Access rights to application features

The table below shows the Kaspersky Security Center Linux features with the access rights to manage the associated tasks, reports, settings, and perform the associated user actions.

To perform the user actions listed in the table, a user has to have the right specified next to the action.

Read, Write, and Execute rights are applicable to any task, report, or setting. In addition to these rights, a user has to have the Perform operations on device selections right to manage tasks, reports, or settings on device selections.

All tasks, reports, settings, and installation packages that are missing in the table belong to the General features: Basic functionality functional area.

Functional area	Right	User action: right required to perform the action	Task	Report	Other
General features: Management of administration groups	Write	Add device to an administration group: Write Delete device from an administration group: Write Add an administration group to another administration group: Write Delete an administration group from another administration group: Write	None	None	None
General features: Access objects regardless of their ACLs	Read	Get read access to all objects: Read	None	None	The General features: Access objects regardless of their ACLs functional area is intended for audit purposes. When users are granted Read rights in this functional area, they get full Read access to all objects and are able to execute any created tasks on selections of devices connected to the Administration Server via Network Agent with local administrator rights (root for Linux). We recommend granting these rights carefully and to a limited set of users who need them to perform their official duties. Access is granted regardless of other rights, even if they prohibit read access to specific objects.
General features: Basic functionality	Read Write Execute Perform operations on device selections	Device moving rules (create, modify, or delete) for the virtual Server: Write, Perform operations on device selections Get Mobile (LWNGT) protocol custom certificate: Read Set Mobile (LWNGT) protocol custom certificate: Write Get NLA-defined network list: Read Add, modify, or delete NLA-defined network list: Write View Access Control List of groups: Read View the operating system log: Read View the recovery key to restore access to a hard drive encrypted by BitLocker: Execute	"Download updates to the Administration Server repository" "Deliver reports" "Distribute installation package" "Install application on secondary Administration Servers remotely"	"Report on protection status" "Report on threats" "Report on most heavily infected devices" "Report on status of anti-virus databases" "Report on errors" "Report on network attacks" "Summary report on mail system protection applications installed" "Summary report on workstation protection and Windows Server protection applications installed" "Summary report on perimeter defense applications installed" "Summary report on types of applications installed" "Report on users of infected devices" "Report on security issues" "Report on events" "Report on activity of distribution points" "Report on secondary Administration Servers" "Report on Device Control events" "Report on vulnerabilities" "Report on prohibited applications" "Report on Web Control" "Report on encryption status of managed devices" "Report on encryption status of mass storage devices" "Report on rights to access encrypted drives" "Report on file encryption errors" "Report on blockage of access to encrypted files" "Report on effective user permissions" "Report on rights"	None
General features: Deleted objects	Read Write	View deleted objects in the Recycle Bin: Read Delete objects from the Recycle Bin: Write	None	None	None
General features: Event processing	Delete events Edit event notification settings Edit event logging settings Write	Change events registration settings: Edit event logging settings Change events notification settings: Edit event notification settings Delete events: Delete events	None	None	Settings: The maximum number of events stored in the database Period of time for storing events from the deleted devices
General features: Operations on Administration Server	Read Write Execute Modify object ACLs Perform operations on device selections	Specify ports of Administration Server for the network agent connection: Write Specify ports of Activation Proxy launched on the Administration Server: Write Specify ports of Activation Proxy for Mobile launched on the Administration Server: Write Specify ports of the Web Server for distribution of standalone packages: Write Specify ports of the Web Server for distribution of MDM profiles: Write Specify SSL-ports of the Administration Server for connection via Web Console: Write Specify ports of the Administration Server for mobile connection: Write Specify the maximum number of events stored in the Administration Server database: Write Specify the maximum number of events that can be sent by the Administration Server: Write Specify time period during which events can be sent by the Administration Server: Write	"Backup of Administration Server data" "Databases maintenance"	None	None
General features: Kaspersky software deployment	Manage Kaspersky patches Read Write Execute Perform operations on device selections	Approve or decline installation of the patch: Manage Kaspersky patches	None	"Report on license key usage by virtual Administration Server" "Report on Kaspersky software versions" "Report on incompatible applications" "Report on versions of Kaspersky software module updates" "Report on protection deployment"	Installation package: "Kaspersky"
General features: Key management	Export key file Write	Export key file: Export key file Modify Administration Server license key settings: Write	None	None	None
General features: Enforced report management	Read Write	Create reports regardless of their ACLs: Write Execute reports regardless of their ACLs: Read	None	None	None
General features: Hierarchy of Administration Servers	Configure hierarchy of Administration Servers	Register, update, or delete secondary Administration Servers: Configure hierarchy of Administration Servers	None	None	None
General features: User permissions	Modify object ACLs	Change Security properties of any object: Modify object ACLs Manage user roles: Modify object ACLs Manage internal users: Modify object ACLs Manage security groups: Modify object ACLs Manage aliases: Modify object ACLs	None	None	None
General features: Virtual Administration Servers	Manage virtual Administration Servers Read Write Execute Perform operations on device selections	Get list of virtual Administration Servers: Read Get information on the virtual Administration Server: Read Create, update, or delete a virtual Administration Server: Manage virtual Administration Servers Move a virtual Administration Server to another group: Manage virtual Administration Servers Set administration virtual Server permissions: Manage virtual Administration Servers	None	None	None
General features: Encryption Key Management	Write	Import the encryption keys: Write	None	None	None
Mobile device management: General	Connect new devices Send only information commands to mobile devices Send commands to mobile devices Manage certificates Read Write	Get Key Management Service restore data: Read Delete user certificates: Manage certificates Get user certificate public part: Read Check if Public Key Infrastructure is enabled: Read Check Public Key Infrastructure account: Read Get Public Key Infrastructure templates: Read Get Public Key Infrastructure templates by Extended Key Usage certificate: Read Check if Public Key Infrastructure certificate is revoked: Read Update user certificate issuance settings: Manage certificates Get user certificate issuance settings: Read Get packages by application name and version: Read Set or cancel user certificate: Manage certificates Renew user certificate: Manage certificates Set user certificate tag: Manage certificates Run generation of MDM installation package; cancel generation of MDM installation package: Connect new devices	None	None	None
System management: Connectivity	Start RDP sessions Connect to existing RDP sessions Initiate tunneling Save files from devices to the administrator's workstation Read Write Execute Perform operations on device selections	Create desktop sharing session: The right to create desktop sharing session Create RDP session: Connect to existing RDP sessions Create tunnel: Initiate tunneling Save content network list: Save files from devices to the administrator's workstation	None	"Report on device users"	None
System management: Vulnerability and patch management	Read Write Execute Perform operations on device selections	View third-party patch properties: Read Change third-party patch properties: Write	"Fix vulnerabilities" "Install required updates and fix vulnerabilities"	"Report on software updates"	None
System management: Execute scripts remotely	Read Write Execute Perform operations on device selections	User can view the task properties: Read User can create, delete or modify an installation package: Write User can run a task: Write. On client Linux devices scripts are executed with root privileges. User can run a task or schedule it to run: Execute User can run a task on a selection of devices: Perform operations on device selections	"Execute scripts remotely"	None	None

Page top