Functional area
|
Right
|
User action: right required to perform the action
|
Task
|
Report
|
Other
|
General features: Management of administration groups
|
Modify
|
- Add device to an administration group: Modify
- Delete device from an administration group: Modify
- Add an administration group to another administration group: Modify
- Delete an administration group from another administration group: Modify
|
None
|
None
|
None
|
General features: Access objects regardless of their ACLs
|
Read
|
Get read access to all objects: Read
|
None
|
None
|
None
|
General features: Basic functionality
|
- Read
- Modify
- Execute
- Perform operations on device selections
|
- Device moving rules (create, modify, or delete) for the virtual Server: Modify, Perform operations on device selections
- Get Mobile (LWNGT) protocol custom certificate: Read
- Set Mobile (LWNGT) protocol custom certificate: Write
- Get NLA-defined network list: Read
- Add, modify, or delete NLA-defined network list: Modify
- View Access Control List of groups: Read
- View the Kaspersky Event Log: Read
|
- "Download updates to the Administration Server repository"
- "Deliver reports"
- "Distribute installation package"
- "Install application on secondary Administration Servers remotely"
|
- "Report on protection status"
- "Report on threats"
- "Report on most heavily infected devices"
- "Report on status of anti-virus databases"
- "Report on errors"
- "Report on network attacks"
- "Summary report on mail system protection applications installed"
- "Summary report on perimeter defense applications installed"
- "Summary report on types of applications installed"
- "Report on users of infected devices"
- "Report on incidents"
- "Report on events"
- "Report on activity of distribution points"
- "Report on Secondary Administration Servers"
- "Report on Device Control events"
- "Report on vulnerabilities"
- "Report on prohibited applications"
- "Report on Web Control"
- "Report on encryption status of managed devices"
- "Report on encryption status of mass storage devices"
- "Report on file encryption errors"
- "Report on blockage of access to encrypted files"
- "Report on rights to access encrypted devices"
- "Report on effective user permissions"
- "Report on rights"
|
None
|
General features: Deleted objects
|
|
- View deleted objects in the Recycle Bin: Read
- Delete objects from the Recycle Bin: Modify
|
None
|
None
|
None
|
General features: Event processing
|
- Delete events
- Edit event notification settings
- Edit event logging settings
- Modify
|
- Change events registration settings: Edit event logging settings
- Change events notification settings: Edit event notification settings
- Delete events: Delete events
|
None
|
None
|
Settings:
- Virus outbreak settings: number of virus detections required to create a virus outbreak event
- Virus outbreak settings: period of time for evaluation of virus detections
- The maximum number of events stored in the database
- Period of time for storing events from the deleted devices
|
General features: Operations on Administration Server
|
- Read
- Modify
- Execute
- Modify object ACLs
- Perform operations on device selections
|
- Specify ports of Administration Server for the network agent connection: Modify
- Specify ports of Activation Proxy launched on the Administration Server: Modify
- Specify ports of Activation Proxy for Mobile launched on the Administration Server: Modify
- Specify ports of the Web Server for distribution of standalone packages: Modify
- Specify ports of the Web Server for distribution of MDM profiles: Modify
- Specify SSL ports of the Administration Server for connection via Kaspersky Security Center Web Console: Modify
- Specify ports of the Administration Server for mobile connection: Modify
- Specify the maximum number of events stored in the Administration Server database: Modify
- Specify the maximum number of events that can be sent by the Administration Server: Modify
- Specify time period during which events can be sent by the Administration Server: Modify
|
- "Backup of Administration Server data"
- "Databases maintenance"
|
None
|
None
|
General features: Kaspersky software deployment
|
- Manage Kaspersky patches
- Read
- Modify
- Execute
- Perform operations on device selections
|
Approve or decline installation of the patch: Manage Kaspersky patches
|
None
|
- "Report on license key usage by virtual Administration Server"
- "Report on Kaspersky software versions"
- "Report on incompatible applications"
- "Report on versions of Kaspersky software module updates"
- "Report on protection deployment"
|
Installation package: "Kaspersky"
|
General features: Key management
|
|
- Export key file: Export key file
- Modify Administration Server license key settings: Modify
|
None
|
None
|
None
|
General features: Enforced report management
|
|
- Create reports regardless of their ACLs: Write
