The table below shows the Kaspersky Security Center features with the access rights to manage the associated tasks, reports, settings, and perform the associated user actions.
To perform the user actions listed in the table, a user has to have the right specified next to the action.
All tasks, reports, settings, and installation packages that are missing in the table belong to the General features: Basic functionality functional area.
Functional area
|
Right
|
User action: right required to perform the action
|
Task
|
Report
|
Other
|
General features: Management of administration groups
|
Write
|
- Add device to an administration group: Write
- Delete device from an administration group: Write
- Add an administration group to another administration group: Write
- Delete an administration group from another administration group: Write
|
None
|
None
|
None
|
General features: Access objects regardless of their ACLs
|
Read
|
Get read access to all objects: Read
|
None
|
None
|
Access is granted regardless of other rights, even if they prohibit read access to specific objects.
|
General features: Basic functionality
|
- Read
- Write
- Execute
- Perform operations on device selections
|
- Device moving rules (create, modify, or delete) for the virtual Server: Write, Perform operations on device selections
- Get Mobile (LWNGT) protocol custom certificate: Read
- Set Mobile (LWNGT) protocol custom certificate: Write
- Get NLA-defined network list: Read
- Add, modify, or delete NLA-defined network list: Write
- View Access Control List of groups: Read
- View the Kaspersky Event Log: Read
|
- "Download updates to the Administration Server repository"
- "Deliver reports"
- "Distribute installation package"
- "Install application on secondary Administration Servers remotely"
|
- "Report on protection status"
- "Report on threats"
- "Report on most heavily infected devices"
- "Report on status of anti-virus databases"
- "Report on errors"
- "Report on network attacks"
- "Summary report on mail system protection applications installed"
- "Summary report on perimeter defense applications installed"
- "Summary report on types of applications installed"
- "Report on users of infected devices"
- "Report on incidents"
- "Report on events"
- "Report on activity of distribution points"
- "Report on Secondary Administration Servers"
- "Report on Device Control events"
- "Report on vulnerabilities"
- "Report on prohibited applications"
- "Report on Web Control"
- "Report on encryption status of managed devices"
- "Report on encryption status of mass storage devices"
- "Report on file encryption errors"
- "Report on blockage of access to encrypted files"
- "Report on rights to access encrypted devices"
- "Report on effective user permissions"
- "Report on rights"
|
None
|
General features: Deleted objects
|
|
- View deleted objects in the Recycle Bin: Read
- Delete objects from the Recycle Bin: Write
|
None
|
None
|
None
|
General features: Event processing
|
- Delete events
- Edit event notification settings
- Edit event logging settings
- Write
|
- Change events registration settings: Edit event logging settings
- Change events notification settings: Edit event notification settings
- Delete events: Delete events
|
None
|
None
|
Settings:
- Virus outbreak settings: number of virus detections required to create a virus outbreak event
- Virus outbreak settings: period of time for evaluation of virus detections
- The maximum number of events stored in the database
- Period of time for storing events from the deleted devices
|
General features: Operations on Administration Server
|
- Read
- Write
- Execute
- Modify object ACLs
- Perform operations on device selections
|
- Specify ports of Administration Server for the network agent connection: Write
- Specify ports of Activation Proxy launched on the Administration Server: Write
- Specify ports of Activation Proxy for Mobile launched on the Administration Server: Write
- Specify ports of the Web Server for distribution of standalone packages: Write
- Specify ports of the Web Server for distribution of MDM profiles: Write
- Specify SSL ports of the Administration Server for connection via Kaspersky Security Center Web Console: Write
- Specify ports of the Administration Server for mobile connection: Write
- Specify the maximum number of events stored in the Administration Server database: Write
- Specify the maximum number of events that can be sent by the Administration Server: Write
- Specify time period during which events can be sent by the Administration Server: Write
|
- "Backup of Administration Server data"
- "Databases maintenance"
|
None
|
None
|
General features: Kaspersky software deployment
|
- Manage Kaspersky patches
- Read
- Write
- Execute
- Perform operations on device selections
|
Approve or decline installation of the patch: Manage Kaspersky patches
|
None
|
- "Report on license key usage by virtual Administration Server"
- "Report on Kaspersky software versions"
- "Report on incompatible applications"
- "Report on versions of Kaspersky software module updates"
- "Report on protection deployment"
|
Installation package: "Kaspersky"
|
General features: Key management
|
|
- Export key file: Export key file
- Modify Administration Server license key settings: Write
|
None
|
None
|
None
|
General features: Enforced report management
|
|
- Create reports regardless of their ACLs: Write
- Execute reports regardless of their ACLs: Read
