Users
User management is part of the More section of the ESET PROTECT Web Console.
•User actions and user details
•Assign a Permission Set to a User
There are two user types:
•Native Users - User accounts created and managed from the ESET PROTECT Web Console.
•Mapped Domain Security Groups - User accounts managed and authenticated by Active Directory.
A fresh ESET PROTECT On-Prem setup has the Administrator (Native User with home group All and access to everything) as the only user. •We do not recommend using this user account on a regular basis. We strongly advise that you create another administrator account or use Administrators from Mapped Domain Security Groups with the Administrator Permission Set assigned to them. Use the default administrator account only as a backup option. •You can also create additional users with narrower access rights based on your desired competencies. •Optionally, you can set up Two-Factor Authentication for Native Users and Mapped Domain Security Groups. This will increase security when logging into and accessing ESET PROTECT Web Console. |
Branch office admins solution
If a company has two offices, each with local admins, they need to be assigned with more permission sets for different groups. Let's say there are admins John in San Diego and Larry in Sydney. Both of them need to take care only of their local computers, use Dashboard, Policies, Reports and Dynamic Groups Templates with their machines. The main Administrator has to follow these steps: 1.Create new Static Groups: San Diego office, Sydney office. 2.Create new Permission sets: a)Permission set called Sydney permission set, with Static Group Sydney office, and with full access permissions (exclude Server Settings). b)Permission set called San Diego permission set, with Static Group San Diego office, and with full access permissions (exclude Server Settings). c)Permission set called All Group / Dashboard, with Static Group All, with the following permissions: •Read for Client Tasks •Use for Dynamic Group Templates •Use for Reports and Dashboard •Use for Policies •Use for Send Email •Use for Send SNMP Trap •Use for Export report to file •Use for Licenses •Write for Notifications 3.Create new user John with home group San Diego office, assigned with the permission sets San Diego permission set and All Group / Dashboard. 4.Create new user Larry with home group Sydney office, assigned with the permission sets Sydney permission set and All Group / Dashboard. If permissions are set like this, John and Larry can use same tasks and policies, reports and dashboard, use dynamic group templates without restrictions; however each can only use templates for machines contained in their home groups. |
Sharing objects
If an Administrator wants to share objects, such as dynamic group templates, report templates, or policies, the following options are available:
•Move those objects into shared groups
•Create duplicate objects and move them into static groups which are accessible to other users (see the example below)
For an object duplication the user needs to have Read permission on the original object and Write permission on his Home Group for this type of action. Administrator, whose home group is All, wants to share Special Template with user John. The template was originally created by Administrator, therefore it is automatically contained in the group All. Administrator will follow these steps: 1.Navigate to More > Dynamic Group Templates. 2.Select the Special Template and click Duplicate, if needed, set name and description and click Finish. 3.The duplicated template will be contained in the home group of Administrator, group All. 4.Navigate to More > Dynamic Group Templates and select the duplicated template, click Access Group > Move and select the destination static group (where John has permission). Click OK. |
How to share objects among more users via Shared Group
To better understand how the new security model works, see the scheme below. There is a situation where there are two users created by the administrator. Each user has his own home group with objects he has created. San Diego permission set gives John rights to manipulate Objects in his home group. The situation is similar for Larry. If these users need to share some objects (for example, computers), these objects should be moved to Shared Group (a static Group). Both users should be assigned with Shared permission set which has Shared Group listed in the Static Groups section.
Filters and layout customization
You can customize the current Web Console screen view:
• Add filters and filter presets.
• You can use tags for filtering the displayed items.