Need your feedback regarding USER ROLES

Hello everybody 8)

we have quite a lot of feedback regarding additional user roles or user restrictions for the Management Console. However feedback that we have is not so clear, it presents more the need of such functionality rather than a description how you need to restrict access or let’s say split responsibilities within your team.

Therefore I would like to ask you a favor, would you be so kind and help us to understand how you would expect this functionality to work? What you need to achieve and why?

You can reply here/dm me or I would be happy to have a call with you about this topic, just let me know.

Many thanks for your time
Martin

Hey Martin, it’s cool to see you approaching the community for suggestions here.

I can’t speak for everyone’s needs, but in my organization, the following roles could be helpful.

  1. Administrator (Would remain the same as the current account administrator role)

  2. Power User (Can activate/remove machines, modify policy, create tasks, etc, but NOT manage permissions)

  3. Reporting (Can log into the cloud console to view systems, alerts, view virus chests, etc, but NOT manage permissions, change policy, or activate/remove machines)

Or another approach could be instead of pre-assigned roles, separate various components of the program into groups and allow us to explicitly allow each user access.

For instance, the following categories:

Manage Permissions
Manage Policies
Add/Remove/Activate Systems
Create Tasks
View Reports/Statistics
View Devices

And then each time we add a user, we can specify which of these categories they have access to.

For us is important to can assign different users to different groups as administrators to delegate the groups management (departments, remote offices…)

I would like to have in the cloud management the possibility to set the avast troubleshooting section.
This could help to exclude the antivirus related to problems in network environments.

Also, the possibility to not deploy the installation of the safezone if it is disabled in the cloud console.

Thank you for your replies.

  1. Administrator - that’s clear
  2. Power user - by “permissions” you mean user permissions? So you do not need anyhow limit who can manage which group of devices (assigned policies etc.)?
  3. Reporting - so it is basically "read only " access right? What is the goal of the person in such role? I mean what kind of information is he need to find? Why does he need to have access to management console? Thanks for the clarification.

That means that you need to assign the responsibility of specific group (in management console) to a concrete user? Then only this user will be able to manage devices within this group? Can you please tell which actions do you consider that such person can do or can’t do? Thanks for the clarification.

Will consider it, thanks for your reply.

That means that you need to assign the responsibility of specific group (in management console) to a concrete user? Then only this user will be able to manage devices within this group? Can you please tell which actions do you consider that such person can do or can't do? Thanks for the clarification.

Yes, we need to assign the responsibility of specific group. Only this user and the “global” administrator can manage the group.
This user should be able to:

  • have his own exe to install new machines directly in his group.
  • change/create group policies.
  • create sub-groups.
  • run/create a scan or any task.
  • manage his group notifications

Thanks for clarification.

Martin,

In regards to the “Power user” role, you are correct, I mean user permissions. Since myself and only one other team member are the “AV” administrators, other administrator types that log in do not need to be able to access user permissions, like adding other people, etc. But they may still need the rest of the functionality.

For the reporting role, you are on the right track. In our district, we have specialized techs that do user-level tech support at each site, and if they could log in to view which machines on their campus might be infected, but not actually manipulate anything through the console, that could be helpful to us moving forward as a large district. This role isn’t necessary or required, I was just throwing out ideas for things that could be helpful to implement in the future.

Also would like to suggest a role for HelpDesk type users. One that can not make changes to any settings/policy but has access to view status and run tasks like scans. Basically as the Power User role mentioned above but without the ability to change the policies.

+1 That would be helpful.