Restricting access to functions of the Kaspersky Security Management Suite web plug-in
If a Kaspersky Security Center user is not granted sufficient rights to access application functions, or the standard Kaspersky Security Center role is not assigned, the user cannot work in Kaspersky Security Center Web Console.
You can configure Kaspersky Security Center user rights to access application functions in the following ways:
- Configure rights of each user or user group separately.
- Create standard Kaspersky Security Center roles with preconfigured sets of rights and assign these roles to users depending on their duties.
A role is a preconfigured set of rights to access Kaspersky Security Management Suite functions, which you can assign to users. We recommend configuring role access rights according to typical tasks and duties of users. Once a user has been assigned a role, they gain access to the functions they require to fulfill their duties.
For details on configuring role-based access, see the Configuring access rights to application features. Role-based access control section of the Kaspersky Security Center Online Help Guide.
In addition to the standard Kaspersky Security Center roles, you can also assign users the following standard roles for managing Kaspersky Thin Client functions:
- Security Officer. This role has permissions to view all sections of Kaspersky Security Management Suite and to manage Kaspersky Thin Client certificates. You can assign this role to an employee in charge of the information security in your enterprise.
- Administrator. This role has permissions to view all sections of Kaspersky Security Management Suite and manage remote desktop connection settings, general settings, system settings, and Kaspersky Thin Client data. You can assign this role to an employee responsible for supporting and administering information systems in your organization.
- Advanced administrator. This role has permissions to view and manage all sections of Kaspersky Security Management Suite and manage certificates, remote desktop connection settings, general settings, system settings, and Kaspersky Thin Client data. You can assign this role to an employee who is responsible for supporting and administering information systems in your organization, and is in charge of the information security in your organization.
The table below describes the functions available to a user depending on their assigned role for managing Kaspersky Thin Client. For functions marked with the 
icon, the corresponding Kaspersky Thin Client settings can be changed through the Web Console. All roles can view the Kaspersky Thin Client settings pertaining to all functions through the Web Console.
Kaspersky Thin Client management functions available in the Web Console depending on the user role
Function | Security Officer | Administrator | Advanced administrator |
|---|---|---|---|
Managing certificates in a Kaspersky Security Management Suite policy |
| – |
|
Configuring settings for connecting to remote desktops in a Kaspersky Security Management Suite policy | – |
|
|
Configuring general settings in a Kaspersky Security Management Suite policy | – |
|
|
Managing system settings in a Kaspersky Security Management Suite policy | – |
|
|
Managing Kaspersky Thin Client data in a Kaspersky Security Management Suite policy | – |
|
|
