You can delegate the below-listed Defender roles to the users or groups you want. If necessary, you can delegate two or more roles to the same user.
| Role | Description | 
| Administrator | Members of this role can modify any Defender object and have complete control over the Defender configuration. This includes modification of all user-based Defender items. Members of this role can: 
 | 
| Basic Helpdesk | Members of this role can: 
 | 
| Provisioning | Members of this role can: 
 | 
| Enhanced Helpdesk | Members of this role can: 
 | 
| Auditor | Members of this role have read-only access to 
 | 
You can delegate permissions to specific user accounts so that they act as service accounts for the Defender components you want.
| Role | Description | 
| Defender Security Server | The user account to which you assign this role gets the sufficient permissions to act as the Defender Security Server service account. To specify the user account as the Defender Security Server service account, use the Defender Security Server Configuration tool. For more information, see Defender Security Server Configuration tool reference. | 
| Defender Management Portal | The user account to which you assign this role gets the sufficient permissions to act as the Defender Management Portal service account. The user account to which you assign this role must be a member of the local Administrators group on the computer where the Defender Management Portal is installed. After assigning this role to a user account, enter the account credentials in the Defender Management Portal. For more information, see Specifying a service account for the portal. | 
You can delegate permissions to perform one or several specific Defender tasks to the user accounts you want. You can delegate the following tasks:
You can delegate permissions to manage specific Defender objects, including the permissions to view or modify any of the object properties and the permissions to create, delete, rename or move objects on a user or group.
The available options are:
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Centro preferenze cookie