This article contains information on Mimecast administrator roles, their permissions, and default role types, including Super Administrator, Partner Administrator, Full Administrator, and others, with details on access levels, protected permissions, and role management.
The Mimecast administrator roles are a collection of permissions that control access to Mimecast Administration Console functionality. Each role determines the depth of access and can be used to control the tasks performed.
Role Types
Role types are used to control access rights to Mimecast Administration Console functionality. Each role has a security permission assignment based on one of the permissions in the table below.
| Permission | Description |
|---|---|
| Application | Administrators can control the Administration Console menu items that other administrators can access. Typically, read or write access is enabled. |
| Protected |
Super Administrators can control the Mimecast Administration Console menu items other administrators can access, including functionality with the protected content (e.g., viewing email content, exporting email, smart tag assignment). Protected roles have an |
| Security | Administrators have access to the Role Editor, where they can manage roles and administrators. The options are:
|
Default Roles
An administrator role is displayed in the top right side of the screen next to the administrator's email address. For example:
The following default roles are available:
| Role | Application | Role Description |
|---|---|---|
| Super Administrator | Can manage Application roles and Protected roles. | Has full privileges to all account options, including the content view of all emails, delegate mailbox access, and the assignment of protected permissions (e.g., the assignment of content view).
This administration role is protected, which means that you cannot edit the role or change the privileges assigned. The Super Administrator has the privilege or right to elevate other administrators below the Super Administrator role. |
| Partner Administrator | Can manage Application roles. | Has full privileges for Partner Administrators, including delegate mailbox access, but excludes protected permissions. See the Managing Partner Administrators page for full details.
This administration role is protected, which means that you cannot edit the role or change the privileges assigned. The Partner Administrator role is only applicable to Mimecast MSP Partners. |
| Full Administrator | Can manage Application roles. | Has high-level administrator privileges, including the content view of all messages, delegate mailbox access, message exports, and the creation/approval of retention adjustments.
This administration role is protected, which means that you cannot edit the role or change the privileges assigned. |
| Basic Administrator | Can manage Application roles. |
A primary administrator account with rights to create other Basic Administrator accounts but with no access to protected permissions. Basic Adminstrators have access to the content of an email, but only if the email is being held. |
| Help Desk Administrator | Cannot manage roles. | Has access to common help desk tasks (e.g., message tracking, read-only access to policy management, service connections, and user settings). |
| Gateway Administrator | Can manage Application roles. | Has read access to common gateway functionality (e.g., policy management, message tracking, service connections, and user settings) and rights to create other administrator accounts without protected permissions. |
| Discovery Officer | Cannot manage roles. | Has access to common eDiscovery features (e.g., archive search with content view, messages exports, and the creation or approval of retention adjustments). Cannot manage gateway policies.
This administration role is protected, which means that you cannot edit the role or change the privileges assigned. |
| Reviewer | Cannot manage roles. | Has access to the eDiscovery Review application as a reviewer, where discovery cases can be reviewed for relevance and privilege. This administration role can access the Supervision application to review the messages for non-compliance. This administration role is protected, which means that you cannot edit the role or change the privileges assigned. |
| Synchronization Engine Administrator | Can manage Mimecast Synchronization Engine sites. | Has access to perform all tasks related to managing any Mimecast Synchronization Engine site. |
Only a Basic Administrator role is added when your account is created, but you can have one or more users with Protected Content Permissions, e.g., Super Administrators, Full Administrators, and Discovery Officers. These roles have additional security measures, with the roles' management (e.g., address changes and password resets) only being performed by Mimecast Support. For full details on becoming one of these Administrators, please see the Protected Content Administrators article.
See Also...
Comments
Please sign in to leave a comment.