Jump to content
Kaspersky Support Forum

KSC User Rights

Hamid Ali
 Share
Go to solution Solved by intrusus,

Recommended Posts

intrusus

intrusus

Posted
Posted
Hey Hamid Ali, if you want to use a role created by Kaspersky you can assign the specific user the user role "Auditor". It permits all operations with all types of reports, all viewing operations, including viewing deleted objects (grants the Read and Modify permissions in the Deleted objects area). It does not permit other operations. Here's what you gotta do if you want to create a user role only for reports:
  1. Go to the properties of the Administration Server (right click -> Properties)
  2. Go to the menu item "User roles" in the properties of the Administration Server.
  3. Add a new user role by clicking on "Add...".
  4. Name the user role e.g. "User for reports".
  5. Click on "Edit" to view the properties of the user role.
  6. Go to Permissions and check the Allow box at "Access objects independently of their ACLs"* and "Forced report management".**
You can actively forbid the rest or leave the other columns empty. Then press OK. Go to "Security" in the properties of the Administration Server and add the corresponding Windows user. At the bottom right you can assign him your new role. Remember that the user must not be in the domain group of KLAdmins, Domain Administrators or KLOperators. Otherwise your created role will be overwritten. More information about user rights in KSC: https://help.kaspersky.com/KSC/11/en-US/89264.htm Have fun! :metal_tone2: Leon * I am not sure if it's possible without this permission to view reports somehow. When i unchecked this box, I got the error: insufficient permissions. ** i use the german version of KSC, the name of the specific properties could differ. Please excuse this. Look at the Screenshot for a better understanding.
Link to comment
Share on other sites
Hamid Ali

Hamid Ali

Posted
  • Author
Posted
Hey Hamid Ali, if you want to use a role created by Kaspersky you can assign the specific user the user role "Auditor". It permits all operations with all types of reports, all viewing operations, including viewing deleted objects (grants the Read and Modify permissions in the Deleted objects area). It does not permit other operations. Here's what you gotta do if you want to create a user role only for reports:
  1. Go to the properties of the Administration Server ( right click -> Properties)
  2. Go to the menu item "User roles" in the properties of the Administration Server.
  3. Add a new user role by clicking on " Add...".
  4. Name the user role e.g. "User for reports".
  5. Click on "Edit" to view the properties of the user role.
  6. Go to Permissions and check the Allow box at "Access objects independently of their ACLs"* and "Forced report management".**
You can actively forbid the rest or leave the other columns empty. Then press OK. Go to "Security" in the properties of the Administration Server and add the corresponding Windows user. At the bottom right you can assign him your new role. Remember that the user must not be in the domain group of KLAdmins, Domain Administrators or KLOperators. Otherwise your created role will be overwritten. More information about user rights in KSC: https://help.kaspersky.com/KSC/11/en-US/89264.htm Have fun! :metal_tone2: Leon * I am not sure if it's possible without this permission to view reports somehow. When i unchecked this box, I got the error: insufficient permissions. ** i use the german version of KSC, the name of the specific properties could differ. Please excuse this. Look at the Screenshot for a better understanding.
Thank you very much for your response. I reckon this feature options are for KSC 11. Could you please guide me according to KSC 10.5. Thanks
Link to comment
Share on other sites
intrusus

intrusus

Posted
Posted
Hi, I can build it for you in the lab and send you a step-by-step guide in this thread. Keep in mind that the members (except the Kaspersky Lab staff) are volunteers and we have to prioritize the work in our own companies. Therefore, there may always be delays in replies. :wink: Best regards Leon
Link to comment
Share on other sites
Hamid Ali

