Access rights for managing Kaspersky Security
Kaspersky Security installation and management are based on the access rights granted to the account under which all actions on the application are performed. The rights required for Kaspersky Security installation and management are listed below.
Rights to manage Kaspersky Security
The account under which Kaspersky Security services will be run, must have the following set of rights:
- Local administrator rights on the SharePoint servers on which Kaspersky Security is to be installed
- Rights to modify the SharePoint configuration
- Rights to website collections that need to be protected with Kaspersky Security
You can grant rights to modify the SharePoint configuration and rights to website collections that need to be protected, using one of the two methods: manually or with a script.
Rights for installing Kaspersky Security
The account under which you run the application installation, must have the following set of rights:
- Local administrator rights on the computer on which Kaspersky Security is to be installed
- Rights for creating groups in Active Directory
Without the rights for creating groups in Active Directory, the application cannot create role-based control groups automatically. If these rights have not been granted to the account, you have to create role-based control groups manually.
- using rights for SQL database preparation.
Rights for SQL database preparation
Kaspersky Security uses the SQL database to store Backup configuration files and data. You can provide the account selected for SQL database preparation with access to the database using one of the following methods:
- Assign the account the sysadmin role on the SQL server (on which a database for Kaspersky Security management already exists or is to be created).
Users with the sysadmin role can perform any actions on the SQL server. If the account has been assigned the sysadmin role, the database can be created automatically during the application installation.
- Assign the account the db_owner role for a database that was created manually.
If the database was created manually before the application installation, you will need to specify this database in the SQL server connection settings during the application installation. Users with the db_owner role can perform any actions on the database.
The account intended for SQL database creation and preparation will be used only when the Application Installation Wizard is running. It will not be used after installation of Kaspersky Security is complete.
Rights for managing Kaspersky Security
The user account under which Kaspersky Security will be manged must have read and write rights to <application installation folder>\Configurations. By default, the account that has been granted the local administrator rights on the computer, has the read/write access in this folder.
Also, the account under which you run Management Console must be added to the Active Directory group, which corresponds to the user role.
Kaspersky Security cannot be managed without these rights.