Sophos Central Role Management

Question

When modifying one of our custom roles in Sophos Central for our IT Helpdesk staff, we wanted to allow one of them to do a directory sync from within "Directory Service" under the the e-mail protection settings. 
 When I grant the custom role "Full" access for "Email Gateway", they do not get the "Sync" button when they access the Directory service listed. 
 Right now, the custom group for our IT Helpdesk staff have Helpdesk permissions to our Endpoint Protection, and nothing else except for "Email gateway". 
 They had "Read Only" permissions to it originally, but when I increase the level of access, nothing seems to change when they browse to it. 
 What might I be missing?

GlennSen · Answer

Thank you for reaching out to the community forum.

The Helpdesk Role does not have access to perform the ADSync rule as it's only limited to the below Access privileges.

On this documentation, under "Requirments", it’s stated that you need to have admin access. This access does not involve a role under role management. You need to set up an account Under API Credential Manager. And select the role " Service Principal Active Directory Sync API role".

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids