The user management and protection configuration/uninstallation actions that administrator users can perform are restricted to those users, computers or groups on which the administrator user has permission.
Administrator users can:
Modify their user credentials.
Create users.
Administrator users can:
Create search tasks to be launched by the computers on which they have permissions.
View and/or delete any of the previously created search tasks but only from computers in groups on which they have permissions.
Administrator users can:
Create groups/subgroups and configure the protection profiles for the groups on which they have permissions. Administrator users cannot access a 'child' group if they do not have access to the relevant 'parent' group.
Delete groups on which they have permissions. You can only delete groups without any computers inside, that is, prior to deleting a group/subgroup you must assign or move its computers to another group/subgroup. Once you have emptied the group/subgroup, you can delete it.
Edit the Comments field of the computers on which they have permissions, in the Computer details window.
Remotely access computers that belong to groups on which they have permissions.
Administrator users can:
Configure uninstallation tasks on computers and groups on which they have permissions.
View and/or delete uninstallation taks, but only on computers belonging to groups on which they have permissions.
Administrator users can:
Create and view new profiles.
Create copies of profiles on which they have permissions and view them.
Configure scheduled scans of specific paths in profiles on which they have permissions or which they have created.
View reports (non-scheduled, 'immediate' reports) about groups on which they have permissions, provided those permissions apply to all the groups covered in the report.
Create tasks to send scheduled reports about groups they have permissions on.
View tasks to send scheduled reports about groups they have permissions on, provided those permissions apply to all the groups covered in the report. Otherwise they will not be able to view the report sending task.