[KB7653] Create a permission set in ESET PROTECT On-Prem

Issue

  • You want to create permissions to allow users to view, use and edit objects, tasks and licenses in ESET PROTECT On-Prem
  • In the example below, we create a permission set for a small office scenario to allow all users to access all tasks and objects except for server settings. You can customize this example to create more specific permission sets according to your needs

Details


Click to expand

Permissions are an important part of Access Rights in ESET PROTECT On-Prem. A permission set defines the objects and tasks a user can access in the ESET PROTECT Web Console. Native users have their own permissions, while domain users inherit permissions from their mapped security group.

When you create a permission set, it is associated with a home group. A home group is a static group that includes the objects, tasks and users to which the permissions set will apply. When you create a new permission set, the permissions you select in the Functionality section will apply to all objects in each Static Group that you select for that permission set. Users with access to a Static Group also have access to all subgroups of that Static Group.


Solution

  1. Open ESET PROTECT On-Prem in your web browser and log in.

  2. Click MorePermission Sets → New.

    Figure 1-1
  3. Next to Name, type a name for your new permission set; the Description field is optional.

    Figure 1-2
  4. Click Static GroupsSelect. Alternatively, click Create new group to create a new group.

    Figure 1-3
  5. Select the check box next to each static group this permission set will apply to. In this example, we have selected the Static Group All to apply this permission set to all users. Click OK when you are finished.

    Figure 1-4
  6. Click Functionality to view a table of objects and tasks. Select the check box next to each object and task to define the permissions:

    • Read: Users can view but cannot carry out the task or assign tasks to an object. Users cannot edit the task or object.
    • Use: Users can carry out a task or assign tasks to the object but cannot edit the task or object.
    • Write: Users can read, use and change the task or object.

    Figure 1-5
  7. In this example, click Grant All Functionality Full Access. Deselect the check box next to tasks and objects you do not want to allow permissions for. In this example, Server Settings permissions are not allowed.

    Allowing full permissions for all tasks and objects except for server settings will allow all users to perform all necessary actions without the risk of accidental changes to core system settings. You can create more restrictive permissions sets and apply them to specific groups to customize the permissions structure to your company environment.

    Figure 1-6
  8. The User Groups and Users sections can apply permissions to specific user groups or individual users. Skip these sections if you are not creating permissions sets customized by the user.

  9. Click Finish to save your changes.

    Figure 1-7