Administrator roles are a collection of permissions that control access to Administration Console functionality. Each role determines the depth of access and can be used to control the tasks performed.
Role types are used to control access rights to Administration Console functionality. Each role has a security permission assignment based on one of the permissions in the table below.
|Role||Security Permissions||Role Description|
|Partner Administrator||Can manage application roles.||Has full privileges for Partner Administrators, including delegate mailbox access, but excludes protected permissions. See the Managing Partner Administrators page for full details.|
|Super Administrator||Can manage application roles.||Has full privileges to all account options, including the content view of all email, delegate mailbox access, and the assignment of protected permissions (e.g. the assignment of content view rights to others).|
|Full Administrator||Can manage application roles.||Has high-level administrator privileges, including the content view of all messages, delegate mailbox access, message exports, and the creation / approval of retention adjustments.|
|Basic Administrator||Can manage application roles.||Has full administrator account privileges, without access to any protected permissions.|
|Help Desk Administrator||Cannot manage roles.||Has access to common help desk tasks (e.g. track and trace, read-only access to policy management, service connections, and user settings).|
|Gateway Administrator||Can manage application roles.||Has read access to common gateway functionality (e.g. policy management, track and trace, service connections, and user settings).|
|Discovery Officer||Cannot manage roles.||Has access to common eDiscovery features (e.g. archive search with content view, messages exports, and the creation or approval of retention adjustments).|
|Reviewer||Cannot manage roles.||Has access to the eDiscovery Review application as a reviewer, where discovery cases can be reviewed for relevance and privilege.|
|Synchronization Engine Administrator||Cannot manage roles.||Has access to Mimecast Synchronization Engine functionality when managing sites.|
Managing Super Administrators
Only a Basic Administrator role is added when your account is created, but you can have one or more users with the Super Administrator role. This role has additional security measures, with the role's management (e.g. address changes, password resets) only being able to be performed by Mimecast Support.
If a user requires a Super Administrator, Full Administrator, or Discovery Officer role, the following steps must be followed:
- Send an email to email@example.com. This request must:
- Be written on your company letterhead.
- Be signed by a Director or higher in your organization.
- Specify their name and position.
- Clearly state the email address that needs to be added / removed, and / or the password to be reset. Click here to download a template that can be used for this purpose.
- Once the request has been received, we will perform a series of checks required to confirm the request. If the request cannot be confirmed (i.e. the requester is not listed as an Authorized Account contact) we are unable to proceed until confirmation has been made.
- When we have successfully confirmed the request, a change request is issued to the Mimecast Security Team.
- Once the new email address has been assigned to the role and / or the password has been reset, a Mimecast Support representative will contact you via telephone.For security reasons, this password cannot be sent via email. The administrator must access the Administration Console and change the issued password while Mimecast Support is still on the telephone.