|
None
|
None
|
None
|
General features: Hierarchy of Administration Servers
|
Configure hierarchy of Administration Servers
|
Register, update, or delete secondary Administration Servers: Configure hierarchy of Administration Servers
|
None
|
None
|
None
|
General features: User permissions
|
Modify object ACLs
|
- Change Security properties of any object: Modify object ACLs
- Manage user roles: Modify object ACLs
- Manage internal users: Modify object ACLs
- Manage security groups: Modify object ACLs
- Manage aliases: Modify object ACLs
|
None
|
None
|
None
|
General features: Virtual Administration Servers
|
- Manage virtual Administration Servers
- Read
- Write
- Execute
- Perform operations on device selections
|
- Get list of virtual Administration Servers: Read
- Get information on the virtual Administration Server: Read
- Create, update, or delete a virtual Administration Server: Manage virtual Administration Servers
- Move a virtual Administration Server to another group: Manage virtual Administration Servers
- Set administration virtual Server permissions: Manage virtual Administration Servers
|
None
|
"Report on results of installation of third-party software updates"
|
None
|
General features: Encryption Key Management
|
Write
|
Import the encryption keys: Write
|
None
|
None
|
None
|
Mobile device management: General
|
- Connect new devices
- Send only information commands to mobile devices
- Send commands to mobile devices
- Manage certificates
- Read
- Write
|
- Get Key Management Service restore data: Read
- Delete user certificates: Manage certificates
- Get user certificate public part: Read
- Check if Public Key Infrastructure is enabled: Read
- Check Public Key Infrastructure account: Read
- Get Public Key Infrastructure templates: Read
- Get Public Key Infrastructure templates by Extended Key Usage certificate: Read
- Check if Public Key Infrastructure certificate is revoked: Read
- Update user certificate issuance settings: Manage certificates
- Get user certificate issuance settings: Read
- Get packages by application name and version: Read
- Set or cancel user certificate: Manage certificates
- Renew user certificate: Manage certificates
- Set user certificate tag: Manage certificates
- Run generation of MDM installation package; cancel generation of MDM installation package: Connect new devices
|
None
|
None
|
None
|
System management: Connectivity
|
- Start RDP sessions
- Connect to existing RDP sessions
- Initiate tunneling
- Save files from devices to the administrator's workstation
- Read
- Write
- Execute
- Perform operations on device selections
|
- Create desktop sharing session: The right to create desktop sharing session
- Create RDP session: Connect to existing RDP sessions
- Create tunnel: Initiate tunneling
- Save content network list: Save files from devices to the administrator's workstation
|
None
|
"Report on device users"
|
None
|
System management: Hardware inventory
|
- Read
- Write
- Execute
- Perform operations on device selections
|
- Get or export hardware inventory object: Read
- Add, set or delete hardware inventory object: Write
|
None
|
- "Report on hardware registry"
- "Report on configuration changes"
- "Report on hardware"
|
None
|
System management: Network access control
|
|
- View CISCO settings: Read
- Change CISCO settings: Write
|
None
|
None
|
None
|
System management: Operating system deployment
|
- Deploy PXE servers
- Read
- Write
- Execute
- Perform operations on device selections
|
- Deploy PXE servers: Deploy PXE servers
- View a list of PXE servers: Read
- Start or stop the installation process on PXE clients: Execute
- Manage drivers for WinPE and operating system images: Write
|
"Create installation package upon reference device OS image"
|
None
|
Installation package: "OS Image"
|
System management: Vulnerability and patch management
|
- Read
- Write
- Execute
- Perform operations on device selections
|
- View third-party patch properties: Read
- Change third-party patch properties: Write
|
- "Perform Windows Update synchronization"
- "Install Windows Update updates"
- "Fix vulnerabilities"
- "Install required updates and fix vulnerabilities"
|
"Report on software updates"
|
None
|
System management: Remote installation
|
- Read
- Write
- Execute
- Perform operations on device selections
|
- View third-party Vulnerability and patch management based installation package properties: Read
- Change third-party Vulnerability and patch management based installation package properties: Write
|
None
|
None
|
Installation packages:
- "Custom application"
- "VAPM package"
|
System management: Software inventory
|
- Read
- Write
- Execute
- Perform operations on device selections
|
None
|
None
|
- "Report on installed applications"
- "Report on applications registry history"
- "Report on status of licensed applications groups"
- "Report on third-party software license keys"
|
None
|
System management: Execute scripts remotely
|
- Read
- Write
- Execute
- Perform operations on device selections
|
User can view the task properties: Read
User can create, delete or modify an installation package: Write
User can run a task: Write. On client Linux devices scripts are executed with root privileges.
User can run a task or schedule it to run: Execute
User can run a task on a selection of devices: Perform operations on device selections
|
"Execute scripts remotely"
|
None
|
None
|