Box Status
Print

Managed User Roles

User roles define what managed users can do in Box. Any of the following roles can be assigned to a managed user:

  • Admin
  • Co-admin
  • Group admin
  • Member

Admin Role

The Admin role has the highest level of authority and access within your enterprise. Only one managed user can be assigned the Admin role, although one or more managed users can be assigned co-admin roles. Admins can:

  • Access the entire Box Admin Console (Business Plans and above)
  • Assign Co-admins, group admins and define Co-admin access permissions
  • Log in to any user’s account (Business Plus and above plans only)
  • Configure account-wide settings for sharing, apps, notifications, security and more
  • Run reports to monitor account activity
  • Run reports to audit changes in security settings (Enterprise only)

As the Box Admin, you can change the Admin role to another managed user account.

Co-admin Role

If your Box organization is large, you may want to share administrator duties with one or more co-admins. Co-admins have the same access as the Admin, except they 

  • Cannot make changes to the Admin’s own permissions
  • Do not have access to billing information
  • Cannot log in to the Admin’s (or another co-admin’s) account
  • Do not have access to the Silent Mode tool
  • Cannot edit the primary admin's settings or reset the primary admin's password
  • Cannot invite collaborators into folders (if Restrict Invites is selected with the Enterprise Settings)

You can otherwise customize access for Co-admins. See the Co-admin Permissions section in Users & Groups Settings for details about each permission you can assign.

Group Admin Role

This is a good role to assign if there’s someone on your team who needs to manage only a subset of your users. Group Admins can:

  • Pull reports on usage, file and user statistics on their specific group
  • Add managed users into the account under their specific group
  • Manage the members and folder permissions in their specific group

Member Role

These users don’t get any of the permissions above, but they do have the ability to take actions that you specifically allow, depending on your account-wide settings. By default, regular users can also invite collaborators and groups to folders, although account permissions can be configured such that only folder owners and admins can send invitations to shared folders. Permissions for individual groups can be modified under the groups tab in the Admin Console as well.

Related articles