Permissions required for working with Client Group Settings
Trust Protection Platform lets you control who has access to view and configure the groups that you create. The menus that appear depend on a user's permissions.
- The Agent Registration Settings menu item is visible if the user has permissions to the \VED\Clients tree.
- The Clients menu and is available if either a certificate, mobile, or SSH product license is available.
- The Configuration menu, which is depends on various licenses or Config permissions, is visible if when one or more of it's menu items are available.
Before assigning Client Group Settings privileges, consider the following points:
-
Who should be given permission to create, prioritize, and define group membership rules for Client Group Settings?
BEST PRACTICE Consider limiting the number of trusted administrators to be given these privileges. For example, suppose an administrator for one department was granted privileges to define group membership rules. That administrator could then expand the scope of his or her group to include systems from another department, which could create greater security risks.
-
Who should be given permission to configure work for a group?
BEST PRACTICE Though the creation of groups and group membership rules could be assigned to a central group, consider delegating the management of work within groups to administrators within each department.
The table below provides an overview of the privileges that are required to perform various work tasks defined within groups.
|
Actions on Client Group Settings |
View |
Read |
Write |
Create |
Rename |
Delete |
Associate |
Admin |
|---|---|---|---|---|---|---|---|---|
| View in List |
|
|
|
|
|
|
|
|
| View Configuration Details |
|
|
|
|
|
|
|
|
| Change Configuration (including selection criteria) |
|
|
|
|
|
|
|
|
| Assign permissions to Others |
|
|
|
|
|
|
|
|
| Rename Group Object |
|
|
|
|
|
|
|
|
| Delete Group Object |
|
|
|
|
|
|
|
|
Related Topics