Solution
ESET Security Management Center (ESMC) Users
This article also applies to ESMC users with version 7.x.
In order to be able to perform tasks in the ESET PROTECT Web Console or ESET PROTECT Cloud Web Console, a user needs to have the appropriate access rights assigned to their home group. Each user has an assigned permission set that defines the scope of their access level to various objects.
Below is a list of example tasks and the permission sets the user needs to be assigned in order to successfully perform the task.
Generate a report
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Reports and Dashboard |
✓ |
✓ |
✓ |
Send Email |
|
✓ |
|
Generate Report (under Server Tasks & Triggers) |
✓ |
✓ |
✓ |
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
✓ |
|
Deploy ESET Management Agent using Agent Live Installer
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Stored Installers |
✓ |
✓ |
✓ |
A user must have the following permissions for the group that contains the modified object:
Functionality |
Read |
Use |
Write |
Certificates |
✓ |
✓ |
|
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
✓ |
✓ |
Deploy ESET Management Agent using All-in-one installer
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Stored Installers |
✓ |
✓ |
✓ |
Policies (select only if there are explicitly specified policies) |
✓ |
✓ |
|
A user must have the following permissions for the group that contains the modified object:
Functionality |
Read |
Use |
Write |
Certificates |
✓ |
✓ |
|
Licenses |
✓ |
✓ |
|
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
✓ |
✓ |
Deploy the ESET Endpoint Product
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Client tasks |
✓ |
✓ |
✓ |
A user must have the following permissions for the group that contains the modified object:
Functionality |
Read |
Use |
Write |
Licenses |
✓ |
✓ |
|
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
✓ |
|
Run a Client Task
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Client tasks (all Client Tasks or only the selected one(s)) |
✓ |
✓ |
✓ |
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
✓ |
|
Create or edit a policy
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Policies |
✓ |
✓ |
✓ |
Assign or unassign a policy
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Policies |
✓ |
✓ |
|
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
✓ |
|
Request configuration of the ESET product on the managed computer
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Export Managed Products Configuration (under Client Tasks) |
✓ |
✓ |
✓ |
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
✓ |
|
Create and generate notifications
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Notifications |
✓ |
|
✓ |
Send Email (to distribute notifications via email) |
|
✓ |
|
Send SNMP Trap (to distribute notifications via SNMP Trap) |
|
✓ |
|
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
|
|
Edit ESET PROTECT Server settings
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Server Settings |
✓ |
|
✓ |
Add or edit users
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
All Groups (or a selected user group) |
✓ |
✓ |
✓ |
Send a file to ESET Dynamic Threat Defense
View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality |
Read |
Use |
Write |
Send File to EDTD (under Client Tasks) |
✓ |
✓ |
✓ |
A user must have the following permissions for each affected object:
Functionality |
Read |
Use |
Write |
Groups & Computers |
✓ |
✓ |
|