reports pages in the console only if granted reporting rights.
Manage the groups within a single domain.
Remotely run commands on client computers.
Fully manage a site, or, view or manage the database or the selected servers for a site within a single domain.
View or manage installation packages.
Limited administrators who do not have access to a specific policy and related settings cannot view or modify the policy. In addition, they cannot apply, replace, or withdraw a policy.
Cannot create other limited administrator accounts.
Only a system administrator or an administrator can create limited administrator accounts.
Manage the password rights for own account only.
If logged in as an administrator then license tab & Domain tab will not be listed.
If you do not want administrator to manged the single site then you can remove that access as well.
Go to the Admin --> Administrator --> Edit an administrator, in this example Edit User1 an administrator --> Access rights --> Site rights-> Select 'Not authorized to manage this site'
Now user1 won't get an access to Server tab,License tab & domain tab, check this screenshot.
In this demonstation we have created 'User2' as a limitead administrator. User2 is allowed to only managed installation packages.
After login User2 will be only able to see Administrator tab & Installation package.
In the administrator tab he will be able to see only his own account.
Managing domains and administrator accounts
Adding an administrator account
About access rights
Configuring the access rights for a limited administrator
How to change Manage Group permissions for Limited Administrators in SEPM for multiple groups.
Which administrator activities are logged in the Symantec Endpoint Protection Manager console?
About administrator account roles and access rights (Endpoint Protection 12.1.2)