Assigning permissions to users and groups

You can give users and groups permissions to use different features of Administration Server and of the Kaspersky programs for which you have management plug-ins, for example, Kaspersky Endpoint Security for Windows.

To assign permissions to a user or a group of users:

  1. In the console tree, do one of the following:
    • Expand the Administration Server node and select the subfolder with the name of the required Administration Server.
    • Select the administration group.
  2. In the context menu of the Administration Server or the administration group, select Properties.
  3. In the Administration Server properties window (or the administration group properties window) that opens, in the left Sections pane select Security.

    The Security section is available if the Display security settings sections check box is selected in the interface settings window.

  4. In the Security section, in the Names of groups or users list select a user or a group.
  5. In the permissions list in the lower part of the workspace, on the Rights tab configure the set of rights for the user or group:
    1. Click the plus signs (+) to expand the nodes in the list and gain access to the permissions.
    2. Select the Allow and Deny check boxes next to the permissions that you want.

      Example 1: Expand the Access objects regardless of their ACLs node or Deleted objects node, and select Read.

      Example 2: Expand the Basic functionality node, and select Write.

  6. When you have configured the set of rights, click Apply.

The set of rights for the user or group of users will be configured.

The permissions of the Administration Server (or the administration group) are divided into the following areas:

If neither Allow nor Deny is selected for a permission, then the permission is considered undefined: it is denied until it is explicitly denied or allowed for the user.

The rights of a user are the sum of the following:

If at least one of these sets of rights has Deny for a permission, then the user is denied this permission, even if other sets allow it or leave it undefined.

Page top