Feature Request : Role required to disable tamper protection? [Customize Role definition for each Section ]

Question

I assumed that the "Help Desk" role would include the ability to disable tamper protection or view the tamper protection password for a device. 
 This seems a natural and obvious thing to need a Help Desk team to be able to do so they can diagnose issues and do uninstalls without requiring them to be full administrators of Sophos Central or need to involve those who are. 
 This doesn't seem to be the case though. 
 Surely not?

Aditya Patel · Answer

Hi Paul , 
 It would seem you may need to use admin role for such concern as the user can uninstall the Agent from the PC , that would have the same rights to change the policy . Although Central would improve as per customer demand . I would personally would like a Customized role with Read/Write for Certain sections . 
 I shall rename this Thread as a Feature request 
 Thanks and Regards 
 Aditya Patel

Aditya Patel · Answer

Hi Paul, 
 If you want to remove the endpoint from the system , then you may boot into safe mode and Uninstall the components from Control Panel . This would be a Workaround without Disabling Tamper protection . 
 You may follow the link for the procedure , and Share it with Help-Desk . 
 community.sophos.com/.../123743 
 Thanks and Regards 
 Aditya Patel