Hello,
I agree.
Check this Article: http://www.symantec.com/docs/HOWTO81226
Administrators are domain administrators who can view and manage a single domain. A domain administrator has the same privileges as a system administrator, but for a single domain only.
By default, the domain administrator has full system administrator rights to manage a domain, but not a site. You must explicitly grant site rights within a single domain. Domain administrators can modify the site rights of other administrators and limited administrators, though they cannot modify the site rights for themselves.
A domain administrator can perform the following tasks:
-
Create and manage administrator accounts and limited administrator accounts within a single domain.
Domain administrators cannot modify their own site rights. System administrators must perform this function.
-
Run reports, manage sites, and reset passwords. You must explicitly configure reporting rights to groups that are migrated from Symantec AntiVirus 10.x.
-
Cannot administer licenses. Only system administrators can administer licenses.
-
Cannot manage Enforcers.
Limited administrators can log on to the Symantec Endpoint Protection Manager console with restricted access. Limited administrators do not have access rights by default. A system administrator role must explicitly grant access rights to allow a limited administrator to perform tasks.
Parts of the management server user interface are not available to limited administrators when you restrict access rights. For example:
-
Limited administrators without reporting rights cannot view the Home, Monitors, or Reports pages.
-
Limited administrators without policy rights cannot view or modify the policy. In addition, they cannot apply, replace, or withdraw a policy.
Hope that helps!!