Add a role and assign it to users

Administrators can create roles with permissions and assign them to users.

MVISION ePO users fall into two general categories. Either they are administrators, having full rights throughout the system, or they are regular users. Regular users can be assigned role-based permissions to define their access levels in MVISION ePO.

Users can be assigned any number of roles. An effective permission is a combination of all roles assigned to the user. For example, to allow users to deploy products, these roles must be assigned.

  • Tag management roles
  • View and edit policies/task roles of products for which the user needs to be granted access for deployment
  • System Tree permissions - view or edit

Administrators can't assign or unassign roles for their own accounts.

Task

  1. From MVISION ePO, select MenuConfigurationUsers & Roles.
  2. Next to Roles, click Add Role.
  3. In the Role Name field, type the name of the role you want to create.
  4. From the Unassigned Permissions list, select the permissions that you want to assign to the role.

    Administrators can assign permissions for specific users from here. They can also select a group to view and edit the users that can access the systems in that group from System Tree using the System Tree Permissions option.

    Note: Roles with System Tree Permissions options can be used to achieve an administrator role for a subset of System Tree.

    The table lists permissions for the MVISION ePolicy Orchestrator role.
    Roles Permissions
    Automation Allow users to:
    • View Automatic Responses; create, change, and cancel responses; view response results in the Server Task Log
    • View Automatic Responses; view response results in the Server Task Log
    • View Server Tasks; create, change, and run tasks; view task results in the Server Task Log
    • View Server Tasks; view task results in the Server Task Log
    Policy Allow users to:
    • View and edit policies in McAfee Data Loss Prevention
    • View and change policies in Endpoint Security Adaptive Threat Protection, Endpoint Security Common, Endpoint Security Firewall, Endpoint Security Web Control, McAfee Agent, DXL, McAfee Management of Native Encryption, MVISION Endpoint, and VirusScan Enterprise
    • View policies in Endpoint Security Adaptive Threat Protection, Endpoint Security Common, Endpoint Security Firewall, Endpoint Security Web Control, McAfee Agent, DXL, McAfee Management of Native Encryption, MVISION Endpoint, and VirusScan Enterprise
    • View and change client tasks in Endpoint Security Common, Endpoint Security Web Control, McAfee Agent, and VirusScan Enterprise
    • View client tasks in Endpoint Security Common, Endpoint Security Web Control, McAfee Agent, and VirusScan Enterprise
    • View client properties in Endpoint Security Firewall
    • View Firewall Catalog
    • View Firewall Client Rules
    • View Policy Assignment Rules
    • View Policy Assignment Rules; create and change rules
    Reporting Allow users to:
    • View queries in Endpoint Security Adaptive Threat Protection, Endpoint Security Common, Endpoint Security Firewall, Endpoint Security Threat Prevention, and Endpoint Security Web Control
    • View properties in McAfee Management of Native Encryption
    • View and purge Audit Log
    • View and purge Client Events
    • View Audit Log
    • View Client Events
    • View Dashboards
    • View Exploit Prevention Events
    • View Queries & Reports created by users
    • View Queries & Reports created by users; create and change queries and reports
    • View Threat Events
    • View Dashboards
    • View Dashboards; create and change dashboards
    Systems Allow users to:
    • Apply, exclude, and clear tags
    • Create and edit tags and tag groups
    • Create and edit tags, tag groups, and tag criteria
    • Deploy agents and products; view Master Repository
    • Edit System Tree groups and systems
    • View properties, Import, and search for recovery keys in McAfee Management of Native Encryption
    • View "System Tree" tab
    • Wakeup agents
  5. Click Save Changes.
    The details show which permissions are assigned to the selected role.
  6. Click Edit Assignments to view the User Assignments pane.
  7. In the User Assignments pane, select the users for whom you want to assign the selected role.
  8. Click Save Changes.