Access rights for managing Kaspersky Security
May 15, 2024
ID 99946
Kaspersky Security installation and management are based on the access rights granted to the account under which all actions on the application are performed. The rights required for various actions with Kaspersky Security are listed below.
Rights for Kaspersky Security
The account under which Kaspersky Security services will be run, must have the following set of rights:
- Local administrator rights on the SharePoint servers on which Kaspersky Security is to be installed
- Rights to modify the SharePoint configuration
- Rights to website collections that require protection using Kaspersky Security
You can grant rights to modify the SharePoint configuration and rights to website collections that require protection using one of two methods: manually or with a script.
Rights for installing Kaspersky Security
The account under which you run the application installation, must have the following set of rights:
- Local administrator rights on the computer on which Kaspersky Security is to be installed
- Rights for creating groups in Active Directory
Without the rights for creating groups in Active Directory, the application cannot create role-based control groups automatically. If these rights have not been granted to the account, you have to create role-based control groups manually.
- using rights for SQL database preparation.
Rights for SQL database preparation
Kaspersky Security uses the SQL database to store Backup configuration files and data. You can provide the account selected for SQL database preparation with access to the database using one of the following methods:
- Assign the account the sysadmin role on the SQL server (on which a database for Kaspersky Security management already exists or is to be created).
Users with the sysadmin role can perform any actions on the SQL server. If the user account has been assigned the sysadmin role, the database is automatically created under this user account when installing the application.
- Assign the account the db_owner role for a database that was created manually.
If the database was created manually before the application installation, you will need to specify this database in the SQL server connection settings during the application installation. Users with the db_owner role can perform any actions on the database.
The account intended for SQL database creation and preparation will be used only when the Application Installation Wizard is running. It will not be used after installation of Kaspersky Security is complete.
Rights for managing Kaspersky Security
The user account under which Kaspersky Security will be managed must have read-write permissions to <application installation folder>\Configurations. By default, the account that has been granted the local administrator rights on the computer, has the read/write access in this folder.
In addition, the user account under which the Management Console is run must be added to the Active Directory group that defines the application user role.
Kaspersky Security cannot be managed without these rights.