- Execute reports regardless of their ACLs: Read
|
None
|
None
|
None
|
General features: Hierarchy of Administration Servers
|
Configure hierarchy of Administration Servers
|
Register, update, or delete secondary Administration Servers: Configure hierarchy of Administration Servers
|
None
|
None
|
None
|
General features: User permissions
|
Modify object ACLs
|
- Change Security properties of any object: Modify object ACLs
- Manage user roles: Modify object ACLs
- Manage internal users: Modify object ACLs
- Manage security groups: Modify object ACLs
- Manage aliases: Modify object ACLs
|
None
|
None
|
None
|
General features: Virtual Administration Servers
|
- Manage virtual Administration Servers
- Read
- Modify
- Execute
- Perform operations on device selections
|
- Get list of virtual Administration Servers: Read
- Get information on the virtual Administration Server: Read
- Create, update, or delete a virtual Administration Server: Manage virtual Administration Servers
- Move a virtual Administration Server to another group: Manage virtual Administration Servers
- Set administration virtual Server permissions: Manage virtual Administration Servers
|
None
|
"Report on results of installation of third-party software updates"
|
None
|
Mobile device management: General
|
- Connect new devices
- Send only information commands to mobile devices
- Send commands to mobile devices
- Manage certificates
- Read
- Modify
|
- Get Key Management Service restore data: Read
- Delete user certificates: Manage certificates
- Get user certificate public part: Read
- Check if Public Key Infrastructure is enabled: Read
- Check Public Key Infrastructure account: Read
- Get Public Key Infrastructure templates: Read
- Get Public Key Infrastructure templates by Extended Key Usage certificate: Read
- Check if Public Key Infrastructure certificate is revoked: Read
- Update user certificate issuance settings: Manage certificates
- Get user certificate issuance settings: Read
- Get packages by application name and version: Read
- Set or cancel user certificate: Manage certificates
- Renew user certificate: Manage certificates
- Set user certificate tag: Manage certificates
- Run generation of MDM installation package; cancel generation of MDM installation package: Connect new devices
|
None
|
None
|
None
|
System management: Connectivity
|
- Start RDP sessions
- Connect to existing RDP sessions
- Initiate tunneling
- Save files from devices to the administrator's workstation
- Read
- Modify
- Execute
- Perform operations on device selections
|
- Create desktop sharing session: The right to create desktop sharing session
- Create RDP session: Connect to existing RDP sessions
- Create tunnel: Initiate tunneling
- Save content network list: Save files from devices to the administrator's workstation
|
None
|
"Report on device users"
|
None
|
System management: Hardware inventory
|
- Read
- Modify
- Execute
- Perform operations on device selections
|
- Get or export hardware inventory object: Read
- Add, set or delete hardware inventory object: Write
|
None
|
- "Report on hardware registry"
- "Report on configuration changes"
- "Report on hardware"
|
None
|
System management: Network access control
|
|
- View CISCO settings: Read
- Change CISCO settings: Write
|
None
|
None
|
None
|
System management: Operating system deployment
|
- Deploy PXE servers
- Read
- Modify
- Execute
- Perform operations on device selections
|
- Deploy PXE servers: Deploy PXE servers
- View a list of PXE servers: Read
- Start or stop the installation process on PXE clients: Execute
- Manage drivers for WinPE and operating system images: Modify
|
"Create installation package upon reference device OS image"
|
None
|
Installation package: "OS Image"
|
System management: Vulnerability and patch management
|
- Read
- Modify
- Execute
- Perform operations on device selections
|
- View third-party patch properties: Read
- Change third-party patch properties: Modify
|
- "Perform Windows Update synchronization"
- "Install Windows Update updates"
- "Fix vulnerabilities"
- "Install required updates and fix vulnerabilities"
|
"Report on software updates"
|
None
|
System management: Remote installation
|
- Read
- Modify
- Execute
- Perform operations on device selections
|
- View third-party Vulnerability and Patch Management based installation package properties: Read
- Change third-party Vulnerability and Patch Management based installation package properties: Modify
|
None
|
None
|
Installation packages:
- "Custom application"
- "VAPM package"
|
System management: Software inventory
|
- Read
- Modify
- Execute
- Perform operations on device selections
|
None
|
None
|
- "Report on installed applications"
- "Report on applications registry history"
- "Report on status of licensed applications groups"
- "Report on third-party software license keys"
|
None
|