Permissions to configure group policies
Kaspersky Security Center administrators can configure the access rights of Administration Console users for different application functions, depending on the job duties of users.
For each functional area, the administrator can assign the following permissions:
- Allow editing. The Administration Console user is allowed to change the policy settings in the properties window.
- Block editing. The Administration Console user is prohibited from changing the policy settings in the properties window. Policy tabs belonging to the functional scope for which this right has been assigned are not displayed in the interface.
Permissions to access sections of the Kaspersky Endpoint Security for Android Administration Plug-in
Functional scope
Policies section
Android work profile
Android work profile
Anti-Theft
Anti-Theft
App Control
App Control
Protection
Scan, Protection, Database update
Compliance Control
Compliance Control
Device Management
Device Management, Synchronization
Manage Samsung device
APN, Manage Samsung device, KNOX containers, Firewall
System management
Additional, Wi-Fi
Web Protection
Web Protection
Device owner mode
Feature restrictions, Google Chrome settings, Exchange ActiveSync, Kiosk mode, NDES and SCEP
Permissions to access sections of the Kaspersky Device Management for iOS Administration Plug-in
Functional scope
Policies section
Additional
Web clips, Fonts, AirPlay, AirPrint
Exchange ActiveSync
General, Password, Synchronization, Features restrictions, Applications restrictions
General
General, Single Sign-On, Web Protection, Wi-Fi, Access Point Name (APN), Exchange ActiveSync, Email, Custom Payloads
LDAP (calendar / contacts)
LDAP, Calendar, Contacts, Calendar subscriptions
Limitations and security
Feature Restriction, Restrictions for Applications, Restrictions for Media Content, Password, VPN, Global HTTP proxy, Certificates, SCEP
