Assigning roles to users and groups in a tenant

You can assign XDR roles to the Kaspersky Next XDR Expert users and domain groups to provide them with sets of access rights in a tenant.

To do this, you must have one of the following XDR roles in the tenant in which you want to assign roles to users: Main administrator, SOC Administrator, or Tenant Administrator.

Since tenants are isolated and managed independently from other tenants, only users who have assigned access rights to the tenant can work within this tenant and manage it.

Access rights are inherited down in the hierarchy and cannot be revoked on a lower level of the hierarchy.

New internal user accounts in the OSMP Console become available for addition and role assignment in the tenant within five minutes after the account is created.

The rights of a user are the sum of the user's own rights and the rights of the domain groups to which the user belongs, if any. This is true when the user is included in a group directly or indirectly through the membership in a nested group. For example, if a user is a member of Group A, and this group is nested within Group B, then the user's rights is a combination of the rights assigned to this user, and the rights assigned to Group A and Group B. This means that if you assign rights to Group B, the nested groups and included users inherit these rights. However, in the case of circular group nesting, the members of the circle as well as their child groups do not inherit the rights assigned to their parent groups.

To assign roles to а user or a domain group in a tenant:

  1. In the main menu, go to SettingsTenants.

    The list of tenants is displayed on the screen.

  2. Click the name of the required tenant.

    The tenant's properties window opens.

  3. Go to the Access rights tab, and then select Users or Groups, depending on to whom you want to assign roles.

    The table of users or domain groups is displayed.

  4. If necessary, configure the table:
    • Click the filter icon (), and then specify and apply filter criterion in the invoked menu.

      You cannot apply a filter to the Group roles and Parent group roles columns.

    • Click the settings icon () to configure the columns display.
  5. Click the Add user button or the Add group button, depending on the tab you selected at step 3.
  6. In the window that opens, do the following:
    1. If at step 3 you selected the Users tab, in the User field, enter the user name or email address. If at step 3 you selected the Groups tab, in the Group field, specify the group name.
    2. Select the check boxes next to the roles that you want to assign to the user or the domain group.

      You can select several roles, if necessary.

    3. Click the Add button.

    The window is closed, and the user or the domain group is displayed in the list.

  7. Click the Save button.

The user or the domain group is added to the tenant and assigned roles. If necessary, you can edit the roles by clicking the user or the domain group name, and then performing the actions described at steps 6–7.

Page top