Jump to content

KSC User Rights


Go to solution Solved by intrusus,

Recommended Posts

Posted
Dear Support, Greetings, Im using KSC Adminstration Server 10.5, i want to assign user a role only for Reporting and customizing the values of Reports. What role or rights should i assign the user ? Thanks
Posted
Hey Hamid Ali, if you want to use a role created by Kaspersky you can assign the specific user the user role "Auditor". It permits all operations with all types of reports, all viewing operations, including viewing deleted objects (grants the Read and Modify permissions in the Deleted objects area). It does not permit other operations. Here's what you gotta do if you want to create a user role only for reports:
  1. Go to the properties of the Administration Server (right click -> Properties)
  2. Go to the menu item "User roles" in the properties of the Administration Server.
  3. Add a new user role by clicking on "Add...".
  4. Name the user role e.g. "User for reports".
  5. Click on "Edit" to view the properties of the user role.
  6. Go to Permissions and check the Allow box at "Access objects independently of their ACLs"* and "Forced report management".**
You can actively forbid the rest or leave the other columns empty. Then press OK. Go to "Security" in the properties of the Administration Server and add the corresponding Windows user. At the bottom right you can assign him your new role. Remember that the user must not be in the domain group of KLAdmins, Domain Administrators or KLOperators. Otherwise your created role will be overwritten. More information about user rights in KSC: https://help.kaspersky.com/KSC/11/en-US/89264.htm Have fun! :metal_tone2: Leon * I am not sure if it's possible without this permission to view reports somehow. When i unchecked this box, I got the error: insufficient permissions. ** i use the german version of KSC, the name of the specific properties could differ. Please excuse this. Look at the Screenshot for a better understanding.
Posted
Hey Hamid Ali, if you want to use a role created by Kaspersky you can assign the specific user the user role "Auditor". It permits all operations with all types of reports, all viewing operations, including viewing deleted objects (grants the Read and Modify permissions in the Deleted objects area). It does not permit other operations. Here's what you gotta do if you want to create a user role only for reports:
  1. Go to the properties of the Administration Server ( right click -> Properties)
  2. Go to the menu item "User roles" in the properties of the Administration Server.
  3. Add a new user role by clicking on " Add...".
  4. Name the user role e.g. "User for reports".
  5. Click on "Edit" to view the properties of the user role.
  6. Go to Permissions and check the Allow box at "Access objects independently of their ACLs"* and "Forced report management".**
You can actively forbid the rest or leave the other columns empty. Then press OK. Go to "Security" in the properties of the Administration Server and add the corresponding Windows user. At the bottom right you can assign him your new role. Remember that the user must not be in the domain group of KLAdmins, Domain Administrators or KLOperators. Otherwise your created role will be overwritten. More information about user rights in KSC: https://help.kaspersky.com/KSC/11/en-US/89264.htm Have fun! :metal_tone2: Leon * I am not sure if it's possible without this permission to view reports somehow. When i unchecked this box, I got the error: insufficient permissions. ** i use the german version of KSC, the name of the specific properties could differ. Please excuse this. Look at the Screenshot for a better understanding.
Thank you very much for your response. I reckon this feature options are for KSC 11. Could you please guide me according to KSC 10.5. Thanks
Posted
It works the same on KSC 10, read this: https://help.kaspersky.com/ksc/sp3/en-US/67895.htm
Posted
It works the same on KSC 10, read this: https://help.kaspersky.com/ksc/sp3/en-US/67895.htm
Thanks for the response. I would highly appreciate if you could please specify which roles and permissions should be used to grant access to Generate reports only and change the settings of report. Thank you very much !!
Posted
Dear Support, Waiting for your response. Thanks
Posted
Hi, I can build it for you in the lab and send you a step-by-step guide in this thread. Keep in mind that the members (except the Kaspersky Lab staff) are volunteers and we have to prioritize the work in our own companies. Therefore, there may always be delays in replies. :wink: Best regards Leon
Posted
Hi, I can build it for you in the lab and send you a step-by-step guide in this thread. Keep in mind that the members (except the Kaspersky Lab staff) are volunteers and we have to prioritize the work in our own companies. Therefore, there may always be delays in replies. :wink: Best regards Leon
