This functionality is already in place. While you cannot specifiy a subset of customer accounts, you can create Customer Administrators on customer accounts.
Available administrative roles are:
- Partner Administrator
- This account type has complete access to the accounts under the partner shell, and can create new customers and new primary domains, but cannot create or change passwords on any user account or view any user accounts' Email Continuity inbox.
- VAR Administrator
- Similar to the Partner Administrator, but cannot make any revenue impacting changes to client accounts.
- Customer Administrator
- Contained to a customer account only, and has administrative access to all domains under the customer account.
- Domain Administrator
- Contained to a single domain
- Limited to specific permissions, identified in link to KB below
- Quarantine Manager
- Reports Manager
- Group Administrator
- Can see the users in their group (list of users), and can make changes to policies that are owned by group.
KB Article with permission level details: https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=&inc=3948 6&caller=~%2fFindAnswers.aspx%3ftxtCriteria%3dA039486-110110%26sSessionid%3d
- Partner Administrator
I know that. However, this partner and others want to be able to assign specific account admin to speific customers, e.g. eithe for tech support, billing or both. They had this abiltiy in Postini, they would really like it in McAfee. When you have resellers of 8-10 years having it one way for so long, it's hard to make changes with like parity between the products.
Frank, just to clarify what you're looking for. Are you wanting to be able to specify a VAR-Admin user to also be a Customer Administrator role for specific accounts?
e.g. "bob [at ] reseller.com" is has both VAR Admin rights but also Customer Admin Rights with ABC Co, DEF Corp, etc.?
Or are you referring more to specifying a user as an authorized Support Contact, authorized Billing Contact, etc?
No. Our partner has sales and tech support users assigned to specific customer accounts. With McAfee, they would need to assign them as a VAR Admin and they have access to all accounts, they do not want this. In Postini, they could add a specific admin to each account as they were activated and also set allowed permissions. Albeit not by a group policy. Because of the hierarchy differences between Postini and McAfee, we can solve this problem by a admin group policy in McAfee.
For example, I assign a user as a VAR Amin, within that role, I can A. allow full access or B, assign specific customers. It would also be great to set additional levels of permissions allowed on a customer level. I would be happy for now, to just have group admin policies.