Role-based access restriction in Kaspersky Security for SharePoint Server
May 15, 2024
ID 82114
Kaspersky Security for SharePoint Server allows you to apply role-based access to manage users. A unique group of access rights corresponds to each of the roles in Kaspersky Security. Roles allow you to grant users rights to use Kaspersky Security depending on their respective tasks.
A role is assigned to a user by adding the user account to an Active Directory group. A user can combine multiple roles. In this case, the account must be added to the Active Directory groups, which correspond to those roles. The user will be granted access rights in accordance with the roles assigned.
The table below shows the names and descriptions of roles, names of Active Directory groups corresponding to those roles, and a list of nodes, which are displayed in the Management Console for each role.
Description of roles in Kaspersky Security
Role | Description | Active Directory group | Nodes in Management Console |
Administrator | Members of this group have top-priority rights to use Kaspersky Security for SharePoint Server. Members of this group monitor the operation of Kaspersky Security components, application database updates, and the protection status on SharePoint servers. Members of this group can grant other users restricted rights to use Kaspersky Security. | Ksh Administrators |
|
Anti-Virus Security Officer | Members of this group have rights to view the protection status on SharePoint servers and generate application reports. Members of this group also have restricted rights to handle objects that have been moved to Backup. Member of this group can view the application configuration, but they have no rights to edit or save the settings. | Ksh AV Security Officers |
|
Security Officer | Members of this group have rights to manage data leakage protection through Kaspersky Security. Rights of this group do not intersect rights of other groups. | Ksh Security Officers |
|
Anti-Virus Security Operator | Members of this group have minimum rights to use Kaspersky Security. Members of this group can view the protection status on SharePoint servers and generate application reports. | Ksh AV Operators |
|
You can create Active Directory groups manually before installing Kaspersky Security. If the account under which Kaspersky Security is being installed, has the rights to create groups in Active Directory, groups will be created automatically when installing the application. In this case, the user account under which the application is installed will be automatically added to the Ksh Administrators and Ksh Security Officers groups. If groups are automatically created in Active Directory, the Ksh Administrators group has rights to edit Ksh AV Security Officers and Ksh AV Operators.
Role assignment in Kaspersky Security through Active Directory groups applies to all servers of the SharePoint farm.