Thank you very much and highly appreciated efforts and passion of yours (Y) . I know its not easy to volunteer but your interest and passion is great. Surely you can take your time for this query i can wait for this. Thanks
Posted
Hi, sorryfor my late answer. In KSC 10 you can only give a user or a group limited access to the reports, because in contrast to the new KSC version there is no own authorization option for reports only. However, you can implement your idea a little differently: You can only give the user or group read-only permissions to the KSC, but that also means that they cannot create or modify reports. I would advise you to upgrade to the new KSC 11 in the near future. We moved internally manually, so we didn't do a real upgrade on the same server to avoid bugs and are moving our clients one by one to the new administration server. However, here's the guide on how to create a read-only KSC user:[spoiler]1. Configure the KSC 10 interface by click on "View" and then on "Display security settings section". Restart the administration console after that. 2. Go to the properties of the administration server and there on "Security". 3. Add an internal or Windows user and modify his rights at Basic functionality to "Read". Also, if you set the "Modify" to the right, the user can also change other objects on the Administration Server.[/spoiler] I know the answer doesn't satisfy you 100%. Either you trust the user and give him or her permission to edit objects or you leave it at "read-only". Kind regards, Leon
Posted
Hi, sorryfor my late answer. In KSC 10 you can only give a user or a group limited access to the reports, because in contrast to the new KSC version there is no own authorization option for reports only. However, you can implement your idea a little differently: You can only give the user or group read-only permissions to the KSC, but that also means that they cannot create or modify reports. I would advise you to upgrade to the new KSC 11 in the near future. We moved internally manually, so we didn't do a real upgrade on the same server to avoid bugs and are moving our clients one by one to the new administration server. However, here's the guide on how to create a read-only KSC user:[spoiler]1. Configure the KSC 10 interface by click on "View" and then on "Display security settings section". Restart the administration console after that. 2. Go to the properties of the administration server and there on "Security". [/spoiler]3. Add an internal or Windows user and modify his rights at Basic functionality to "Read". Also, if you set the "Modify" to the right, the user can also change other objects on the Administration Server.I know the answer doesn't satisfy you 100%. Either you trust the user and give him or her permission to edit objects or you leave it at "read-only". Kind regards, Leon
Dear Leon, Perfectly demonstrated. Thanks Yeah you said it right that by giving MODIFY rights can achieve my target to change the options of report, but this also allow the user to modify admin server components. So as mentioned by you "Either you trust the user and give him or her permission to edit objects or you leave it at "read-only". So i have to choose between these. So this means there is no other option than this ? Except i can upgrade to KSC 11. Thanks
  • Solution
Posted
So, this is quote from the official release notes of KSC 11:
Additionally detailed the administrator rights. To run a report, you now need only the read permission in the "Reports management" area. A separate permissions area named "Management of administration groups" has been added to the "General features".
This means in fact that there was actually no option to display and edit reports in KSC 10 only. Just install the new KSC 11 on a new server and install the new Network Agents from there (as I said, we didn't do an in-place upgrade, but of course you can do that, too). Then you have the possibility to grant permission for reports and test the KSC 11 first instead of using it productively. Have a nice week, Leon
Posted
So, this is quote from the official release notes of KSC 11:
Additionally detailed the administrator rights. To run a report, you now need only the read permission in the "Reports management" area. A separate permissions area named "Management of administration groups" has been added to the "General features".
This means in fact that there was actually no option to display and edit reports in KSC 10 only. Just install the new KSC 11 on a new server and install the new Network Agents from there (as I said, we didn't do an in-place upgrade, but of course you can do that, too). Then you have the possibility to grant permission for reports and test the KSC 11 first instead of using it productively. Have a nice week, Leon
Dear Leon, Thank you very much for your interest and help in this regard. Appreciated !!!

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...