Skip to main content

Admin Access Manager Role Matrix

The Admin Access Manager application allows eligible staff to request new admin access accounts and roles for Active Directory and Microsoft 365 (formerly Office 365) end-systems. 

Role/Account Matrix

The following table shows the roles/privileges that are available for request through Admin Access Manager.

Admin Access Role/Privilege
Account TypeAD Domain AdminAD Enterprise AdminAD Schema AdminO365 Global Admin
AD Alternative Domain AccountAvailableAvailableAvailable 
AD Service Account    
O365 Admin Account   Available
O365 Application Account    
O365 Service Account    

Functional Role Definitions

The following table defines all of the possible user roles for the Admin Access Manager application. 

Functional RoleDefinitionFunctionality
Account OwnerA user who is the owner of a Service or Alternative Domain account, or SUNet account. (Privileged roles are granted to these accounts).Has the ability to submit a request (as a Requester) in Request Manager and view the roles that are currently granted to their account.
Requester

A user requesting a Service or Alternative Domain account.

Or a user requesting a privileged role.

Has the ability to submit a request in the Admin Access Manager.
Manager (Account Owner’s Manager)Account Owner’s immediate (line) manager.​Has the ability to view and approve or deny role requests for their direct reports.
Role OwnerA user who has granting/revoking authorization for specific privileged roles. ​Has the ability to view and approve or deny role requests for the specific roles that they own.
Administrator (Full access)Superuser who can view and make (limited) modifications to all requests in Request Manager

Has the ability to move requests through the workflow

e.g. changing the role approver; viewing all requests, and viewing reports. 

Does not have the ability to approve/deny role requests directly.

Administrator (Read-Only access)A user who can view but not modify requests in Request ManagerHas the ability to view all requests and view reports. Note: some fields may be hidden from these users.
Last modified