Hamid Ali

Posted
  • Author
Posted
Hi, I can build it for you in the lab and send you a step-by-step guide in this thread. Keep in mind that the members (except the Kaspersky Lab staff) are volunteers and we have to prioritize the work in our own companies. Therefore, there may always be delays in replies. :wink: Best regards Leon
Thank you very much and highly appreciated efforts and passion of yours (Y) . I know its not easy to volunteer but your interest and passion is great. Surely you can take your time for this query i can wait for this. Thanks
Link to comment
Share on other sites
intrusus

intrusus

Posted
Posted
Hi, sorryfor my late answer. In KSC 10 you can only give a user or a group limited access to the reports, because in contrast to the new KSC version there is no own authorization option for reports only. However, you can implement your idea a little differently: You can only give the user or group read-only permissions to the KSC, but that also means that they cannot create or modify reports. I would advise you to upgrade to the new KSC 11 in the near future. We moved internally manually, so we didn't do a real upgrade on the same server to avoid bugs and are moving our clients one by one to the new administration server. However, here's the guide on how to create a read-only KSC user:[spoiler]1. Configure the KSC 10 interface by click on "View" and then on "Display security settings section". Restart the administration console after that. 2. Go to the properties of the administration server and there on "Security". 3. Add an internal or Windows user and modify his rights at Basic functionality to "Read". Also, if you set the "Modify" to the right, the user can also change other objects on the Administration Server.[/spoiler] I know the answer doesn't satisfy you 100%. Either you trust the user and give him or her permission to edit objects or you leave it at "read-only". Kind regards, Leon
Link to comment
Share on other sites
Hamid Ali

Hamid Ali

Posted
  • Author
Posted
Hi, sorryfor my late answer. In KSC 10 you can only give a user or a group limited access to the reports, because in contrast to the new KSC version there is no own authorization option for reports only. However, you can implement your idea a little differently: You can only give the user or group read-only permissions to the KSC, but that also means that they cannot create or modify reports. I would advise you to upgrade to the new KSC 11 in the near future. We moved internally manually, so we didn't do a real upgrade on the same server to avoid bugs and are moving our clients one by one to the new administration server. However, here's the guide on how to create a read-only KSC user:[spoiler]1. Configure the KSC 10 interface by click on "View" and then on "Display security settings section". Restart the administration console after that. 2. Go to the properties of the administration server and there on "Security". [/spoiler]3. Add an internal or Windows user and modify his rights at Basic functionality to "Read". Also, if you set the "Modify" to the right, the user can also change other objects on the Administration Server.I know the answer doesn't satisfy you 100%. Either you trust the user and give him or her permission to edit objects or you leave it at "read-only". Kind regards, Leon
Dear Leon, Perfectly demonstrated. Thanks Yeah you said it right that by giving MODIFY rights can achieve my target to change the options of report, but this also allow the user to modify admin server components. So as mentioned by you "Either you trust the user and give him or her permission to edit objects or you leave it at "read-only". So i have to choose between these. So this means there is no other option than this ? Except i can upgrade to KSC 11. Thanks
Link to comment
Share on other sites
  • Solution
intrusus

intrusus

Posted
  • Solution
Posted
So, this is quote from the official release notes of KSC 11:
Additionally detailed the administrator rights. To run a report, you now need only the read permission in the "Reports management" area. A separate permissions area named "Management of administration groups" has been added to the "General features".
This means in fact that there was actually no option to display and edit reports in KSC 10 only. Just install the new KSC 11 on a new server and install the new Network Agents from there (as I said, we didn't do an in-place upgrade, but of course you can do that, too). Then you have the possibility to grant permission for reports and test the KSC 11 first instead of using it productively. Have a nice week, Leon
Link to comment
Share on other sites
Hamid Ali

Hamid Ali

Posted
  • Author
Posted
So, this is quote from the official release notes of KSC 11:
Additionally detailed the administrator rights. To run a report, you now need only the read permission in the "Reports management" area. A separate permissions area named "Management of administration groups" has been added to the "General features".
This means in fact that there was actually no option to display and edit reports in KSC 10 only. Just install the new KSC 11 on a new server and install the new Network Agents from there (as I said, we didn't do an in-place upgrade, but of course you can do that, too). Then you have the possibility to grant permission for reports and test the KSC 11 first instead of using it productively. Have a nice week, Leon
Dear Leon, Thank you very much for your interest and help in this regard. Appreciated !!!
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...