Roles

You can assign roles to administrators if you are an Sophos Central Enterprise Super Admin.

Administration roles divide security administration by responsibility level. Sophos Central Enterprise includes several predefined roles. These roles cannot be edited or deleted. This is the access level for an administrator.

The options are Enterprise Super Admin, Enterprise Admin, Enterprise Help Desk or Enterprise Read-only.

An Enterprise Super Admin can add custom roles. These roles are based on the predefined roles but you can restrict the access for a custom role to a specific product.

Enterprise Super Admin

There must be at least one administrator with an Enterprise Super Admin role.

This role has access to everything in Sophos Central Enterprise and Sophos Central Admin.

In addition administrators can:

  • Add and remove other enterprise admins.
  • Choose the sub-estates that the other admins are allowed to access.
  • Create, edit, assign and delete custom roles.
  • Enable master licensing.
  • Start trials after master licensing is enabled.
  • Create a sub-estate.
  • Reset the multi-factor authentication/PIN.
  • Unlink sub-estates.
  • Delete sub-estates.
  • Disable enterprise control over an individual licensed enterprise.

Enterprise Admin

This role has access to everything in Sophos Central Enterprise and Sophos Central Admin.

In addition administrators can only access their designated sub-estates.

Enterprise Help Desk

This role has access to everything in Sophos Central Enterprise and Sophos Central Admin. In addition administrators can:

  • Only access their designated sub-estates.
  • Look at sensitive logs or reports.
  • Receive and clear alerts.
  • Update the Sophos agent software on a computer.
  • Scan computers.
  • Modify the co-branding for their sub-estates in Sophos Central Admin.

Enterprise Read-only

This role has access to everything in Sophos Central Enterprise and Sophos Central Admin. In addition administrators can:

  • Only access their designated sub-estates.
  • Look at sensitive logs or reports.
  • Receive alerts.