A device access rule is a group of settings that determine how users can access devices that are installed or connected to the computer. These settings include access to a specific device, an access schedule, and read or write permissions.
To edit a device access rule:
The opened window shows access rules for all devices that are included in the Device Control component classification.
To block or allow access to a device, configure access to the connection bus.
This option lets you configure user rights, permissions, and a schedule for device access.
This opens a window for adding a new device access rule.
A rule has a specific priority. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. Kaspersky Endpoint Security allows to assign priority from 0 to 10,000. The higher the value, the higher the priority. In other words, an entry with the value of 0 has the lowest priority.
For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 1 for the administrators group and assign a priority of 0 for the Everyone group.
The priority of a block rule is higher than the priority of an allow rule. In other words, if a user has been added to multiple groups and the priority of all rules are the same, Kaspersky Endpoint Security regulates device access based on any existing block rule.