This article details the different server rights and privileges for PGP Encryption Server Administrator roles (Symantec Encryption Management Server).

PGP Encryption Server is pre-configured with the following roles for administrators:

Read-Only Administrator

• View settings and logs.

WDRT-only Administrator

• View settings and logs
• Access and read Whole Disk Recovery Tokens.

Service Control Only

• View settings and logs.
• Start and stop services but not configure them.
• Shutdown or restart the server.

Basic Administrator

• View settings and logs.
• Start, stop services and configure services.
• Shutdown or restart the server.
• Access and read Whole Disk Recovery Tokens
• Configure system settings, install updates and restore backups.
• Manage messaging policies, manage users and their public keys.
• Vet users.

Full Administrator

• View settings and logs.
• Start, stop services and configure services.
• Shutdown or restart the server.
• Access and read Whole Disk Recovery Tokens
• Configure system settings, install updates and restore backups.
• Manage messaging policies, manage users and their public keys
• Vet users.
• Configure clustering.
• Export user private keys and manage organization, trusted, ignition, and Additional Decryption Keys (ADKs).

SuperUser

• View settings and logs.
• Start, stop services and configure services.
• Shutdown or restart the server.
• Access and read Whole Disk Recovery Tokens
• Configure system settings, install updates and restore backups.
• Manage messaging policies, manage users and their public keys
• Vet users.
• Configure clustering.
• Export user private keys and manage organization, trusted, ignition, and Additional Decryption Keys (ADKs).
• Access the server using SSH with key based authentication.
• Create and manage other administrators.