Administrator roles are a collection of permissions that allow administrators access to Administration Console functionality. Each role determines the depth of access, and can be used to control the tasks that can be performed by an administrator.
The following role permissions are available:
|Application||Administrators have access to menu options in the Administration Console. Typically read or write access is enabled.|
Administrators can perform protected tasks (e.g. viewing message content, exporting messages, assigning permissions to view Smart Tags).
Administrators have access to the Role Editor, where they can control the management of roles and administrators. The options are:
|Partner Administrator||This role has full privileges for Partner Administrators. This includes delegate mailbox access, but excludes protected permissions. See the Managing Partner Administrators page for full details.|
|Super Administrator||This role has full privileges to all account options. This includes the content view of all email, delegate mailbox access, and the assignment of protected permissions (e.g. the assignment of content view rights to others).|
|Full Administrator||This role has high level administrator privileges. This includes the content view of all messages, delegate mailbox access, message exports, and the creation / approval of retention adjustments.|
|Basic Administrator||This role has full administrator account privileges, without access to any protected permissions.|
|Help Desk Administrator||This role has access to common help desk tasks (e.g. track and trace, read only access to policy management, service connections, and user settings).|
|Gateway Administrator||This role has read access to common gateway functionality (e.g. policy management, track and trace, service connections, and user settings).|
|Discovery Officer||This role has access to common eDiscovery features (e.g. archive search with content view, messages exports, and the creation or approval of retention adjustments).|
|Synchronization Engine Administrator||This role has access to Mimecast Synchronization Engine functionality when managing sites.|
Managing Super Administrators
Only a Basic Administrator role is added when your Mimecast account is created, but it can have one or more users with the Super Administrator role. This role has the ability to assign protected permissions to other administrator roles. This includes content view access, assigning retention permissions (used to purge emails from the archive) and other permissions. This role has additional security measures, with the role's management (e.g. address changes, password resets) only being able to be performed by the Mimecast Security Team.
If a user requires a Super Administrator, Full Administrator, Delivery Officer, or Synchronization Engine Officer role, the following steps must be followed:
- Send an email to email@example.com. This request must:
- Be written on your company letterhead.
- Be signed by a Director or higher in your organization.
- Specify their name and position.
- Clearly state the email address that needs to be added / removed and / or the password to be reset. Click here to download a template that can be used for this purpose.
- Once the request has been received, Mimecast Support will perform a series of checks that are required to confirm the request. If the request cannot be confirmed (i.e. the requester is not listed as an Account contact) Mimecast will be unable to proceed until confirmation has been made.
- When Mimecast Support has successfully confirmed the request, a change request will be issued to the Mimecast Security Team.
- Once the new email address has been assigned to the role and / or the password has been reset, a Mimecast Support representative will contact you via telephone.For security reasons, this password cannot be sent via email. The administrator must access the Administration Console and change the issued password while Mimecast Support is still on the telephone.