Managing Custom Roles

On the Custom Roles page in the Roles & Permissions module in the Enterprise Admin Console, you can create, manage, and delete custom admin and user roles. Custom user roles enable you to control and provide additional and customizable permission sets to managed users and groups that they can use in-turn to manage other users. A permission set for a custom admin role specifies access to one or more specific parts of the Enterprise Admin Console. For example, you may want a custom user role to allow a user to add new users, but not allow that role to delete a user.

In, there are built-in roles for administrators that cannot be customized, but can be assigned to more than one user. For more information, see Managing Admin Roles.

The following illustration shows an example of the Custom Roles page in the Roles & Permissions module.

To sort the list of column values, click the Arrow Up  icon or Arrow Down  icon to the right of a column name. The following list describes the columns displayed in the admin console table.

Column Description
User Role Name Displays the name of the custom admin role.
Description Shows the optional description for the custom admin role.
Applied To Displays number of users and groups assigned to the custom admin role. Click < X Users > or < X Groups > to view the list of users or groups assigned to that custom admin role.

This section describes the commands available on the Action bar for the Custom Roles page in the Roles & Permissions module.

The list of entries in an admin console table can be very large depending on the size of your company, for example, a list of users or teams. To find one or more specific roles, in the Search field, enter at least three characters, and then press enter.

Note: The number of search terms in a search query is unlimited, however, no more than the first 20 characters of each search term is used to return search results.

Click the Add New WebAddNewButton.png button to display the Create New User Role dialog. For more information, see Create a New User Role.

Select a user role to delete, and then in the Group Action drop-down list, click Delete. For more information, see Delete a Custom User Role.

The following table lists permission sets that can be assigned to users and groups as custom user roles. When you assign permissions to a user or a group, the user can access the related Enterprise Admin Console pages at the next log on.

Category Permissions Description Enterprise Admin Console Module Accessible to Users and Groups
Enrollment Invite Invite users via email and invite users already imported. Enrollment > Invite
Import Users / Sync Import users via files. Enrollment > Import
Directory Sync Enroll users using Microsoft® Active Directory® Sync. Enrollment > Directory Sync
User Management Manage / Unmanage User Add managed users, remove managed users Users & Teams > Users
Manage User Profile Fields Manage the fields displayed in user profiles, and view the Distribution Lists page. Users & Teams > Users User Settings tab
Manage / Unmanage Team Add managed teams, remove managed teams. Users & Teams > Teams
Manage Groups Create groups, add or removed group members, and view the Distribution Lists page. Users & Teams > Groups
Admin Roles Manage Built-In Admin Roles Assign and revoke users from built-in admin roles. Roles & Permissions > Admin Roles
Manage Custom Admin Roles
  • Setup and manage custom admin roles.
  • Assign and revoke users from custom admin roles.
Roles & PermissionsCustom Roles
Message Control Manage Message Control Templates
  • Create message control templates.
  • Retire message control templates.
Message Control Templates
Manage Rules Based Usage of Message Control Templates Create, delete, retire, and apply rules-based message control templates. Message ControlMessaging Rules
Create and manage Geo-fence Zones Create and share geo-fence zones by using messaging rules and templates. Message Control > Geo Fence Locations
Application Control Create and Manage Application control Create new application control templates and retire templates. Roles & PermissionsApplication Roles
Security Password Policies Configure and manage password policies. Security > Password Policy
Single Sign-On Configure and manage Single Sign-On. Security > Single Sign On
Domain Management Manage domain Security > Domain Management
Enable/Disable MDM Control Manage MDM control settings Security > MDM Control


Manage Company Branding Manage company logo Branding > Logo
Manage Usage Policy; Invitation Templates Manage content in the Terms of Usage template, Usage Policy template, and Invitation templates. Branding > Usage Policy
Billing Admin Manage Billing Profile & Payment Settings Edit billing and payment information, and make payments. Billing > Billing History, Account Summary, Billing Profile Analytics View Reports View reports for user account usage.

Analytics > Activity Report

View and Run Audit Reports

Access Audit reports, run reports, use filter criteria.

Analytics > Audit Report

Compliance Enable / Manage Retention Enable retention for accounts, and manage default retention policies. Compliance > Retention
Manage eDiscovery / Hold Manage eDiscovery and in-place hold management for messages. Compliance > eDiscovery
View eDiscovery / Hold View only permissions for eDiscovery and in-place hold messages. Compliance > eDiscovery with the Add New and Delete controls disabled.
Message Trace & Recall Manage message tracing and permission to recall messages. Compliance > Message Trace
Enable / Message Archiving Enable, configure, and manage the archiving of messaging data. Compliance > Archive Data
Message Management Post Templates Create, define, and assign Post Templates for rooms. Message Management > Post Templates
Team Creation, Profile and Settings Edit Team Profile & Settings Edit team profile settings and features. Transfer of ownership. Profile & Settings
Team Member Enrollment Invite Members Ability to invite new members to a team. Member Enrollment
Team Member Management Manage Team Members Remove members from a team. Manage Members
Edit Team Admin Roles Assign and modify Team Admin roles currently assigned to team members. Manage Members
Team Admin Roles Manage Team Roles Ability to manage team roles – create roles; apply roles to team members. Roles & Permissions
Manage Rooms Create and Manage Rooms Create a room; delete/archive rooms; edit all room settings for teams. Manage Rooms
Team Billing Create and manage Billing Profile Create/Edit/Manage billing information for teams. Billing
Team Analytics Access and view reports in Analytics Module Ability to access Analytics module and run reports. Analytics > Activity Report
View and run Audit Reports Access, view, and run only Audit Reports for system events. Analytics > Audit Report
View Reports on Default Dashboard View user account usage reports on the Team Admin Dashboard Dashboard
Team Compliance Manage Retention Set up, manage retention for teams. Compliance > Retention
Manage eDiscovery / On-Hold Set up, manage eDiscovery and in-place hold for teams. Compliance > eDiscovery

In This Section

Next Steps

After managing custom roles, you may want to add or remove users from the built-in admin role. For more information, see Managing Admin Roles.