Role-based access restriction in Kaspersky Security for SharePoint Server

Kaspersky Security for SharePoint Server supports the roles of Administrator and Security Officer. Roles restrict users' rights of access to the application's features. The Administrator and the Security Officer use different features of the application to achieve their respective goals. The functions of these two roles do not overlap.

Two different sets of nodes are displayed Kaspersky Security Management Console for the Administrator and for the Security Officer. The table below lists the main tasks for the Administrator and for the Security Officer, as well as nodes displayed in Management Console for these two roles.

Main tasks of Kaspersky Security roles

Role

Main tasks

Nodes in Management Console

Administrator
  • Configuring the anti-virus protection;
  • Configuring content filtering;
  • Scanning servers for viruses and unwanted content;
  • Application licensing;
  • Detecting false positives;
  • Reducing the workload on SharePoint servers.
  • Control Center;
  • On-access scan;
  • On-demand scan;
  • Content filtering;
  • Backup;
  • Updates;
  • Notifications;
  • Reports;
  • Settings;
  • Licensing.

Security Officer
  • Detecting confidential data on portals;
  • Protection of confidential data;
  • Data leak prevention;
  • Processing possible leakage incidents.
  • Protection from Data leaks;
  • Categories and policies;
  • Incidents;
  • Search;
  • Reports.

Roles are assigned by adding a user account to one of the following Active Directory groups:

You can create those groups manually before installing Kaspersky Security. If the account under which Kaspersky Security is being installed, has the rights to create groups in Active Directory, groups will be created automatically when installing the application.

A user can combine the roles of Administrator and Security Officer. In this case, the user will have access to all of the application's features. If a user needs to combine both roles and use all of the features of Kaspersky Security, the corresponding account should be added to both groups in Active Directory. The account of the user who has installed the application will be added to both groups in Active Directory. Role assignment with the KSH Administrators and KSH Security Officers groups apply to all servers in a SharePoint farm.

Page top