Google Postini Services logo
Message Security Administration Guide >  Administrators > Create Administrators and Manage Authorization Records
 Print Previous Next

Create Administrators and Manage Authorization Records

Creating an Administrator
Viewing and Editing Authorization Records
Administrators and POP Authentication

When you create an administrator:

*
Check your authorization record -- Your authorization record needs the Add Users, Assign Authority, and Assign Peer Authority (optional) privileges:
*
Add Users -- If the new administrator is not yet a user in the system, you must have full Add Users privileges for the organization where you are adding the new administrator. For more information, see The Message Security Authorization Reference, “All Standard Privileges” chapter’s AddUsers privilege.
*
Assign Authority -- To create new authorization records for users in your organization and sub-organizations, and to view or edit existing authorization records for users in your organization and sub-organizations, you must have full Assign Authority privileges. For more information, see The Message Security Authorization Reference, “All Standard Privileges” chapter’s Assign Authority privilege.
*
Assign Peer Authority -- To create a peer administrator record in the same organization as one of your administrator records, you must have the +Modify Assign Peer Authority privilege. For more information, see The Message Security Authorization Reference, “All Standard Privileges” chapter’s Assign Peer Authority privilege.

For further information on viewing your authorization record, see Viewing and Editing Authorization Records. If you, as the managing administrator, do not have these privileges, contact your account administrator.

*
Create a user -- The new administrator must be an existing user in the system. If the user does not already exist, you must create a new user. For more information about how to add a new user, see Add / Delete / Move Users.
*
Define the new administrator -- Deciding what type of administrator to create is a critical preliminary step before configuring the new administrator. It is common for one administrator to have several administrative jobs. This administrator’s configuration is a combination of the administrator types described in this chapter. For a chart comparing different administrator types, see Comparing Types of Administrators.
*
Decide where to place the authorization records -- Once the administrator type is determined, decide what part of your organization hierarchy the new administrator will manage. This is where you assign the administrator’s authorization records. In some instances, an administrator has several records assigned to different organizations. See Types of Administrators.
*
Create an administrator -- Create the new administrator and configure the authorization record. Follow the instructions in Creating an Administrator. When you are ready to populate the administrator’s authorization record, see Types of Administrators for the recommended privilege settings for each type of administrator.
*
If needed, customize the authorization record -- Use the detailed reference information for each privilege to customize your administrator’s settings. See The Message Security Authorization Reference, “Message Archiving Privileges”, “All Standard Privileges”, and “Inbound Mail Processing” chapters.

Note: An account administrator, with the Assign Peer Authority privilege enabled, can create and change settings for a peer account-level administrator.

Creating an Administrator

To create a new administrator:
1.
If the user does not already exist, create a user account for the administrator. See Add / Delete / Move Users for more information.
2.
In the Administration Console, go to Orgs and Users > Authorizations.

3.
Choose the organization where the administrator should have privileges.
4.
Click List.

5.
Enter the administrator’s email address in the User field, and click Add record.
6.
Edit and set the privileges you want to give the administrator. For more information on recommended settings for common administrator types, see Types of Administrators.

WARNING: Modifications to the authorization record take effect immediately. Unlike modifying a user or organization, you do not have to click a submit button to save to the authorization record.

If the administrator needs access to support, please contact the appropriate support channel.

7.
The new administrator receives a temporary password for the Administration Console. You can view this password in the User page for the new administrator. When the administrator logs in for the first time, the administrator is prompted to change the password.

This new password also becomes the password for the administrator’s Message Center.

Viewing and Editing Authorization Records

1.
Go to Orgs & Users > Authorizations.
2.
In the Authorizations page, choose an organization from the Choose Org pull-down list, or enter an administrator’s address, and delete the text in the by organization field (if any).

3.
Click List.
4.
You see a list of users who have authorization records.

Example of results by organization:

Note: By selecting a User, you see all of the other organizations this user can administer.

Example of results by address:

Note: Administrators who have authorization records in the same organization (peer administrators) can edit each other’s authorization records.

5.
In an emergency or under special circumstances, an administrator can delete a peer administrator. For example, bchad@corp.jumboinc.com can delete the New York authorization record assigned to abradley@corp.jumboinc.com. Click Delete to delete a peer administrator’s authorization record.

Note: This does not delete the administrator’s user record.

6.
Click Edit profile to display the administrator's authorization record for that organization.
7.
Edit the administrator’s Read or Modify privileges.
a.
With the Read privilege, an administrator can view settings and configurations.
b.
With the Modify privilege, an administrator can edit settings and configurations. For recommended administrator-privilege settings, see recommendations for each type of administrator in Types of Administrators.
c.
If the privilege checkboxes are greyed out, you do not have privileges to edit the administrator’s authentication record. Contact your appropriate support channel.
d.
You have the option of assigning a category of privileges (such as “User Settings”) or a specific privilege within that category (such as “Add Users”). By selecting a category, all privileges in the category are selected. You can then deselect specific privileges if necessary.

WARNING: Unlike modifying a user record or organization record, you do not have to click a “Submit” button to enforce changes or additions to the authorization record. Modifications to the authorization record take place immediately. There is no opportunity to cancel changes.

Administrators and POP Authentication

Note: POP Authentication is a legacy feature of the message security service. If you would like to know more, or if you have any questions, please contact Support.

Authenticating users through POP authentication passes unencrypted passwords across the Internet. Because that would introduce a security risk, administrators never authenticate using POP. When you create an administrator in an organization which uses POP authentication, PMP will be used instead.

Authentication by cross-authorization and by PMP is secure, and therefore acceptable for administrator log in. For more information, see  User Authentication.

*
Related Topics
*
About Administrators and Authorization
*
Administrators and the Organization Hierarchy
*
Limiting Authority
*
Types of Administrators
*
Descriptions of Privileges
*
Troubleshooting Authorization
Print Previous Next