Administrative Permissions allow the level of system access for users to be defined.
The following administrative permissions for users are available, and can be granted/revoked to/from a user (or user group) while adding/editing the user (or user group)::
• User Management: Allows the user to add, edit, delete users / user groups and define the permissions for them, as well as to view the Audit log.
• Client Installation and Management: Allows the user to install Clients, add, edit, and delete Clients and Client groups, manage alerts, define alert settings, create and manage scheduled report rules, view report logs, define email sending settings, create and manage USB monitoring & blocking rules, and block users.
• License Management: Allows the user to assign licenses to Clients (and unassign licenses from them).
NOTE: The Client Installation and Management permission is also required for the user to be able to assign/unassign licenses to/from Clients.
• Database Management: Allows the user to access information about the database, perform database cleanups, and delete Clients from the database.
• Viewing Archived Data: Allows the user to view and export sessions from archived databases.
• Tenant Management and System Configuration (for users of the default tenant): Allows the user to manage tenants, grant/ungrant licenses to them, and define the system configuration, as well as to activate and deactivate serial keys, and to download the Application Server and Management Tool log files.
NOTE: In Single-Tenant mode, the Tenant Management and System Configuration permission is granted to users of the Administrators user group by default, and cannot be granted to users of other user groups.
• Management Tool Access: Allows the user to open and use the Management Tool.
• Viewing Monitoring Results: Allows the user to open Client sessions (including archived sessions), so as to view the screen captures and metadata recorded on Client computers, as well as to generate reports. This permission can be used, for example, to prevent system administrators from viewing sensitive data.