Configuring permissions

By default, all rights are assigned to the master user (the initial contact established in your account, with super administrator privileges). When the master user creates a new user, by default only the View All Reports permission is assigned to that account. This is the minimum permission a user needs to be able to log on; it grants permissions over only the Reporting tab on the main menu bar.

We provide flexible users’ rights so you can create a hierarchy of administrators. For example, much of the functionality accessed from the portal is useful for help desk agents to aid with problem isolation; but they do not necessarily require control over policy configuration.

Likewise, you should assign Directory Synchronization privileges to the contact you set up for the Directory Synchronization Client (see Set up authentication (Directory Synchronization only)), but no-one else should need this privilege.

Permissions are granted at an account and policy level. This lets you create multiple policies, and administrators can control their own policy but no one else’s.

Note: Visibility for some account and policy permissions depends upon the permission being assigned to your administrator account. If your administrator account does not have full account level permissions, you are only able to view or modify settings for policies you have been explicitly given permissions to. For example, full account level permission is required to access the Global Custom Category list.

To modify an administrator user’s permissions:

Steps

  1. On the Account > Contacts page, click the name of the user whose permissions you want to edit in the User Name column of the Contacts table (not the Full Name column).
  2. Click Edit.
  3. Under Account Permissions, mark or clear check boxes to add or remove permissions.
    Refer to the list below for more information about each permission set.
  4. Use the Policy Permissions table to add or remove policy, audit trail, and related permissions.
    • Refer to the list below for information about each permission set.
    • To refine policy-level permissions, click Advanced.
    Note: The Advanced button does not show for contacts with Manage Users permissions, because their selected permissions will apply to all policies.
  5. When you are finished, click Save.

    The following are account-level permissions:

    • Manage Users: view, create, edit, and remove user logons and permissions
    • Directory Synchronization: synchronize an LDAP directory with the cloud service
    • View All Reports: run all reports associated with the licensed services
    • Manage edge devices: configure edge devices in the network that connect to the cloud service (see Managing Network Devices)

    or download full traffic logs, if Full Traffic Logging The following email permissions can be assigned at the account or policy level:

    • Modify Configuration: modify all options within Account Settings except users’ logons—for this, the user must have Manage Users permissions.
    • View Configuration: view all configurations within Account Settings without the ability to make changes
    • View Configuration Audit Trail: access and search the policy setup audit trail, and access the blocklist and allowlist search facility
    • Quarantine Administration: use Message Center to search quarantined messages, plus the ability to perform actions on the messages
    • View Quarantine: use Message Center to search quarantined messages, without the ability to perform any actions on the messages
    • View Administrator Audit Trail: access and search the Message Center audit trail, and access the blocklist and allowlist search facility
    • View Quarantined Images: access and search the Message Center for quarantined images (“View Quarantine” must also be enabled to use this option.)
    • View Delivered Messages: same as “View Quarantine,” but the user can view message logs as well as quarantined email
    • Block and Allow Lists: access, search, and manage all blocklists and allowlists
    • View Filtered Reports: view only reports that can be filtered by the specified policy or policies (not available if View All Reports is selected)
    Note:

    The View Filtered Reports option may not be enabled in your account.

    If users are logged on to the portal when their permissions are changed, the changes do not take effect until they log off and then log on again.