What are admin roles?

Admin roles

The Google Admin Console offers a range of administrative roles that can be assigned to users to manage various aspects of an organization's Google services. We have pre-built admin roles with different privileges access. You can also create a custom admin role to assign specific privileges to individual users.


  1. Super admin:

This role has access to all administrative features and controls across all Google services. They can manage user accounts, groups, and domains, as well as access and edit all settings and configurations.

  • Create and assign administrator roles.
  • Manage other super and delegated admins, including changing passwords.
  • Transfer ownership of files during the user deletion process.
  • Accept the Terms of Service for a product.
  • Create and assign administrator roles.
  • Manage other super and delegated admins, including changing passwords.
  • Transfer ownership of files during the user deletion process.
  • Accept the Terms of Service for a product.

We can have multiple numbers of super admin for a single admin console, but google recommended having at least 2 super admin, if one super admin forgets your password the other can reset it for you. You can also allow super admins to reset their own passwords

       

2.  Group admin:

Group admin has full control over Google Groups tasks in your Admin console. This admin can perform group-related tasks in the Admin console.


  • View user profiles and your organizational structure.
  • Create new groups in the Admin console.
  • Manage members of groups created in the Admin console.
  • Manage group access settings.
  • Delete groups from the Admin console.
  • View organizational units.

There are 2 more group admin roles to delegate administration with more restricted privileges. 

  • Groups Reader can read Groups information, but not change or update any of it.
  • Groups Editor has the permissions of a Groups admin, except for the Privilege required to add/remove security labels on groups resource.

3.  User management admin:

  • This role can manage user accounts and groups, including creating, editing, and deleting accounts, resetting passwords, and assigning roles and permissions.
  • We can limit their privileges to specific organizational units.
  • User management admin cannot reset passwords  or change role for super admins  
  • User management admin can allow users to change their profile, date of birth, name, and gender.

4.  Help desk admin:
  • Help desk admin Can reset passwords for users who aren't admin, both in the Admin console and the Admin API.
  • This administrator can also view user profiles and your organizational structure. 
  • This administrator can view organizational units.
  • When you assign a user to the Help Desk Admin role, you can limit their privileges to specific organizational units.

5.  Service admin:

The User Service Admin is a role within the Google Admin Console that is responsible for managing and supporting specific Google services for users in an organization. This role has a more limited set of permissions than the Super Admin or User Management Admin roles, but it still plays an important role in managing and maintaining Google services. 



  • User Service Admins can manage settings and configurations for specific Google services, such as Gmail or Google Drive. They can customize settings for individual users or groups of users, such as enabling or disabling specific features. 
  • User Service Admins are responsible for providing technical support to users for specific Google services. They can troubleshoot issues, answer questions, and escalate issues to other administrators or Google support as necessary.
  • They have full access to the alert center.
  • They can able to manage the Google Takeout


Overall, the User Service Admin role is responsible for managing and supporting specific Google services for users within an organization.


6.  Mobile admin:

Mobile Admin is a role within the Google Admin Console that is responsible for managing and securing mobile devices that are used to access Google services within an organization. This role has a specific focus on managing mobile device policies, settings, and configurations. 

  • Provision and approve devices.
  • Manage apps.
  • Block or wipe devices and accounts.
  • Set device policies.
  • See groups and users in the domain.           

NOTE: It is only available to customers who signed up for Google Workspace after February 2018. If you joined before this date, you can create a custom role with the same access.       

      


7.  Storage admin:


We can use the Storage page in the Admin console. This administrator can.


  • View their organization’s storage use.
  • View the users and shared drives that use the most storage.
  • Set storage limits.
  • Open the Accounts report, the directory of users, and the list of shared drives.
  • This role also gives them full access to Reports and Drive settings.
  • Users can able to read the user and group


We can Create custom administrator roles, if the pre-built roles don't meet your needs, create your own custom roles. For each custom role, choose from the same set of privileges used in the pre-built roles, grouping them however you want.



For further reference, check this article.