Kaspersky Next XDR Expert
1.1.9
Working with Open Single Management Platform  >  Managing users and user roles  >  Configuring access rights to application features. Role-based access control  >  Access rights to application features

Access rights to application features

The table below shows the Open Single Management Platform features with the access rights to manage the associated tasks, reports, settings, and perform the associated user actions.

To perform the user actions listed in the table, a user has to have the right specified next to the action.

Read, Write, and Execute rights are applicable to any task, report, or setting. In addition to these rights, a user has to have the Perform operations on device selections right to manage tasks, reports, or settings on device selections.

The General features: Access objects regardless of their ACLs functional area is intended for audit purposes. When users are granted Read rights in this functional area, they get full Read access to all objects and are able to execute any created tasks on selections of devices connected to the Administration Server via Network Agent with local administrator rights (root for Linux). We recommend to carefully grant these rights to a limited set of users who need them to perform their official duties.

All tasks, reports, settings, and installation packages that are missing in the table belong to the General features: Basic functionality functional area.

Access rights to application features

Functional area

Right

User action: right required to perform the action

Task

Report

Other

General features: Management of administration groups

Write
  • Add device to an administration group: Write
  • Delete device from an administration group: Write
  • Add an administration group to another administration group: Write
  • Delete an administration group from another administration group: Write

None

None

None

General features: Access objects regardless of their ACLs

Read

Get read access to all objects: Read

None

None

Access is granted regardless of other rights, even if they prohibit read access to specific objects.

General features: Basic functionality
  • Read
  • Write
  • Execute
  • Perform operations on device selections
  • Device moving rules (create, modify, or delete) for the virtual Server: Write, Perform operations on device selections
  • Get Mobile (LWNGT) protocol custom certificate: Read
  • Set Mobile (LWNGT) protocol custom certificate: Write
  • Get NLA-defined network list: Read
  • Add, modify, or delete NLA-defined network list: Write
  • View Access Control List of groups: Read
  • View the operating system log: Read
  • "Download updates to the Administration Server repository"
  • "Deliver reports"
  • "Distribute installation package"
  • "Install application on secondary Administration Servers remotely"
  • "Report on protection status"
  • "Report on threats"
  • "Report on most heavily infected devices"
  • "Report on status of anti-virus databases"
  • "Report on errors"
  • "Report on network attacks"
  • "Summary report on perimeter defense applications installed"
  • "Summary report on types of applications installed"
  • "Report on users of infected devices"
  • "Report on incidents"
  • "Report on events"
  • "Report on activity of distribution points"
  • "Report on secondary Administration Servers"
  • "Report on Device Control events"
  • "Report on prohibited applications"
  • "Report on Web Control"
  • "Report on encryption status of managed devices"
  • "Report on encryption status of mass storage devices"
  • "Report on rights to access encrypted drives"
  • "Report on file encryption errors"
  • "Report on blockage of access to encrypted files"
  • "Report on effective user permissions"
  • "Report on rights"

None

General features: Deleted objects
  • Read
  • Write
  • View deleted objects in the Recycle Bin: Read
  • Delete objects from the Recycle Bin: Write

None

None

None

General features: Event processing
  • Delete events
  • Edit event notification settings
  • Edit event logging settings
  • Write
  • Change events registration settings: Edit event logging settings
  • Change events notification settings: Edit event notification settings
  • Delete events: Delete events

None

None

Settings:

  • The maximum number of events stored in the database
  • Period of time for storing events from the deleted devices

General features: Operations on Administration Server
  • Read
  • Write
  • Execute
  • Modify object ACLs
  • Perform operations on device selections
  • Specify ports of Administration Server for the network agent connection: Write
  • Specify ports of Activation Proxy launched on the Administration Server: Write
  • Specify ports of Activation Proxy for Mobile launched on the Administration Server: Write
  • Specify ports of the Web Server for distribution of standalone packages: Write
  • Specify ports of the Web Server for distribution of MDM profiles: Write
  • Specify SSL-ports of the Administration Server for connection via Web Console: Write
  • Specify ports of the Administration Server for mobile connection: Write
  • Specify the maximum number of events stored in the Administration Server database: Write
  • Specify the maximum number of events that can be sent by the Administration Server: Write
  • Specify time period during which events can be sent by the Administration Server: Write
  • "Backup of Administration Server data"
  • "Databases maintenance"

None

None

General features: Kaspersky software deployment
  • Manage Kaspersky patches
  • Read
  • Write
  • Execute
  • Perform operations on device selections

Approve or decline installation of the patch: Manage Kaspersky patches

None
  • "Report on license key usage by virtual Administration Server"
  • "Report on Kaspersky software versions"
  • "Report on incompatible applications"
  • "Report on versions of Kaspersky software module updates"
  • "Report on protection deployment"

Installation package:

"Kaspersky"

General features: Key management
  • Export key file
  • Write
  • Export key file: Export key file
  • Modify Administration Server license key settings: Write

None

None

None

General features: Enforced report management
  • Read
  • Write
  • Create reports regardless of their ACLs: Write
  • Execute reports regardless of their ACLs: Read

None

None

None

General features: Hierarchy of Administration Servers

Configure hierarchy of Administration Servers
  • Register, update, or delete secondary Administration Servers: Configure hierarchy of Administration Servers

None

None

None

General features: User permissions

Modify object ACLs
  • Change Security properties of any object: Modify object ACLs
  • Manage user roles: Modify object ACLs
  • Manage internal users: Modify object ACLs
  • Manage security groups: Modify object ACLs
  • Manage aliases: Modify object ACLs

None

None

None

General features: Virtual Administration Servers
  • Manage virtual Administration Servers
  • Read
  • Write
  • Execute
  • Perform operations on device selections
  • Get list of virtual Administration Servers: Read
  • Get information on the virtual Administration Server: Read
  • Create, update, or delete a virtual Administration Server: Manage virtual Administration Servers
  • Move a virtual Administration Server to another group: Manage virtual Administration Servers
  • Set administration virtual Server permissions: Manage virtual Administration Servers

None

None

None

General features: Encryption Key Management

Write

Import the encryption keys: Write

None

None

None

System management: Vulnerability and patch management
  • Read
  • Write
  • Execute
  • Perform operations on device selections
  • View third-party patch properties: Read
  • Change third-party patch properties: Write
  • "Fix vulnerabilities"
  • "Install required updates and fix vulnerabilities"

"Report on software updates"

None

Article ID: 203748, Last review: Dec 9, 2024
Page top