About access rights to the settings of policies and tasks in Kaspersky Security Center
Kaspersky Security Center provides role-based access to features of managed Kaspersky applications. The rights to access the settings of policies and tasks (read, write, and execute) are defined for each user who has access to the Kaspersky Security Center Administration Server. You can assign user accounts rights to perform certain actions in functional areas of the Kaspersky Security solution.
A single functional scope is allocated for the Kaspersky Security solution: Basic functionality. This functional scope includes the following settings and functions:
Settings for connecting SVMs to the Integration Server.
Settings for connecting Light Agents to SVMs.
SNMP monitoring settings.
Settings for using KSN in the operation of the Protection Server.
Additional Protection Server settings.
Task for activating the Kaspersky Security solution.
Task or rolling back the solution databases, and a task for rolling back the latest database update.
Task for updating the solution's application modules on SVMs.
The following actions are available to the user regardless of account rights in the functional areas of the Kaspersky Security solution:
Viewing the settings of policies.
Creating a policy.
When creating a policy, the user can configure only settings related to the functional scopes for which the user account has modification rights.
To perform the following actions with policies and tasks, the user account must have rights in the functional areas of the Kaspersky Security solution:
Reconfiguration of a previously saved policy requires read and modification rights within the functional scopes of those settings.
Modifying the status of a policy (active/inactive) and removing the policy requires read and modification rights within the functional scopes of the policy settings closed with a "lock". If a policy has settings that are "locked" (in other words, these settings cannot be changed in child policies), and the user does not have read and modify rights within the functional scopes of these settings, the policy state cannot be deleted or modified. If a policy does not have settings for which it is prohibited to modify a parameter in child policies, the user can delete or modify the status of the policy regardless of the account's rights within the functional scopes of the solution.
Creation, removal, and configuration of the settings of tasks require read and modification rights within the functional scope of the task.
Viewing task settings requires read permissions within the functional scope of the task.
Execution rights within the functional scope of a task are required to run the task.
For more details on access rights to Kaspersky Security Center objects and on configuring access rights to functional areas of Kaspersky Security, see the Kaspersky Security Center Help.