You can give users and groups permissions to use different features of Administration Server and of the Kaspersky programs for which you have management plug-ins, for example, Kaspersky Endpoint Security for Windows.
To assign permissions to a user or a group of users:
In the console tree, do one of the following:
Expand the Administration Server node and select the subfolder with the name of the required Administration Server.
Select the administration group.
In the context menu of the Administration Server or the administration group, select Properties.
In the Administration Server properties window (or the administration group properties window) that opens, in the left Sections pane select Security.
In the Security section, in the Names of groups or users list select a user or a group.
In the permissions list in the lower part of the workspace, on the Rights tab configure the set of rights for the user or group:
Click the plus signs (+) to expand the nodes in the list and gain access to the permissions.
Select the Allow and Deny check boxes next to the permissions that you want.
Example 1: Expand the Access objects regardless of their ACLs node or Deleted objects node, and select Read.
Example 2: Expand the Basic functionality node, and select Write.
When you have configured the set of rights, click Apply.
The set of rights for the user or group of users will be configured.
The permissions of the Administration Server (or the administration group) are divided into the following areas:
General features:
Management of administration groups
Access objects regardless of their ACLs
Basic functionality
Deleted objects
Event processing
Operations on Administration Server (only in the property window of Administration Server)
Deploy Kaspersky applications
License key management
Enforced report management
Hierarchy of Servers
User rights
Virtual Administration Servers
Mobile Device Management:
General
System Management:
Connectivity
Hardware inventory
Network Access Control
Deploy operating system
Manage vulnerabilities and patches
Remote installation
Software inventory
If neither Allow nor Deny is selected for a permission, then the permission is considered undefined: it is denied until it is explicitly denied or allowed for the user.
The rights of a user are the sum of the following:
User's own rights
Rights of all the roles assigned to this user
Rights of all the security group to which the user belongs
Rights of all the roles assigned to the security groups to which the user belongs
If at least one of these sets of rights has Deny for a permission, then the user is denied this permission, even if other sets allow it or leave it undefined.