The actions that a Security Administrator user can perform (manage users, computers and groups, as well as configuring and uninstalling the protection), are restricted to those computers or groups they have created or have permissions on.
The user can:
Change their own credentials.
The user can:
Create search tasks launched from computers in groups on which they have permissions.
View and/or delete search tasks launched from computers in groups on which they have permissions.
The user can:
Create groups/subgroups (manual or automatic by IP address), and configure the protection profiles of those groups on which they have permissions. Security Administrator users cannot access a child group if they do not have access to the relevant parent group.
Delete the groups on which they have permissions. You can only delete groups that don't have any computers inside, that is, prior to deleting a group/subgroup, you must assign or move its computers to another group/subgroup. Once you have emptied a group/subgroup, you can delete it.
Edit the Comments field of those computers on which they have permissions (the Comments field can be found in the Computer details window).
Remotely access computers in groups/subgroups on which they have permissions.
The user can:
Configure uninstall tasks for those computers and groups on which they have permissions.
View and/or delete uninstall tasks, but only for those computers belonging to groups on which they have permissions.
The user can:
Create and view new profiles.
Create copies of profiles on which they have permissions and view them.
Configure scheduled scans of specific paths for profiles on which they have permissions or which they have created.
View reports (on-demand reports, not scheduled ones) on groups on which they have permissions, provided those permissions apply to all the groups covered in the report.
Create tasks to send scheduled reports on groups they have permissions on.
View tasks to send scheduled reports on groups they have permissions on, provided those permissions apply to all the groups covered in the report. Otherwise, they will not be able to view the report sending task.
Related topics