Skip to main content
Skip table of contents

Administrative Permissions


Administrative permissions allow the level of system access for users to be defined.


The following administrative permissions for users are available, and can be granted/revoked to/from a user (or user group) while adding/editing the user (or user group)::

• Management Tool Access: Allows the user to open and use the Management Tool, and must be granted before the following permissions can be granted:

- Client Installation and Management: Allows the user to install Clients and manage them, manage Client groups, manage alerts, define alert settings, create and manage scheduled report rules, view the list of reports, define email sending settings, create and manage USB monitoring & blocking rules, and block users.

- Database Management: Allows the user to access information about the database, perform database cleanup operations, and delete Clients from the database.

- License Management: Allows the user to assign licenses to Clients (and unassign licenses from them).

- Tenant Management and System Configuration (for users of the default tenant): Allows the user to manage tenants, grant/ungrant licenses to them, and define the system configuration, as well as to activate and deactivate serial keys, and to download the Application Server and Management Tool log files.

NOTE: In Single-Tenant mode, the Tenant Management and System Configuration permission is granted to users of the Administrators user group by default, and cannot be granted to users of other user groups.

- User Management: Allows the user to manage users / user groups and define the permissions for them, as well as to view the Audit log.

NOTE: The Client Installation and Management permission is also required for the user to be able to assign/unassign licenses to/from Clients.

Viewing Archived Data: Allows the user to view and export sessions from archived databases.

- Viewing Monitoring Results: Allows the user to open Client sessions (including archived sessions), so as to view the screen captures and metadata recorded on Client computers, as well as to generate dashboards (on the Dashboards page) and reports. This permission can be used, for example, to prevent system administrators from viewing sensitive data.

• PAM User Access: Allows PAM users (i.e. users the Ekran System Connection Manager) who do not have the administrative Management Tool Access permission (see above) to log in to Management Tool with limited access (i.e. to the Password Management page only) and create (and manage) their own Workforce Password Management secrets.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.