Skip to content

Administration Roles

Administration roles divide security administration by responsibility level. Sophos Central includes several predefined roles.

You can't edit or delete predefined roles.

Your assigned administrator role affects what you can do. This page describes what each role can and can't do.

A Super Admin can add custom roles. These roles are based on the predefined roles, but you can restrict the access for a custom role to a specific product.

This video explains how to use administration roles.

Super Admin

Administrators with this role have access to everything in Sophos Central.

They can manage roles and role assignments. Also, they can create, edit, assign, and delete custom roles. They can generate and manage API tokens, or add and manage API credentials. They can also create Sophos support tickets.

There must be at least one administrator with the Super Admin role.

Admin

Administrators with this role have access to everything in Sophos Central. They can also create Sophos support tickets.

They can't manage roles and role assignments. They also can't generate and manage API tokens or add and manage API credentials.

Help Desk

Administrators with this role have read-only access for all settings in Sophos Central. They can also:

  • Look at sensitive logs or reports.
  • Receive and clear alerts. A Help Desk admin can only resolve alerts if they go to the Alerts page from the dashboard.
  • Update the Sophos agent software on a computer.
  • Scan computers.
  • Change co-branding.
  • See users, campaigns, series, results, and reports for Phish Threat.

They can't report emails as spam. They can't see role management options. They also can't generate and manage API tokens or add and manage API credentials. They can't create Sophos support tickets. They can't change the users assigned to a Phish Threat campaign. Also, they can't see some options, such as edit buttons.

Read-only

Administrators with this role have read-only access for all settings in Sophos Central. They can also:

  • Look at sensitive logs or reports.
  • See users, campaigns, series, results, and reports for Phish Threat.
  • Receive alerts.
  • Create Sophos support tickets.

They can't see role management options, generate and manage API tokens, add and manage API credentials, or manage license-related options such as Start Trial or Apply License Key.

User

Administrators with this role have no administration capabilities. They can only access the Self Service Portal.