Granting Kaspersky Security Center users the access rights corresponding to their user roles in Kaspersky Industrial CyberSecurity for Networks
To utilize Single Sign-On technology and perform specific actions in the Web Console, Kaspersky Security Center users must be granted the access permissions corresponding to their user roles in Kaspersky Industrial CyberSecurity for Networks. You can grant these permissions after the file containing the configuration of the rights-based access control model (RBAC) for Kaspersky Industrial CyberSecurity for Networks has been uploaded to the Kaspersky Security Center Administration Server.
The configuration is loaded automatically after installation of the Kaspersky Industrial CyberSecurity for Networks Administration web plug-in. If the configuration was uploaded to the Administration Server, the file named KICS4NET_<file version number>.conf was saved in the folder %ProgramData%\KasperskyLab\adminkit\1093\dat\rbac\. If the specified folder does not contain the file named KICS4NET_<file version number>.conf, create and configure the "Download updates to the Administration Server repository" task. You can select the Kaspersky update servers as the source of updates.
After loading the RBAC configuration for Kaspersky Industrial CyberSecurity for Networks, Kaspersky Security Center will provide the capability to assign users the permissions corresponding to the Administrator and Operator roles of Kaspersky Industrial CyberSecurity for Networks.
User roles in Kaspersky Industrial CyberSecurity for Networks have the following corresponding access rights in Kaspersky Security Center from the functional scope of Kaspersky Industrial CyberSecurity for Networks: General functions:
- Read – corresponds to the Operator role.
- Write – corresponds to the Administrator role.
Together with these rights, users must also be assigned all rights from the functional scope of the Kaspersky Security Center Administration Server: General functions: Basic functionality (this functional scope includes the rights to Read, Write, Execute and Perform operations on device selections).
If access rights are assigned to users by means of Kaspersky Security Center roles, then you must add the administration group containing the computer with the Kaspersky Industrial CyberSecurity for Networks Server installed to the role scope. To do so, on the Scope definition page in the Role Assignment Wizard, select the Managed devices administration group.
