Delineating access rights to tenants

This procedure only relates to Kaspersky Security Center. In MDR Web Console, you can set access to tenants when inviting or editing users.

You may want to delineate access rights to tenants for a user (or multiple users) of Kaspersky Security Center. This will ensure that the user (or users) of Kaspersky Security Center can view the assets and incidents related only to the specified tenants. This is achieved by creating a separate virtual Administration Server for every tenant you need restricted access to.

To configure a virtual Administration Server for the tenant:

In MDR Web Console, create a refresh token, and then save the token's sequence of characters to the clipboard.
While creating a refresh token, specify a tenant for which you want to give access.
In Kaspersky Security Center Web Console, create a virtual Administration Server, and then specify the administrator(s) for it.
In Kaspersky Security Center Web Console, log in to the created virtual Administration Server as the administrator specified in the previous step.
On the authorization screen, click the Advanced settings button. The Virtual Administration Server field appears.
Navigate to the Monitoring & reporting → MDR section.
The MDR section opens.
On the Getting started tab, insert the token created in the first step into the Insert token field in the lower part of the window.
Click the Apply button in the lower part of the window.

From now on, only an administrator who is logged in to the created virtual Administration Server can see the assets and incidents related to the specified tenant.