Role-based access control (RBAC) is used to restrict access to application functions. The role of an application user account determines the set of actions available to the user. The following roles are provided for application user accounts:
A user with this role has all the access rights necessary to administer the application, manage its operation, perform monitoring, and view information. This user can also access functions for managing user accounts created in the application.
It is recommended to assign this role to employees who are responsible for the security of the industrial facility. A user with this role has the access rights necessary to monitor the system and manage registered events and incidents. This user has the capability to initiate response actions in the application.
It is recommended to assign this role to employees who are responsible for the infrastructure of the industrial facility (network equipment, workstations, and others). A user with this role has the access rights necessary to receive information about devices and their interactions and to configure allow rules.
It is recommended to assign this role to employees who are responsible for the operation of the control system at the industrial facility. A user with this role has the access rights necessary to monitor industrial network assets and device-related risks. To update the employee's available information about devices, SCADA and PLC projects, this user has the capability to configure and run security audit jobs.
It is recommended to assign this role to employees who are security system operators. A user with this role has the minimum set of access rights necessary for monitoring and viewing information. This user also has the capability to assign Active statuses to events and incidents based on their processing results.
The Administrator role is assigned to the first user account that is created during startup configuration of the application.
When adding subsequent user accounts, you can assign the appropriate roles to them. You can create up to 100 user accounts for users of the application (not counting users that are configured for Single Sign-On from Kaspersky Security Center).
When connected to the Server, users receive the access privileges corresponding to the role of their user account. If the role of an application user is changed by another user (who has been assigned the Administrator role) while the user is working, the access rights of the connected user are updated in online mode. For example, a user that has connected to the Server with the Administrator role will lose the rights to access application management functions after the Operator role is assigned to their user account.
Only users with the Administrator role can manage user accounts and view their information. Information about user accounts created in the application is displayed under Settings → Users in the Kaspersky Industrial CyberSecurity for Networks web interface.
Page top