Assigning access rights to users and security groups

You can give users and security groups access rights to use different features of Administration Server, for example, Kaspersky Endpoint Security for Linux.

To assign access rights to a user or a security group:

1. In the main menu, click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

2. On the Access rights tab, select the check box next to the name of the user or the security group to whom to assign rights, and then click the Access rights button.

   You cannot select multiple users or security groups at the same time. If you select more than one item, the Access rights button will be disabled.

3. Configure the set of rights for the user or group:
   1. Expand the node with features of Administration Server or other Kaspersky application.
   2. Select the Allow or Deny check box next to the feature or the access right that you want.

      Example 1: Select the Allow check box next to the Application integration node to grant all available access rights to the Application integration feature (Read, Write, and Execute) for a user or group.

      Example 2: Expand the Encryption key management node, and then select the Allow check box next to the Write permission to grant the Write access right to the Encryption key management feature for a user or group.

4. After you configure the set of access rights, click OK.

The set of rights for the user or group of users will be configured.

The permissions of the Administration Server (or the administration group) are divided into the following areas:

• General features:
  • Management of administration groups
  • Access objects regardless of their ACLs
  • Basic functionality
  • Deleted objects
  • Encryption Key Management
  • Event processing
  • Operations on Administration Server (only in the property window of Administration Server)
  • Device tags
  • Kaspersky application deployment
  • License key management
  • Application integration
  • Enforced report management
  • Hierarchy of Administration Servers
  • User permissions
  • Virtual Administration Servers
• Mobile Device Management:
  • General
  • Self Service Portal
• System Management:
  • Connectivity
  • Execute scripts remotely
  • Hardware inventory
  • Network Access Control
  • Operating system deployment
  • Vulnerability and patch management
  • Remote installation
  • Software inventory

If neither Allow nor Deny is selected for an access right, then the access right is considered undefined: it is denied until it is explicitly denied or allowed for the user.

The rights of a user are the sum of the following:

• User's own rights
• Rights of all the roles assigned to this user
• Rights of all the security group to which the user belongs
• Rights of all the roles assigned to the security groups to which the user belongs

If at least one of these sets of rights has Deny for a permission, then the user is denied this permission, even if other sets allow it or leave it undefined.

You can also add users and security groups to the scope of a user role to use different features of Administration Server. Settings associated with a user role will only apply only to devices that belong to users who have this role, and only if these devices belong to groups associated with this role, including child groups.

Page top