[KB6968] Required user permission sets for tasks in ESET Security Management Center (7.0)

Solution

In order to be able to perform tasks in the ESET Security Management Center Web Console, a user needs to have the appropriate access rights assigned to their home group. Each user has an assigned permission set that defines the scope of their access level to various objects.

Below is a list of example tasks and the permission sets the user needs to be assigned in order to successfully perform the task.

Generate a report:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Reports and Dashboard
Send Email
Generate Report (under Server Tasks & Triggers)

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

Deploy ESET Management Agent (using Agent Live Installer):

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Stored Installers

A user must have the following permissions for the group that contains the modified object:

Functionality Read Use Write
Certificates
A user must have the following permissions for each affected object:
Functionality Read Use Write
Groups & Computers

Deploy ESET Management Agent (using All-in-one Installer):

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Stored Installers
Policies (select only if there are explicitly specified policies)

A user must have the following permissions for the group that contains the modified object:

Functionality Read Use Write
Certificates
Licenses
A user must have the following permissions for each affected object:
Functionality Read Use Write
Groups & Computers

Deploy ESET Endpoint Product:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Client tasks

A user must have the following permissions for the group that contains the modified object:

Functionality Read Use Write
Licenses

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

Run a Client Task:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Client tasks (all Client Tasks or only the selected one(s))

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

Create/edit a policy:

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Policies

Assign/unassign a policy:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Policies

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

Request configuration of the ESET product on the managed computer:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Export Managed Products Configuration (under Client Tasks)

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

Create and generate notifications:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Notifications
Send Email (to distribute notifications via email)
Send SNMP Trap (to distribute notifications via SNMP Trap)

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

Edit ESMC Server settings:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Server Settings

Add/edit users:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
All Groups (or a selected user group)

Send a file to ESET Dynamic Threat Defense:

View permissions needed for least privilege user access
A user must have the following permissions for their home group:
Functionality Read Use Write
Send File to EDTD (under Client Tasks)

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers