IBM Security MaaS360

I would like to verify the following. Is the permission sequence correct?

Read-Only (lowest level)
Help Desk
Administrator
Administrator Level 2
Service Administrator
Partner Administrator (highest level)

What role must a user who is a MaaS360 administrator have? Will the admin service role be sufficient?

I have a customer where admins have the roles Administrator, Administrator - Level 2, App Approver, Help Desk, Read-Only, Service Administrator, Portal Administrator set.
I think that the role of Service Administrator should be enough for them. It is so?

What do the admin and admin1 roles allow? These roles are not described in the knowledgebase.

------------------------------
Martin Hansgut
------------------------------

Hi Martin
Sincere apologies in the delay in responding, have just seen this now. 
Here's a link to the definition of the roles which are standard (5) in the portal and you can create any number of custom roles. https://www.ibm.com/support/knowledgecenter/SS8H2S/com.ibm.mc.doc/pag_source/concepts/pag_setup_admin_roles.htm
The custom roles can contain any permissions you want, here's 2 examples: 
- Trainer role for large numbers of admins where you want to show them basic portal management but not allow 'the keys to the safe'. So you might allow them to change policies for groups of devices they work with, but not allow them to modify the settings within policies. 
- App Admin: where someone is working more specifically with apps, so you might allow them app distribution rights but not the ability to add an app to the Catalog. 
Please have a look at the link above regarding your Service Administrator role, this will give you the permissions it contains and if it doesn't suit you can create a new custom role and assign to individual admins or groups. 
Please note if you add/remove roles to an admin user, you should get the user to Sign out / Log out as if they only close browser and log in again the session will remain active and changes won't show. 
Best

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------

Original Message:
Sent: Wed October 21, 2020 11:46 AM
From: Martin Hansgut
Subject: Hierarchy of role permissions.

I would like to verify the following. Is the permission sequence correct?

Read-Only (lowest level)
Help Desk
Administrator
Administrator Level 2
Service Administrator
Partner Administrator (highest level)

What role must a user who is a MaaS360 administrator have? Will the admin service role be sufficient?

I have a customer where admins have the roles Administrator, Administrator - Level 2, App Approver, Help Desk, Read-Only, Service Administrator, Portal Administrator set.
I think that the role of Service Administrator should be enough for them. It is so?

What do the admin and admin1 roles allow? These roles are not described in the knowledgebase.

------------------------------
Martin Hansgut
------------------------------