The root role or the System Administrator role is responsible for enabling Trusted Extensions. You can create roles to divide administrative responsibilities among several functional areas:
The security administrator is responsible for security-related tasks, such as setting up and assigning sensitivity labels, configuring auditing, and setting password policy.
The system administrator is responsible for the non-security aspects of setup, maintenance, and general administration.
More limited roles can be configured. For example, an operator could be responsible for backing up files.
As part of your administration strategy, you need to decide the following:
Which users are handling which administrative responsibilities
Which non-administrative users are allowed to run trusted applications, meaning which users are permitted to override security policy, when necessary
Which users have access to which groups of data