About Delegated Admins

Overview

Delegated Admins are users with access to specific resources and permissions across your platform.

For instance, a Delegated Admin can manage policies within their own territory and apply those policies to users within their territory.

TD Administrators can promote users to a Delegated Admin. The user must be part of / assigned a Delegated Group, which are a set of users restricted to specific permissions. TD Administrators can add or delete group policies, or Delegated Policies to the Delegated Admin, which enable them to make determinations about global permissions they can assign to their designated set of users. This guide provides details on how to apply, update, or remove Delegated Groups and its associated roles and permissions.

The following table highlights the two primary roles for Delegated Groups and the responsibilities and limitations of each.

Role	Description
TD Admin	Can create, edit, or delete Delegated Groups. Can elevate roles for users to Delegated Admins (DA). Can assign a Delegated Admin to a Delegated Group. Can add specific policies to Delegated Groups. Can apply specific policies to Delegated Groups. Can add or remove restricted users to a Delegated Group
Delegated Admin	Can assign and un-assign Delegated Policies, or set of policies for specific users within a Delegated Group. Can remove users from a Delegated Group Limited to working with the set of policies and users assigned to them.

Additional Relevant Terms

Term	Description
Delegated Policies	A group of policies under the purview of a Delegated Admin.
Delegated Group	A group of restricted users under the purview of a Delegated Admin.
Delegated User	A restricted user that is part of a Delegated Group.