Assigning permissions to users and groups
You can give users and groups permissions to use different features of Administration Server and of the Kaspersky programs for which you have management plug-ins, for example, Kaspersky Endpoint Security for Windows.
To assign permissions to a user or a group of users:
- In the console tree, do one of the following:
- Expand the Administration Server node and select the subfolder with the name of the required Administration Server.
- Select the administration group.
- In the context menu of the Administration Server or the administration group, select Properties.
- In the Administration Server properties window (or the administration group properties window) that opens, in the left Sections pane select Security.
The Security section is available if the Display security settings sections check box is selected in the interface settings window.
- In the Security section, in the Names of groups or users list select a user or a group.
- In the permissions list in the lower part of the workspace, on the Rights tab configure the set of rights for the user or group:
- Click the plus signs (+) to expand the nodes in the list and gain access to the permissions.
- Select the Allow and Deny check boxes next to the permissions that you want.
Example 1: Expand the Access objects regardless of their ACLs node or Deleted objects node, and select Read.
Example 2: Expand the Basic functionality node, and select Write.
- When you have configured the set of rights, click Apply.
The set of rights for the user or group of users will be configured.
The permissions of the Administration Server (or the administration group) are divided into the following areas:
- General features:
- Management of administration groups (only for Kaspersky Security Center 11 or later)
- Access objects regardless of their ACLs (only for Kaspersky Security Center 11 or later)
- Basic functionality
- Deleted objects (only for Kaspersky Security Center 11 or later)
- Event processing
- Operations on Administration Server (only in the property window of Administration Server)
- Deploy Kaspersky applications
- License key management
- Enforced report management (only for Kaspersky Security Center 11 or later)
- Hierarchy of Servers
- User rights
- Virtual Administration Servers
- Mobile Device Management:
- General
- System Management:
- Connectivity
- Hardware inventory
- Network Access Control
- Deploy operating system
- Manage vulnerabilities and patches
- Remote installation
- Software inventory
If neither Allow nor Deny is selected for a permission, then the permission is considered undefined: it is denied until it is explicitly denied or allowed for the user.
The rights of a user are the sum of the following:
- User's own rights
- Rights of all the roles assigned to this user
- Rights of all the security group to which the user belongs
- Rights of all the roles assigned to the security groups to which the user belongs
If at least one of these sets of rights has Deny for a permission, then the user is denied this permission, even if other sets allow it or leave it undefined.
