ESET Online Help

Search English
Select the category
Select the topic

List of permissions

Permission types

When creating or editing a permission set in More > Permission Sets > New / Edit > Functionality there is a list of all available permissions. ESET PROTECT Web Console permissions are divided into categories; for example, Groups & Computers, Policies, Client Tasks, Reports, Notifications and so on. A given permissions set can allow for Read, Use or Write access. In general:

Read permissions are good for auditing users. They can view data but cannot make changes.

Use permissions allow users to use objects, run tasks, but not modify or delete.

Write permissions allow users to either modify respective objects and/or duplicate them.

Certain types of permissions (listed below) control a process, not an object. That is why they work on a global level, so it does not matter which static group is the permission applied on, it will work regardless. If the process is allowed to a user he can use it only over objects for which he has sufficient permissions. For example, the Export report to file permission enables the exporting functionality, however data contained in the report are determined by other permissions.


example

Read our Knowledgebase article with example tasks and permission sets that user needs to successfully perform the tasks.


note

Functionalities to which the current user does not have access rights are unavailable (grayed out).

Users can be assigned permissions for the following processes:

Agent Deployment

Reports and Dashboard (only the functionality of the Dashboard will be available, the usable report templates are still dependent on accessible static groups)

Send Email

Export report to file

Send SNMP Trap

Server Settings

ESET Inspect Administrator

ESET Inspect User

Comprehensive reports

 

Functionality types:

Groups & Computers

Read - List computers, groups and computers within a group.

Use - Use a computer/group as a target for a policy or task.

Write - Create, modify and remove computers. This also includes renaming a computer or a group.

 

ESET Inspect Administrator

Write - Perform administrative functions in ESET Inspect On-Prem.

 

ESET Inspect User

Read - Read-only access to ESET Inspect On-Prem. A Web Console user needs Read permission or above for Access to ESET Inspect or Read permission or above for ESET Inspect User.

Write - Read and write access to ESET Inspect On-Prem.

 

Permission Sets

Read - Read the list of permission sets and the list of access rights within them.

Use - Assign/remove existing permission sets for users.

Write - Create, modify and remove permission sets.

 


important

When assigning (or un-assigning) a permission set to a user, Write permission is required for Domain Groups and Native Users.

 

Domain Groups

Read - List domain groups.

Write - Allows granting/revoking of permission sets. Create/modify/remove domain groups.

 

Native Users

Read - List native users.

Write - Allows granting/revoking of permission sets. Create/modify/remove native users.

 

Agent Deployment

Use - Allow access to deploy Agent via Quick Links or to add client computers manually in ESET PROTECT Web Console.

 

Stored Installers

Read - List stored installers.

Use - Export stored installer.

Write - Create/modify/remove stored installers.

 

Certificates

Read - Read the list of peer certificates and Certification Authorities.

Use - Export Certification Authorities and peer certificates and use them in installers or tasks.

Write - Create new peer certificates or Certification Authorities and revoke them.

 

Server Tasks & Triggers

Read - Read the list of tasks and their settings (except of sensitive fields like passwords).

Use - Execute an existing task with Run Now (as the user currently logged to the Web Console).

Write - Create, modify and remove server tasks.

Categories can be expanded by clicking the sign icon_expand and single or multiple types of server tasks can be selected.

 

Client Tasks

Read - Read the list of tasks and their settings (except of sensitive fields like passwords).

Use - Schedule execution of existing Client Tasks or cancel their execution. Note that for assignment of tasks (or assignment cancellation) to targets (computers or groups) additional Use access is required for the affected targets.

Write - Create, modify or remove existing Client Tasks. Note that for assignment of tasks (or assignment cancellation) to targets (computers or groups) additional Use access is required for the affected target objects.

Categories can be expanded by clicking the sign icon_expand and single or multiple types of Client Tasks can be selected.

 

Dynamic Groups Templates

Read - Read the list of Dynamic Groups templates.

Use - Use existing templates for dynamic groups.

Write - Create, modify and remove Dynamic Group templates.

 

Encryption recovery

Read

Use - Manage the encryption recovery process.

 

Reports and Dashboard

Read - List report templates and their categories. Generate reports based on report templates. Read your own dashboards based on default dashboards.

Use - Modify your own dashboards with available report templates.

Write - Create, modify, remove existing report templates and their categories. Modify default dashboards.

 

Policies

Read - Read the list of policies and configuration within them.

Use - Assign existing policies to targets (or cancel their assignment). Note, that for the affected targets additional Use access is necessary.

Write - Create, modify and remove policies.

 

Send Email

Use - Send emails. (Useful for Notifications and Generate Report server tasks.)

 

Send SNMP Trap

Use - Allows to send SNMP trap (useful for Notifications).

 

Export report to file

Use - Allows you to store reports on the ESET PROTECT Server machine file system. Useful with the Generate Report server tasks.

 

Licenses

Read - Read the list of licenses and their usage statistics.

Use - Use the license for activation.

Write - Add and remove licenses. (The user must have home group set to All. By default only the Administrator can do it.)

 

Notifications

Read - Read the list of notifications and their settings.

Use - Assign tags.

Write - Create, modify, remove notifications. For proper notification handling additional Use access rights may be required for Send SNMP Trap or Send Email depending on the notification configuration.

 

Server Settings

Read - Read ESET PROTECT Server Settings.

Write - Modify ESET PROTECT Server Settings.

 

Audit log

Read - View Audit log and read the Audit log report.

 

Comprehensive reports

Use - Generate the MDR Report Template.

 

Granted ESET Inspect Functionality

This is a list of individual ESET Inspect functionalities that a user will have access to. For more details, see the ESET Inspect User Guide. A Web Console user needs Read permission or above for Access to ESET Inspect or Read permission or above for ESET Inspect User.