[KB6968] Required user permission sets for tasks in ESET PROTECT and ESET PROTECT Cloud

Solution

ESET Security Management Center (ESMC) Users

This article also applies to ESMC users with version 7.x.

In order to be able to perform tasks in the ESET PROTECT Web Console or ESET PROTECT Cloud Web Console, a user needs to have the appropriate access rights assigned to their home group. Each user has an assigned permission set that defines the scope of their access level to various objects.

Below is a list of example tasks and the permission sets the user needs to be assigned in order to successfully perform the task.

Generate a report

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Reports and Dashboard
Send Email    
Generate Report (under Server Tasks & Triggers)

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers   

Deploy ESET Management Agent using Agent Live Installer

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Stored Installers

A user must have the following permissions for the group that contains the modified object:

Functionality Read Use Write
Certificates  
A user must have the following permissions for each affected object:
Functionality Read Use Write
Groups & Computers 

Deploy ESET Management Agent using All-in-one installer

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Stored Installers
Policies (select only if there are explicitly specified policies)  

A user must have the following permissions for the group that contains the modified object:

Functionality Read Use Write
Certificates  
Licenses  
A user must have the following permissions for each affected object:
Functionality Read Use Write
Groups & Computers 

Deploy the ESET Endpoint Product

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Client tasks

A user must have the following permissions for the group that contains the modified object:

Functionality Read Use Write
Licenses  

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers   

Run a Client Task

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Client tasks (all Client Tasks or only the selected one(s))

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers  

Create or edit a policy

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Policies

Assign or unassign a policy

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Policies  

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers   

Request configuration of the ESET product on the managed computer

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Export Managed Products Configuration (under Client Tasks)

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers   

Create and generate notifications

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Notifications  
Send Email (to distribute notifications via email)    
Send SNMP Trap (to distribute notifications via SNMP Trap)    

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers     

Edit ESET PROTECT Server settings

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Server Settings  

Add or edit users

See our Online help articles for how to add or how to edit users.

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
All Groups (or a selected user group)

Send a file to ESET Dynamic Threat Defense

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Send File to EDTD (under Client Tasks)

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers