Product Documentation

Default Security Roles

Jun 05, 2015
Updated: 2014-01-06

The services manager includes a default set of security roles. The default roles cannot be deleted or modified but can be copied and used as a template for a new role. A role can consist of one or more roles. In the case of a role consisting of multiple roles, the role inherits the permission levels of the component roles.

Security Roles Installed by Default

Role Description Component Roles
AD Sync Administrator    
All Services Schema Administrator Manage the schema and configuration for all services Service Schema Administrator
Authenticated Users Permission to perform generic user functions and view related dialogs. Access any service-related user dialog when the user is provisioned with that specific service. Mandatory role assigned to all authenticated users.

Exchange User

Office Communication Server (OCS) User

SharePoint User

SQL Users

BlackBerry Service Administrator Administer the BlackBerry mobile device service.  
Citrix Service Administrator Create customized Citrix Application Groups for the administrator's customer.  
Content Management Service Administrator Update or modify the services manager interface.  
CRM 4 Service Administrator Manage the service, including all pages.  
CRM 4 User Allowed access to the service as a user.  
CRM 2011 Administrator Manage the service, including all pages.  
CRM 2011 User Allowed access to the service as a user.  
CRM Service Administrator Manage the service, including all pages.  
Customer Administrator The first user created by default after creating a customer inherits this role. The customer administrator can create, provision, and edit users, then provision users to services. This role can also manage services provisioned to the customer. This role includes all permissions of the user and service administrator. User Administrator

Service Administrator

DNS Service Administrator Allowed access to the Domain Name Service (DNS) Records and DNS Templates dialogs. Can manage DNS zones and create DNS entries.  
Everyone Permission for authenticated and non-authenticated users to view generic pages in the services manager.  
Exchange Multi-tenanted Service Administrator Create and manage Microsoft Exchange 2010 SP1 Hosting service Distribution Groups, Contacts, and Public Folders.  
Exchange Multi-tenanted Users Access to Exchange Summary dialog and can download Outlook Account settings.  
Exchange Service Administrator Create and manage Microsoft Exchange Distribution Groups, Contacts, and Public Folders.  
Exchange Users Access to Exchange Summary dialog and can download Outlook Account settings.  
File Sharing Service Administrator Create folders and add specific user permissions to folders. Create user security groups.  
My Account and Services Management Combines My Account Management and My Services Management roles. Enables end users to manage their own accounts, edit services provisioned to them, and select new available services. My Account Management

My Services Management

My Account Management Enables the end user to change the user information details, account password, and manage email addresses associated with the user account.  
My Services Management Enables the end user to select, edit, and re-provision the services provisioned to the end user account.  
MySQL Administrator Manage the service, including all pages.  
OCS Service Administrator Manage the service, including all pages.  
OCS User Allowed access to the service as a user.  
Partial User Administrator Reset passwords for a customer's user. Cannot create or delete users.  
Reporting Users Access to the front-end reporting system.  
Reseller Full Administrator Create, provision, and edit its own customers, then provision services to its customers. Create, provision, and edit users, then provision users to services.  
Reseller Partial Administrator Manage reseller customer services and users.  
Service Administrator Manage administration tasks for services. Access any editable service-related administration dialog when the customer is provisioned with that specific service.

BlackBerry Service Administrator

Citrix Service Administrator

Content Management Service Administrator

CRM Service Administrator

CRM 4.0 Service Administrator

CRM 2011 Service Administrator

DNS Service Administrator

Exchange Service Administrator

File Sharing Service Administrator

OCS Service Administrator

SharePoint Portal Service Administrator

SQL 2000 Service Administrator

SQL 2005 Service Administrator

User Sync Administrator

Virtual Machine Administrator

Windows Web-Hosting Service Administrator

Service Provider Administrator Allowed full services manager access, all security role permissions, and service access levels.

Citrix Service Administrator

Content Management Service Administrator

DNS Service Administrator

Exchange Service Administrator

File Sharing Service Administrator

SharePoint Portal Service Administrator

Windows Web-Hosting Service Administrator

Reseller Full Administrator

Store Manager

Service Schema Administrator Allowed access to common service schema page and menu permissions.  
SQL Service Administrator Manage the service, including all pages.  
SQL User Allowed access to the summary details dialog.  
Store Manager Manage the web store dialogs, products, and bundles.  
Store User Allowed online access to the web store and able to purchase services.  
Template User and Service Administrator Create user templates and configure services to them. This administrator can create a new user by using a default template.  
User Administrator Create, provision, and edit users for a customer.  
User Sync Administrator Download and configure the AD Sync Tool to a domain controller.  
User and Service Administrator Enable the user to create and administer users and provision services for a customer.

This role is identical to the customer administrator. Assign this role to a user when you require more than one customer administrator user in your organization or hierarchy.

User Administrator

Service Administrator

Virtual Machine Administrator Access the Virtual Machine Management pages.  
Windows Web Hosting Service Administrator Create and configure web sites, add user permissions to web sites, and create user security groups.