The ESET PROTECT On-Prem Permission Settings
In the ESET PROTECT On-Prem, it is necessary to create a Static Group, where security engineers have access and full permission rights.
We recommend using pre-defined permission sets in the ESET PROTECT On-Prem.
Refer to the ESET PROTECT On-Prem documentation for more details on creating an ESET PROTECT On-Prem Native User.
For the EI_SERVER_INSTALLER Web Console access user, the permission set should be:
The user with this permission set should be used during the ESET Inspect Server installation process. If there is an error, logs with diagnostics data is created too, which will help solve the problem better. |
For the EI_ADMIN Web Console access user, the permission set should be:
For the EI_READ_ONLY Web Console access user, the permission set should be:
Custom permission sets
You can create custom permission sets (see the Permission Sets Online Help topic).
A given permissions set enables Read, Use or Write access. In general:
•Read permissions are good for auditing users. They can view data but cannot make changes.
•Use permissions allow users to use objects and run tasks but not modify or delete them.
•Write permissions allow users to either modify respective objects and/or duplicate them.
Certain permissions (listed below) control a process, not an object. That is why they work globally, so it does not matter which static group the permission is applied to. It will work regardless. If the process is allowed to a user, it can use it only over objects with sufficient permissions.
Functionality types:
Access to ESET Inspect On-Prem
•Read—Allows logging into ESET Inspect Web Console.
Change Server Settings
•Write—Allows changing ESET Inspect Server Settings in More > Admin > Settings.
Edit Notes/Comments
•Write—Allows editing notes and comments through whole ESET Inspect On-Prem.
Edit Tags
•Write—Allows creating and editing tags in the ESET Inspect On-Prem.
Create & Edit Incidents
•Write—Allows creating and editing incidents in the ESET Inspect On-Prem.
Add Objects to Incidents
•Write—Allows working with objects within ESET Inspect On-Prem incidents.
Assign Incidents
•Write—Allows to assign incidents to specific user in the Incidents window.
Change Incident Status
•Write—Allows to change the progress status of the incident report.
Block Modules
•Write—Allows blocking executables based on the SHA-1 hash. The blocked executable will appear in the blocked hashes section. It also allows using the remediation option in detection details.
Clean Modules
•Write—Allows to delete the executable file and add it to the blocked hashes section to prevent future occurrences. It also allows using the remediation option in detection details.
Kill Process
•Use—Allows to kill the running process that triggered the detection.
Remote Shell Access
•Use—Allows connecting to the Computer via remote Terminal.
Resolve Detection
•Write—Allows changing the detection status.
Change Detection Priority
•Write—Allows changing the detection priority levels.
Mark as Safe/Unsafe
•Write—Allows marking executables as Safe/Unsafe.
Mark as Safe/Unsafe
•Write—Allows marking scripts as Safe/Unsafe.
Create and Manage Rules
•Write—Allows allows to create, save and manage rules.
Enable/Disable Rules
•Write—Allows enabling or disabling rules.
Import/Export Rules
•Read—Allows exporting the rule from ESET Inspect On-Prem.
•Write—Allows importing the rule into ESET Inspect On-Prem.
Create and Manage Exclusions
•Write—Allows creating, saving and managing exclusions.
Enable/Disable Exclusions
•Write—Allows enabling or disabling exclusions.
Import/Export Exclusions
•Read—Allows exporting the exclusion from ESET Inspect On-Prem.
•Write—Allows importing the exclusion into ESET Inspect On-Prem.
Resolve Questions
•Write—Allows resolving the question.
Create and Manage Tasks
•Write—Allows to create and manage tasks.
Pause/Resume Tasks
•Write—Allows to pause and resume tasks.
Download Executables
•Use—Allows to download the executable file for further diagnostics.
Download Scripts
•Use—Allows to download the script file for further diagnostics.
Audit Log
•Read—Allows reading the audit log.