Configuring permissions
By default, all rights are assigned to the master user (the initial contact established in your account, with super administrator privileges). When the master user creates a new user, by default only the View All Reports permission is assigned to that account. This is the minimum permission a user needs to be able to log on; it grants permissions over only the Reporting tab on the main menu bar.
We provide flexible users’ rights so you can create a hierarchy of administrators. For example, much of the functionality accessed from the portal is useful for help desk agents to aid with problem isolation; but they do not necessarily require control over policy configuration.
Likewise, you should assign Directory Synchronization privileges to the contact you set up for the Directory Synchronization Client (see Set up authentication (Directory Synchronization only)) but no-one else should need this privilege.
Permissions are granted at an account and policy level. This lets you create multiple policies, and administrators can control their own policy but no one else’s.
To modify an administrator user’s permissions: