[KB7652] Create a new user account in ESET PROTECT On-Prem Web Console

Issue

Solution

Create a new user in ESET PROTECT On-Prem

ESET PROTECT On-Prem uses an improved user security model which is different from previous versions. The user security model uses home groups, objects and permission sets. 

Each user belongs to a Home Group, and can have multiple permission sets assigned. The Administrator's Home Group is All. If the user has access to a group, the user has the same access to all child groups of that group. The Administrator can access all groups.

A user's home group is a static group where all objects created by the user are stored. A user has access to all objects in their home group. Users with the same home group will have access to the same objects. Objects are always located in a static group.  The term Objects refers to computers, devices, templates, policies, tasks, and notifications. 

Permission Sets configure the access level for a specific group and determine the actions (Functionalities) which can be performed with the objects in the group.

This article provides a complete walkthrough for creating new users, including home group and permission set creation. There are three key steps in creating a user:

I. Create a home group

II. Create a permission set

III. Create a user

I. Create a home group

Each user needs to have a static group assigned as their home group. This group will contain all objects created by that user (unless the object is moved or the home group is changed). We recommend that only the Administrator has the All home group. Multiple users can have the same static group assigned as their home group. An administrator that manages multiple offices can create a static group for each office and assign it as the home group for the local admin. All groups are child groups of the All group, therefore the Administrator with the All home group has access to all of them. 

To create a new static group to be the home group for a new user, follow these steps:

  1. Open ESET PROTECT On-Prem Web Console in your web browser and log in.

  2. Click Computers, click the gear icon next to the static group you want to use as a parent group and select New Static Group
Figure 1-1
  1. Type the Name of the new group. Optionally, you can add a Description. It is important to choose the correct Parent group. Your new group will be located in the parent group and all users with access to the parent group will also have the same access to this new group. Click Finish to create the group. 
Figure 1-2

II. Create a permission set

A permission set is a collection of rules that determines the level of interaction a user is allowed to have with the objects in the group the permission set is associated with. One permission set can be assigned to different users, but it is not necessary to assign it to a user at this time. Permission sets can be associated with multiple static groups. A permission set will automatically be applied to the objects in the subgroups of the static groups you select. Be sure to select a static group at the level of access you want your user to have. The objects in all groups below the static group you select will also be affected. The permissions for this permission set will be assigned in the Functionality section.

To create a new permission set, follow these steps:

  1. On the ESET PROTECT On-Prem Web Console, click the More icon ... Permission Sets → New.
Figure 2-1
  1. Type the name of the new permission set in the Name field. Optionally, you can type a Description.
Figure 2-2
  1. Click Static Groups  Add static group(s) and select the check boxes next to the static groups that will be associated with this permission set. Select the group you created in part I and click OK to confirm your choice.
Figure 2-3
  1. Click Functionality. You can select one of the pre-defined permission models or manually select the access level for the user that will be assigned to this set. There are three different access levels: Read, Use and Write. Click the   icon next to Server Tasks & Triggers and Client Tasks to expand the categories and select permissions for specific tasks. Read more about the functionalities in this Online Help topic.
Figure 2-4
  1. Click User Groups. If you want to assign this permission set to a group of users synchronized from your Active Directory, click Add user group(s). It is not necessary to add a user group. User groups are managed in Computer Users.
Figure 2-5
  1. Click the Users section. You can assign this permission set to an existing user or to an existing Mapped Doman Security Group. Click Finish to create and save the new permission set.
Figure 2-6

III. Create a user

We recommend that you create a user as the last step so they can be assigned to the correct home group and permission set.  

  1. On the ESET PROTECT On-Prem Web Console, click the More icon ... → Users and click Add New.
Figure 3-1
  1. In the Basic section, type the new login name for the user in the User field.
  1. Click Select under Home group and select the group you created in part I. Users can only be assigned to one home group. 
  1. Type a secure password in the Password fields. This password will be required for the new user to log in. Optionally, you can set up more settings in the Account section.
Figure 3-2
  1. Click Permission Sets. Select the check box next to the unassigned permission sets you just created in Section II.
     
  2. Review the settings in the Summary section. Click Finish to create the user. The user is created and can log in to the ESET PROTECT On-Prem Web Console. 
Figure 3-3