Managing who sees what matters—now it's easier than ever.
At Mimecast, we believe the right people should have access to the right tools—and only those tools. When it comes to the Human Risk Command Center (HRCC), that principle takes on added weight. Human risk data is sensitive by nature: it reflects individual employee behaviors, threat exposure, and security posture. Putting that data in front of the wrong administrator isn't just inefficient—it's a risk in itself.
That's why we're introducing two new pre-configured roles in the Mimecast Admin Console: HRCC Administrator and Security Awareness Administrator.
The Problem We're Solving
Until now, access to Human Risk Command Center and Engage (or Awareness Training) was bundled into the following four roles that are available by default on the Mimecast platform: Super Administrator, Full Administrator, Basic Administrator, and Gateway Administrator. If your organization wanted to restrict which admins could view human risk data, the only path was building custom roles from scratch—a manual process that most teams simply don't prioritize.
That means sensitive Human Risk Command Center and security awareness-related data and configuration options have been more widely accessible than organizations realize or intend. These new pre-configured roles change that, offering a cleaner, out-of-the-box way to separate concerns.
Two New Roles, Purpose-Built for Human Risk
HRCC Administrator is designed for teams or individuals whose sole focus is human risk management. This role provides full read/write access to all Human Risk Command Center functionality—risk scoring, watchlists, settings—without granting broader email security administration privileges. It's the right fit for analysts or other security operations staff who need access to the Human Risk Command Center but don't need to touch email policy.
Security Awareness Administrator is built for those managing your security awareness or security behavior management program. This role includes everything in the HRCC Administrator role, plus full access to Engage, phishing simulation, and awareness training campaigns. If your security awareness team needs to act on risk data—not just view it—this is their role.
What Changes for Gateway Administrators?
As part of this update, the Gateway Administrator role has been updated to remove Human Risk Command Center access by default. Email admins who previously had incidental visibility into human risk data will no longer see the Human Risk Command Center in their navigation. This is an intentional, security-positive change that enforces least-privilege access across your admin team.
Getting Started
The new roles are available in the Admin Console under Account > Admin Roles. If your organization has the Human Risk package provisioned, the HRCC Administrator role will appear automatically. The Security Awareness Administrator role is available to customers with any Engage or Awareness Training package.
From there, it's simply a matter of assigning the right role to the right admin. No custom configuration required.
Human risk data is among the most actionable—and sensitive—intelligence your security team works with. These new roles make it easier to ensure it stays in the right hands.
Log in to the Mimecast Admin Console and review your admin role assignments today and check out the Service Update.
