Permissions to configure group policies
Kaspersky Security Center administrators can configure the access rights of Administration Console users for different application functions, depending on the job duties of users.
For each functional area, the administrator can assign the following permissions:
- Allow editing. The Administration Console user is allowed to change the policy settings in the properties window.
- Block editing. The Administration Console user is prohibited from changing the policy settings in the properties window. Policy tabs belonging to the functional scope for which this right has been assigned are not displayed in the interface.
Permissions to access sections of the Kaspersky Endpoint Security Administration Plug-in
Functional scope
Policies section
Android Enterprise
Android work profile
Anti-Theft
Anti-Theft
App Control
App Control
Protection
Protection, Scan, Update
Compliance control
Compliance control
Containers
Containers
Device settings
Device Control, Synchronization
Managing Samsung devices
APN, Managing Samsung devices, KNOX containers
System management
Advanced, Wi-Fi
Web Protection
Web Protection
Permissions to access sections of the Kaspersky Device Management for iOS Administration Plug-in
Functional scope
Policies section
Additional
Web clips, Fonts, AirPlay, AirPrint
Exchange ActiveSync
General, Password, Synchronization, Features restrictions, Applications restrictions
General
General, Single Sign-On, Web Protection, Wi-Fi, Access Point Name (APN), Exchange ActiveSync, Email, Custom Payloads
LDAP (calendar / contacts)
LDAP, Calendar, Contacts, Calendar subscriptions
Limitations and security
Feature Restriction, Restrictions for Applications, Restrictions for Media Content, Password, VPN, Global HTTP proxy, Certificates, SCEP