I am the enterprise community manager, but also responsible for all business-side activities for our instance.
- I have full admin rights for all spaces, groups and projects (for unknown reasons the only thing I can't do is delete a group).
- I also have full admin rights to the home page.
- I have some admin console permissions, but we have never mapped them out as I rarely do any system-type activities.
Our other enterprise role is the System Admin, who is in charge of maintaining the application. They have all of my permissions plus all of the backend stuff. They rarely do any community manager type actions.
We also have three defaults for individual spaces, but a new space can only be created by our System Admin:
- Space Owners: full admin rights to individual space and subspaces, create subspaces
- Space Contributors: View all content, author content, edit own content, participate in other content (ex: a VP can post under his/her name)
- All Users: View all content, participate in other content, edit own contributions, can't create new content.
Thank you for the reply - one quick follow-up to something that you posted - I think that unless you have a higher level of access, you can only delete a group if you were the creator. So even if you are an owner, you can‘t delete it unless you created it. (that has been my experience - I can delete groups that I created, but no others)
I'm the ECM for our internal community as well and have the same permissions that Jesse listed.
I started out with broader access, but there was really know reason for me to handle some of the more technical issues, so they locked those down to our system admin.
Our team of system admins routinely operate under Manage System and Moderate Content. We keep Full Access turned off at the system level so that we aren't seeing private/secret content that we shouldn't see.
But we reserve the right to elevate our selves to Full Access to perform certain admin functions when needed (such as Home page updates, helping with groups that we don't have group owner rights for, etc.). But we immediately turn our Full Access off when we are done doing that job.
Early on when some of us had Full Access on for our daily interactions, we had instances of our team accidentally engaging, liking or voting on things that they shouldn't be seeing...and then us having to go to those group owners to apologize. So we changed our setup. And I like not feeling like I am inadvertently spying on people that created private/secret stuff in confidence unless required by the job.