Admin Privileges Explained
Posted by Carlos R on 11 June 2014 01:41 PM

Every user account has a role assigned which determines what permissions this user will have when they sign into the Control Console. The roles and associated permissions below include customers that subscribe to Email Protection, Web Protection and Email Archiving.

All Roles -

Can manage their own user account including:

· Password
· Security question & answer
· Email Protection Spam Quarantine Mail
· Email Continuity Inbox
· Email Protection Allow List & Deny List
· Their own Spam Quarantine Report delivery preferences
· User Aliases
· Their own Archived Messages (if account subscribes to archiving)

Partner Administrator Role -

The Partner Administrator has access to manage all of their downstream customer’s information. They can perform the same functions as the Customer Administrator with a few exceptions:

The Partner Administrator can, in addition to all Customer Administrator functions:

· Create new Customers
· Create Primary Domains

The Partner Administrator CANNOT:

· Create or change passwords on any user account
· View any user accounts Email Continuity Inbox

Customer Administrator Role -

The Customer Administrator is the highest customer level role. This is the only customer level role that can create users, initiate Directory Synchronization, install the WDS Connector and create or edit Policies. More than one user account can be assigned the role of Customer Administrator.

Customer Administrator Domain Level Permissions:

· Create Distribution Lists
· Opt into Performance reports
· Create & change Domain Aliases
· Manage/ edit existing user accounts
· Create user accounts
· View all users Email Continuity mail (view only)
· Create & change user passwords
· Activate Directory synchronization
· Determine password authentication options
· Create groups
· Create & manage Email & Web Protection policies
· Configure Email Protection setup
· Add change mail servers/ disaster recovery configuration/ user creation mode
· Manage Quarantine for all domains
· Setup Email Archiving services
· Search for all users archived messages
· Determine Web Protection Access Control types
· Generate Email & Web Protection reports

The Customer Administrator CANNOT:

· Add new Primary domains
· Edit Primary Domain details (contact email, domain name, etc.)
· Delete a Primary Domain

Domain Administrator Role -

Domain Administrator Domain Level Permissions:

· Edit existing user accounts allow & deny list
· Edit existing user accounts quarantine
· Configure Email Protection Setup
o Add change mail servers/ disaster recovery configuration/ user creation mode
· Manage Quarantine for all domains
· Generate Email & Web Protection reports
· Can view information only for the logged in primary domain. Example: The customer has two primary domains, the Domain Admin logs in with a login ID to one of those primary domains; they can only see the information relevant to that primary domain.

Quarantine Manager Role -

Quarantine Manager Domain Level Permissions:

· Manage Quarantine Mail
· Generate Email & Web Protection reports
· Manage User Level Quarantine
· Manage User Level Allow/ Deny Lists
· Can view information only for the logged in primary domain.

Reports Manager Role -

Reports Manager Domain Level Permissions:

· Generate Email Protection reports only

User Role -

User Role Domain Level Permissions:

· None

Archive Compliance Officer (ACO)
Gives a user the permission to selectively purge journaled and historical messages from their archive database. This allows your company to be in compliance with local privacy laws. This role is designed to be used primarily to delete archived messages and not as a day-to-day user account.

ACO Role Specifics:

· The ACO can only be created by the Customer Admin Role
· The ACO is the only role that can purge archived messages
· Can only sign into the Email Archive service
· Can search for all archived messages
· Can view the Overview Page
· Can view and modify the Legal Hold status
· Does not have access to the Email Archive Setup and/or Mail Sources Tab
· Landing page after signing in is the Email Archiving Overview page
· If using the Email Archive Outlook Add-in, they can only view their own messages.

ERROR: This domain name does not match domain registered in the license key file (, allowed domains:,localhost, please change the product path to match the domain under Admin CP > Settings > General Settings
This product will not work properly unless untill that value is changed.

For more information please contact Kayako support at