Admin console provides us ways to create custom roles and based upon that we can create Administrators. Follow the below steps to create an administrator with specific privileges. 

Follow these steps:

1. Ensure that you are logged in as the MA.
2. Activate the Users and Administrators tab.
3. Click the Manage Roles link on the submenu of the tab.
4. Under the Manage Roles section, click the Create Custom Role link. The Create Custom Role page appears.
5. In the Role Details section, specify the following information:
   
   • Role Name: The unique name to identify the new role. CA Risk Authentication uses this name internally by authenticating and authorizing this new role.
   • Role Display Name: The descriptive name of the role that appears on all other CA Advanced Authentication pages and reports.
   • Role Description: The useful information that is related to the role for later reference.
   • Role Based On: The pre-existing role from which this custom role is derived.
6. In the Set Privileges section, specify the roles to exclude to the new role:
   
   1. In the Available Privileges list, select all the privileges that you want disable for the custom role.
      This list displays all the privileges available to the administrative role that you selected in the Role Based On field.
   2. Click the > button to move the selected privileges to the Unavailable Privileges list.
7. Click Create to create the custom role.
8. Refresh all deployed CA Risk Authentication Server instances.
9. Create the Administrator with that privilege.