Predefined user roles

User roles assigned to Kaspersky Security Center Linux users provide them with sets of access rights to application features.

Users created on a virtual Server cannot be assigned a role on the Administration Server.

You can use the predefined user roles with already configured set of rights, or create new roles. When creating a new role, you have to set the role scope and assign access rights to the Kaspersky Security Center Linux features yourself. Some of the predefined user roles available in Kaspersky Security Center Linux can be associated with specific job positions, for example, Auditor, Security Officer, Supervisor. Access rights of these roles are pre-configured in accordance with the standard tasks and scope of duties of the associated positions. The table below shows how roles can be associated with specific job positions.

Examples of roles for specific job positions

Role

Comment

Auditor

Permits all operations with all types of reports, all viewing operations, including viewing deleted objects (grants the Read and Write permissions in the Deleted objects area). Does not permit other operations. You can assign this role to a person who performs the audit of your organization.

Supervisor

Permits all viewing operations; does not permit other operations. You can assign this role to a security officer and other managers in charge of the IT security in your organization.

Security Officer

Permits all viewing operations, permits reports management; grants limited permissions in the System management: Connectivity area. You can assign this role to an officer in charge of the IT security in your organization.

The table below shows the access rights assigned to each predefined user role.

Access rights of predefined user roles

Role

Description

Administration Server Administrator

Permits all operations in the following functional areas:

  • General features:
    • Basic functionality
    • Encryption key management
    • Event processing
    • Hierarchy of Administration Servers
    • Virtual Administration Servers
  • System management:
    • Connectivity
    • Hardware inventory
    • Software inventory

Administration Server Operator

Grants the Read and Execute (where applicable) rights in all of the following functional areas:

  • General features:
    • Basic functionality
    • Encryption key management
    • Virtual Administration Servers
  • System management:
    • Connectivity
    • Hardware inventory
    • Software inventory

Auditor

Permits all operations in the following functional areas, in General features:

  • Access objects regardless of their ACLs
  • Deleted objects
  • Enforced report management

You can assign this role to a person who performs the audit of your organization.

Installation Administrator

Permits all operations in the following functional areas:

  • General features:
    • Basic functionality
    • Kaspersky software deployment
    • License key management
  • System management:
    • Operating system deployment
    • Vulnerability and patch management
    • Remote installation
    • Software inventory

Grants Read and Execute rights in the General features: Virtual Administration Servers functional area.

Installation Operator

Grants the Read and Execute (where applicable) rights in all of the following functional areas:

  • General features:
    • Basic functionality
    • Kaspersky software deployment (also grants the Manage Kaspersky patches right in this area)
    • Virtual Administration Servers
  • System management:
    • Operating system deployment
    • Vulnerability and patch management
    • Remote installation
    • Software inventory

Kaspersky Endpoint Security Administrator

Permits all operations in the following functional areas:

  • General features: Basic functionality
  • General features: Encryption key management
  • Kaspersky Endpoint Security area, including all features

Kaspersky Endpoint Security Operator

Grants the Read and Execute (where applicable) rights in all of the following functional areas:

  • General features: Basic functionality
  • General features: Encryption key management
  • Kaspersky Endpoint Security area, including all features

Main Administrator

Permits all operations in functional areas, except for the following areas, in General features:

  • Access objects regardless of their ACLs
  • Enforced report management

Main Operator

Grants the Read and Execute (where applicable) rights in all of the following functional areas:

  • General features:
    • Basic functionality
    • Deleted objects
    • Encryption Key Management
    • Operations on Administration Server
    • Device tags
    • Kaspersky software deployment
    • Application integration
    • Virtual Administration Servers
  • Mobile Device Management area, including all features
  • System management area, including all features
  • Kaspersky Endpoint Security area, including all features

Mobile Device Management Administrator

Permits all operations in the following functional areas:

  • General features: Basic functionality
  • Mobile Device Management area, including all features

Mobile Device Management Operator

Grants the Read and Execute rights in the General features: Basic functionality.

Grants the Read and Send only information commands to mobile devices rights, in Mobile Device Management:

  • General
  • Self Service Portal

Security Officer

Permits all operations in the following functional areas, in General features:

  • Access objects regardless of their ACLs
  • Enforced report management

Grants the Read, Write, Execute, Save files from devices to the administrator's workstation, and Perform operations on device selections rights in the System management: Connectivity functional area.

You can assign this role to an officer in charge of the IT security in your organization.

Self Service Portal User

Permits all operations in the Mobile Device Management: Self Service Portal functional area.

Supervisor

Grants the Read right in the General features: Access objects regardless of their ACLs and General features: Enforced report management functional areas.

You can assign this role to a security officer and other managers in charge of the IT security in your organization.

Vulnerability and patch management administrator

Permits all operations in the General features: Basic functionality and System management (including all features, except the Execute scripts remotely feature) functional areas.

Vulnerability and patch management operator

Grants the Read and Execute (where applicable) rights in the General features: Basic functionality and System management (including all features, except the Execute scripts remotely feature) functional areas.

Page top