About access rights to the settings of policies and tasks
The rights to access the settings of policies and tasks (read, write, execute) are defined for each user who has access to the Kaspersky Security Center Administration Server. In the Kaspersky Security Center Administration Console, you can grant user accounts the rights to perform certain actions within functional scopes of Kaspersky Security.
Kaspersky Security has the following functional scopes:
Anti-Virus protection. This functional scope includes the following settings and functions:
Enables or disables the anti-virus protection function.
All security level settings in policies:
Scan archives, self-extracting archives and embedded OLE objects.
Scan large compound files.
File scan duration limit.
List of objects to detect.
Action that Kaspersky Security performs when it detects infected files during virtual machine protection.
Scan files on network drives during virtual machine protection.
Enabling and disabling the web address scanning function.
List of web address categories detected by Kaspersky Security.
Action that Kaspersky Security performs if it detects a web address that belongs to one or more of the web address categories selected for detection.
Backup settings.
KSN usage settings.
List of additional protection profiles in a policy.
Assigning or changing the protected infrastructure for a policy.
Assigning protection profiles to VMware virtual infrastructure objects.
Full scan tasks and custom scan tasks.
Basic functionality. This functional scope includes the following settings and functions:
SNMP monitoring settings.
Language of the blocked web address notification that is displayed in the browser on the protected virtual machine.
Intrusion Prevention. This functional scope includes the following settings and functions:
Enabling and disabling the Network Attack Blocker feature.
Action that Kaspersky Security performs when it detects a network attack.
Enabling and disabling Network Activity Scanner for virtual machines.
Action that Kaspersky Security performs when it detects suspicious network activity.
List of application categories whose signs of network activity are detected by Kaspersky Security.
Duration for blocking the IP address from which the network attack or suspicious network activity originated.
Trusted zone. This functional scope includes the following settings and functions:
List of file extensions excluded from protection.
List of file extensions included in the protection scope.
List of folders and files excluded from protection.
List of rules for identifying suspicious network activity that Kaspersky Security does not apply when analyzing traffic of protected virtual machines.
List of network threat protection exclusion rules.
List of web addresses that Kaspersky Security does not block, regardless of the configured web address scan settings.
The following actions are available to the user regardless of the rights of the user account within the functional scopes of Kaspersky Security:
Viewing the settings of policies and tasks.
Creating a policy.
Rights within the functional scopes of Kaspersky Security are required for performing the following actions with policies and tasks:
To reconfigure a previously saved policy, the user account must have modification rights within the functional scopes of those settings.
To modify the status of a policy (active / inactive) or remove a policy, the user account must have modification rights within the functional scopes of all policy settings. If a user account does not have the rights to edit any policy setting, the user cannot remove the policy or change the status of the policy.
To create, remove, or configure the settings of tasks, the user account must have modification rights within the functional scope of the task.
To run a task, the user account must have execution rights within the functional scope of the task.
Access to functional scopes of Kaspersky Security is configured in the properties window of the Kaspersky Security Center Administration Server in the Security section.
By default, the Security section is not displayed in the Administration Server properties window. To enable the display of the Security section, you must select the Display security settings sections check box in the Configure interface window (View → Configure interface menu) and restart the Kaspersky Security Center Administration Console.
For more details on access rights to Kaspersky Security Center objects, please refer to the Kaspersky Security Center documentation.