Assigning access rights to users and groups
You can give users and groups access rights to use different features of Administration Server and of the Kaspersky applications for which you have management plug-ins, for example, Kaspersky Endpoint Security for Linux.
To assign access rights to a user or a group of users:
- In the main menu, click the settings icon (
) next to the name of the required Administration Server.The Administration Server properties window opens.
- On the Access rights tab, select the check box next to the name of the user or the security group to whom to assign rights, and then click the Access rights button.
You cannot select multiple users or security groups at the same time. If you select more than one item, the Access rights button will be disabled.
- Configure the set of rights for the user or group:
- Expand the node with features of Administration Server or other Kaspersky application.
- Select the Allow or Deny check box next to the feature or the access right that you want.
Example 1: Select the Allow check box next to the Application integration node to grant all available access rights to the Application integration feature (Read, Write, and Execute) for a user or group.
Example 2: Expand the Encryption key management node, and then select the Allow check box next to the Write permission to grant the Write access right to the Encryption key management feature for a user or group.
- After you configure the set of access rights, click OK.
The set of rights for the user or group of users will be configured.
The permissions of the Administration Server (or the administration group) are divided into the following areas:
- General features:
- Management of administration groups (only for Kaspersky Security Center Linux 11 or later)
- Access objects regardless of their ACLs (only for Kaspersky Security Center Linux 11 or later)
- Basic functionality
- Deleted objects (only for Kaspersky Security Center Linux 11 or later)
- Encryption Key Management
- Event processing
- Operations on Administration Server (only in the property window of Administration Server)
- Kaspersky software deployment
- License key management
- Application integration
- Enforced report management
- Hierarchy of Administration Servers
- User permissions
- Virtual Administration Servers
- Mobile Device Management:
- General
- Self Service Portal
- System Management:
- Connectivity
- Hardware inventory
- Network Access Control
- Operating system deployment
- Remote installation
- Software inventory
If neither Allow nor Deny is selected for an access right, then the access right is considered undefined: it is denied until it is explicitly denied or allowed for the user.
The rights of a user are the sum of the following:
- User's own rights
- Rights of all the roles assigned to this user
- Rights of all the security group to which the user belongs
- Rights of all the roles assigned to the security groups to which the user belongs
If at least one of these sets of rights has Deny for a permission, then the user is denied this permission, even if other sets allow it or leave it undefined.
