McAfee EPOCDE-AA-BA Product Guide - Page 47
Setting up permission sets, How users, groups, and permission sets fit together
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 47 highlights
6 Setting up permission sets Permission sets control the level of access users have to the different features available in the software. Even the smallest of ePolicy Orchestrator installations needs to specify and control the access users have to different parts of the system. Contents How users, groups, and permission sets fit together Working with permission sets How users, groups, and permission sets fit together Access to items within ePolicy Orchestrator is controlled by interactions between users, groups, and permission sets. Users Users fall into two general categories. Either they are administrators, having full rights throughout the system, or they are regular users. Regular users can be assigned any number of permission sets to define their access levels within ePolicy Orchestrator. Groups Queries and reports are assigned to groups. Each group can be private (to that user only), globally public (or "shared"), or shared to one or more permission sets. Permission sets A particular access profile is defined within a permission set. This usually involves a combination of access levels to various parts of ePolicy Orchestrator. For example, a single permission set might grant the ability to read the Audit log, use public and shared dashboards, and create and edit public reports or queries. Permission sets can be assigned to individual users, or if you are using Active Directory, to all users from specific Active Directory servers. Putting the pieces together These three objects tightly interact. Understanding the interaction is the key to controlling access within ePolicy Orchestrator. Users do not have access to an object unless they are assigned a permission set that gives them that access. That same user does not have access to any reports or queries in a group unless the group is globally public or shared to a permission set assigned to that user. Due to the interwoven nature of these objects, you might have to create and modify permission sets, groups, and users multiple times to get everything set up the way you want. McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide 47