User roles

Seclore Rights Management uses role-based access control to allow and restrict access to its components and functionality. Your ability to interact with the Seclore Rights Management environment is restricted by your role.

User roles in Seclore Rights Management are broadly divided into two categories: Business Roles and IT Administration roles.

Business roles

End user: The most basic role in Seclore. Every business user is an end user. The Seclore User Help Center covers the functionality available to end users in detail.
Security Administrator: This role includes additional abilities. It also allows you limited control over the actions of other users within the scope of your Organizational Unit, or OU. Every OU Administrator is also an end user.

Global Security Administrator: This role is for a member of the enterprise security team who is responsible for central administration and monitoring of the Policy Server. Security Administrator managing ‘All repositories’ of the enterprise is a Global Security Administrator. Every Global Security Administrator is also an end user and can be a Security Administrator of an OU.

Security Administrator and Global Security Administrator roles are generally held by business users and information security team members respectively rather than IT staff. This guide covers both roles in detail.

IT administration roles

The roles listed below are generally held by IT administrators.

System Administrator: Also known as the 'root user', this user performs important administrative activities related to the deployment of Seclore Rights Management.
Hot Folder Administrator: This role is responsible for performing activities related to Hot Folder administration, such as Hot Folder creation, mapping, and maintenance.

Comparing roles

Here’s a comparison of scope and abilities for a Security Administrator, and a Global Security Administrator.

Activtity	Global Security Administrator	Security Administrator
Managing Protected Files	Yes	Yes
Viewing Activities on Protected Files	Yes	Yes
Managing classification labels	Yes	No
Managing Security Policies	Yes	Yes
Agent Installation Reports	Yes	No
Managing Protector Licenses	Yes	Yes
Security and Risk Dashboard	Enterprise wide	Specific to OU
Managing Global Security Administrators	Yes	No
Managing Security Administrators of an OU	Yes (All levels)	Yes (Same OU level or below it)
Managing Enterprise Applications Integrations	Yes	No
Managing Hot Folder Cabinets	Yes	No

Here’s a comparison of scope and abilities on a granular level. Let’s see what file owners, security administrators, and global security administrators can and cannot do on protected files.

Activity	File Owner	Security Administrator	Global Security Administrator
Unprotecting a protected file	YES	NO	NO
Opening a protected file	YES	NO	NO
Viewing access permission on a file	YES	YES	YES
Changing access permission on a file	YES	NO	NO
Viewing activities performed on a file	YES	YES	YES
Granting other users access on a file	YES	NO	NO
Inactivating a file	YES	YES	YES
Activating an inactive file	YES	YES	YES
Changing the File Owner (transferring its ownership)	YES	YES (to a user other than themselves)	YES (to a user other than themselves)
Resetting the Machine Lock on a file	YES	YES	YES