User Roles

The User Roles screen provides a list of all default user roles and all custom user roles that you can assign to user accounts. User roles define which areas of the Control Manager web console a user can access and control. You can use this screen to create and edit custom Control Manager user roles.


If a custom user role in a previous Control Manager version has permissions to Policy Management menu items, the role will have full control permissions after upgrading to the current release. You can change the permissions to "Maintain" or "Read-only". When upgrading from a Control Manager version that does not include Policy Management, custom user roles have no permissions to manage or view Policy Management features until you choose to modify the role settings.

  • Only the Root, Administrator, and Administrator and DLP Compliance Officer accounts can add or edit user roles.

  • The access rights defined for a user role take precedence over the managed product/folder access rights that you configure for individual user accounts.

    For more information, see Managed Product Access Control.

The following table outlines the tasks available on the User Roles screen.



Add user roles

Click Add to create a new custom user role.

For more information, see Adding a User Role.

Delete user roles

Select the check box next the Name of an custom user role and click Delete to permanently remove the role.


You cannot delete any of the default user roles provided by Trend Micro Control Manager.

Edit user roles

Click the Name of a user role to edit or view assigned access rights.

For more information, see Editing a User Role.


You cannot edit any of the default user roles provided by Trend Micro Control Manager.

For more information about the default user roles, see Default User Roles.