More functionality and granularity is needed within Sophos Central. Currently we are limited to these base roles of Super Admin, Admin, Help Desk and Read Only. A custom role can be created, but this really only allows the role to limit which products you want to provide Admin, Help Desk or Read Only access to. We need the capabilty and flexibility to get further granularity into what a custom role can do within the platform.
For example, we are an organization which has Information Security separated from Information Technology. The current setup does not allow for our IT team to manage the devices (such as download the Agent, Manage Tamper Protection and other settings) without granting them too many permissions. Then when trying to lock them down they are not able to do the tasks that are necessary because only half of what we need them to do becomes unavailable. I understand we could change what activities these groups perform between IT and Security, however this prevents the separation of duties that we are trying to enforce and the privilege of least access is thwarted. The flexibility to address organizational needs is limited with the current role setup and would be great if this could have more granularity added.