Configuring role-based access control
Kaspersky Security Center Web Console provides facilities for role-based access to the features of Kaspersky Secure Mobility Management.
You can configure access rights to application features for Kaspersky Secure Mobility Management in one of the following ways:
- By configuring the rights for each user or group of users individually.
- By creating standard user roles with a predefined set of rights and assigning those roles to users depending on their scope of duties.
Application of user roles is intended to simplify and shorten routine procedures of configuring users' access rights to application features. Access rights within a role are configured in accordance with the standard tasks and the users' scope of duties.
User roles can be assigned names that correspond to their respective purposes. You can create an unlimited number of roles in the application. You can use the predefined user roles with already configured set of rights, or create new roles and configure the required rights yourself.
For detailed information on configuring user access in Kaspersky Security Center, refer to the Kaspersky Security Center Help.
Some of the predefined user roles are not authorized to work with mobile devices. The predefined user roles which are available for the Kaspersky Secure Mobility Management features are listed in the table below.
Predefined user roles for Kaspersky Secure Mobility Management
Role |
Read |
Write |
License key management: create policies and modify license key settings |
Vulnerability and patch management: view unaccepted EULAs and accept EULAs |
|---|---|---|---|---|
Kaspersky Endpoint Security Administrator |
+ |
+ |
- |
- |
Kaspersky Endpoint Security Operator |
+ |
- |
- |
- |
Main Administrator |
+ |
+ |
- |
- |
Main Operator |
+ |
- |
- |
- |
Mobile Device Management Administrator |
+ |
+ |
+ |
+ |
Mobile Device Management Operator |
+ |
- |
- |
- |
For detailed information on predefined user roles, refer to the Kaspersky Security Center Help.
Access rights to Kaspersky Secure Mobility Management features
Functional area |
Right |
|---|---|
Kaspersky Mobile Devices Protection and Management > Kaspersky Security Center Web Console > App configuration |
Please note, to configure the Web Protection and Web Control settings, the administrator must have the Read and Write rights for both the Protection and Security controls functional areas. |
Kaspersky Mobile Devices Protection and Management > Kaspersky Security Center Web Console > Security controls |
|
Kaspersky Mobile Devices Protection and Management > Kaspersky Security Center Web Console > Corporate container |
|
Kaspersky Mobile Devices Protection and Management > Kaspersky Security Center Web Console > Device configuration |
|
Kaspersky Mobile Devices Protection and Management > Kaspersky Security Center Web Console > Configuration of Kaspersky device management apps |
|
Kaspersky Mobile Devices Protection and Management > Kaspersky Security Center Web Console > Protection |
|
Kaspersky Mobile Devices Protection and Management > Kaspersky Security Center Web Console > Restrictions |
|
Kaspersky Mobile Devices Protection and Management > Kaspersky Security Center Web Console > Samsung Knox settings |
Mobile Device Management access rights
Right |
User action: right required to perform the action |
|---|---|
Mobile Device Management > General > Read |
|
Mobile Device Management > General > Write |
|
Mobile Device Management > General > Connect new devices |
|
Mobile Device Management > General > Manage certificates |
The Write right must also be granted. |
Mobile Device Management > General > Send only information commands to mobile devices |
|
Mobile Device Management > General > Send commands to mobile devices |
|