Symantec Endpoint Encryption includes many features to help administrators manage their encrypted environment. One such feature is the ability to assign various permissions for Symantec Endpoint Encryption roles to include various levels of granularity.
These roles are assigned in the SEEMS Configuration Manager and this article will go over this process.
To view and assign the Server Roles:
Login to the Windows Server where the SEE Management Server is installed.
Open the SEEMS Configuration Manager.
Click on Server Roles.
The resulting screen will list the available roles you can assign. You can add groups and individual users to assign these roles to.
Below is a detailed list of the roles and what they allow the group/users to do:
Server: This permission gives the users access the SEE Management Server, to be able to promote other administrators and assign more roles.
Setup: This allows the permission for an admin to install the SEE Client.
Reports: This allows the users to see the Server Reports.
Policy: This allows the users to administer the SEE Policies.
Helpdesk: This allows the users to see the Help Desk Web Console to obtain recovery keys.
*Note*: It is always recommended to give the least amount of privileges to perform duties. For example, you would not provide someone access to Reports if the only function they will be performing will be Helpdesk.
In order to access the Roles Report, login to the SEE Management Server Web Console, and then expand Management Server, then click on "Admin Server Roles":
Once on this page, click on the "Share" icon and then you can save the CSV file for further review.
The report above will include all the various levels of access that each SEE Administrator has been provided ranging from Helpdesk access for recovery keys, to Server Access where full permissions may be assigned.
162352 - Symantec Endpoint Encryption Help Desk Recovery (Challenge Key Recovery - Connectionless Recovery)
258513 - Symantec Endpoint Encryption Help Desk Recovery (Connected Recovery - SEE Client connected to the SEE Management Server)
259042 - How to Reset the Symantec Endpoint Encryption Management Server Password