What are the Symantec File Share Encryption Roles?
Admin: This is the "owner" of the protected folder. The Admin can add users and remove users, and can change the roles of Users and Group Admins. The Admin has full rights to read and write to the protected folder. There can be only one Admin for each protected folder and it is created automatically by the creator — you do not need to specify an Admin manually for the protected folder. There is only one Admin per folder.
You become an Admin by creating a protected folder, adding yourself as a member, and applying the Admin role to yourself. You can be a member of multiple Admin sets at one time. The Admin role cannot be removed by a Group Admin, but an Admin can reassign his or her role to another member.
Admins must have full write access to the protected folder.
Group Admin : This is an "administrator" of the protected folder. The Group Admin can add and remove users, and can promote users to Group Admins or demote Group Admins to Users. There can be as many Group Admins as needed. The Group Admin has full rights to read and write to the protected folder. There can be multiple Group Admins for each Symantec File Share Encryption protected folder.
Group Admins must have full write access to the protected folder.
Users: This is the set of users who are allowed to access the protected files in the shared space. The files in the protected folder are encrypted to the keys of the Users. You become a User when a protected folder is created, you are added to the Symantec File Share Encryption, and the Admin or Group Admin assigns the User role to you.
All Users have equal privileges to read and write to the protected folder. Users do not have the ability to change the roles of other Users. You can be a member of multiple User sets at one time. Users do not have the right to decrypt files or folders. This is limited, so Users cannot decrypt files and re-encrypt the files with new role assignments.