Managing accounts of program administrators and users

Kaspersky Anti Targeted Attack Platform provides accounts for servers with the following components:

Sensor. Administrator account for working in the program administrator menu and in the server management console (in Technical Support Mode).
The 'admin' account is used by default.
Sandbox. Administrator account for working in the program administrator menu, in the server management console (in Technical Support Mode) and in the Sandbox web interface.
The 'admin' account is used by default.
Central Node. The following accounts:
- Administrator account for working in the program administrator menu and in the server management console (in Technical Support Mode).
  The admin account that was created during program installation is used by default.
- Local administrator account of the program web interface.
  The Administrator account that was created during program installation is used by default. You can create other administrator accounts for the program web interface after installation.
- Administrator account of the program web interface.
- Program web interface user accounts with the Security officer and Senior security officer roles.

Data from each of these accounts is stored on the server hosting the program component to which the account belongs.

In distributed solution and multitenancy mode, data from each of these accounts is stored on the PCN and on the server hosting the program component to which the account belongs.

The administrator account used for working in the server management console has unlimited rights to manage the server hosting the program component to which the account belongs (superuser rights). Under this account, you can turn off or restart a server, or modify the settings of the program in Technical Support Mode in the server management console.

An administrator account for working in the management console of a server (admin) has unlimited access to data on that server. The password of the administrator account for working in the server management console must be strong. The administrator must independently ensure the security of the server. The administrator bears responsibility for access to data stored on servers.

An account with the Administrator role can add, enable and disable program user accounts, and change the passwords of program administrator accounts and web interface user accounts. In distributed solution and multitenancy mode, user accounts are managed on the PCN.

The local administrator account of the program web interface is intended for employees of your organization who need to manage Kaspersky Anti Targeted Attack Platform. When signing in to the program under this account, you will see all sections of the web interface that are available to a user with the Administrator role.

The administrator account of the program web interface allows to manage the program, however, unlike the local administrator account of the program web interface, such accounts are not allowed to manage PCN and SCN servers or organizations in the Cluster management section.

The Security officer and Senior security officer roles are intended for employees of your organization who are tasked with working with events and tasks of Kaspersky Anti Targeted Attack Platform. When signing in to the program under accounts with these roles, you will see all sections of the web interface that are available to security officers. All operations are available to users with the Senior security officer role. The restrictions of users with the Security officer role are presented in the table below.

Access restrictions of program users with the Security officer role

Functional scope / Section of the web interface	Restrictions
Dashboard	Widgets of VIP group events are not available. It is not possible to use a link on the widget to go to the Alerts section.
Alerts	The following actions are not available: Viewing information about an alert. Marking the completion of VIP group alert processing. Performing operations on multiple alerts. Exporting the list of all alerts.
Threat Hunting	Events that are associated with hosts from VIP group alerts are not available.
Tasks	No access.
Prevention	No access.
User rules	Read access.
Storage	There is no access to objects that are placed in Storage as a result of tasks. Full access to objects that were manually downloaded by the user.
Endpoint Agents	Access to view tables of computers with the Endpoint Agent component, and restrictions on viewing data on tasks, policies, and network isolation.
Network isolation of hosts	No access.
Reports	No access.
Program settings: IOC scanning schedule	Read access.
Program settings: Endpoint Agents	Read access.
Program settings: KPSN reputation database	No access.
Program settings: Notifications	No access to rules for sending notifications about alerts. Full access to rules for sending notifications about problems in program operation.
Program settings: VIP status	Read access.
User rules: YARA	Access only to export rules.
Program settings: TAA exceptions	Access to read and export.
Program settings: Passwords to archives	No access.
Program settings: License	Read access.

If you are using distributed solution and multitenancy mode, access to organizations and web interface of the SCN server can be allowed or blocked for each account.