[KB6827] Create a new user account in ESET Security Management Center Web Console (7.x)

Issue

ESET business product in Limited Support status

This article applies to an ESET product version that is currently in Limited Support status and is scheduled to reach End of Life status soon.

For a complete list of supported products and support level definitions, review the ESET End of Life Policy for business products.

Upgrade ESET business products.

  • Create a new user in ESET Security Management Center 7

Details

ESET Remote Administrator 6.5 and ESET Security Management Center 7 use an improved user security model which is different from previous versions. The user security model uses home groups, objects and permission sets. 

Each user belongs to a Home Group, and can have multiple permission sets assigned. The Administrator's Home Group is All. If a user has access to a group, the user has the same access also to all child groups of that group. That is why Administrator can access all groups.

A user's Home group is a static group where all objects created by the user are stored. A user has access to all objects in their home group Users with the same home group will have access to the same objects. Objects are always located in a static group.  The term Objects refers to computers, devices, templates, policies, tasks, notifications, etc. 

Permission Sets configure the access level for a specific group and determine the actions (Functionalities) which can be performed with the objects in the group.

This article provides a complete walkthrough guide for creating new users, including home group and permission set creation.

Solution

  1. Create a home group
  2. Create a permission set
  3. Create a user

I. Create a home group

Each user needs to have a static group assigned as their home group. This group will contain all objects created by that user (unless the object is moved or the home group is changed). It is recommended that only the Administrator has the All home group. Multiple users can have the same static group assigned as their home group. An administrator that manages multiple offices can create a static group for each office and assign it as the home group for the local admin. All groups are child groups of the All group, therefore the Administrator with the All home group has access to all of them. 

To create a new static group to be the home group for a new user, follow these steps:

  1. Open ESET Security Management Web Console (ESMC Web Console) in your web browser and log in. Click Computers, click the gear icon next to the static group you want to use as parent group and select New Static Group

    ESMC 7.1 / 7.0 users: The New Static Group option is available under More > Groups.

Figure 1-1
Click the image to view larger in new window

  1. Type the Name of the new group. Optionally, you can add a Description. It is very important to choose the correct Parent group. Your new group will be located in the parent group and all users with access to the parent group will also have the same access to this new group. Click Finish to create the group.

Figure 1-2
Click the image to view larger in new window

II. Create a permission set

A permission set is a collection of rules that determines the level of interaction a user is allowed to have with the objects in the group the permission set is associated with. One permission set can be assigned to different users, but it is not necessary to assign it to a user at this time. Permission sets can be associated with multiple static groups. A permission set will automatically be applied to the objects in the subgroups of the static groups you select. Be sure to select a static group at the level of access you want your user to have. The objects in all groups below the static group you select wil also be affected. The permissions for this permission set will be assigned in the Functionality section.

To create a new permission set, follow these steps:

  1. Open ESET Security Management Web Console (ESMC Web Console) in your web browser and log in. Click MorePermission Sets → New.

Figure 2-1
Click the image to view larger in new window

  1. Type the name of the new permission set in the Name field. Optionally, you can type a Description.

Figure 2-2
Click the image to view larger in new window

  1. Click Static Groups  Add static group(s) and select the checkboxes next to the static groups that will be associated with this permission set. Select the group you created in part I. Click OK to confirm your choice.

Figure 2-3
Click the image to view larger in new window

  1. Click Functionality. You can select one of pre-defined permission models or manually select the access level for the user that will be assigned to this set. There are three different access levels: Read, Use and Write. Cick the   icon next to Server Tasks & Triggers and Client Tasks to expand the categories and select permissions for specific tasks. Read more about the functionalities in this Online Help topic.

Figure 2-4
Click the image to view larger in new window

  1. Click User Groups. If you want to assign this permission set to a group of users synchronized from your Active Directory, click Add user group(s). It is not necessary to add a user group. User groups are managed in Computer Users.

Figure 2-5
Click the image to view larger in new window

  1. Click the Users section. You can assign this permission set to an existing user or to an existing Mapped Doman Security Group. Click Finish to create and save the new permission set.

Figure 2-6
Click the image to view larger in new window

III. Create a user

It is recommended to create a user as the last step so they can be assigned to the correct home group and permission set.  

  1. Navigate to More → Users and click Add New.

Figure 3-1
Click the image to view larger in new window

  1. In the Basic section, type the new login name for the user in the User field.

  2. Click Select under Home group and select the group you created in the part I. Users can only be assigned to one home group.

  3. Type a secure password in the Password fields. This password will be required for the new user to login. Optionally, you can setup more settings in the Account section.

Figure 3-2
Click the image to view larger in new window

  1. Click Permission Sets. Select the check box next to the unassigned permission sets you just created in Section II.

  2. Review the settings in the Summary section. Click Finish to create the user. The user is created and can log in to the ESMC Web Console.

Figure 3-3
Click the image to view larger in new window