This department describes the types of Systemwalker Desktop Keeper administrators and their roles.
There are several types of administrators differentiated below.
The system administrator defined in this product refers to the administrator who defines and manages policies such as the prohibition of client operation and the collection of operation logs, and takes charge of the security of the entire system. Apart from setting policies, the system administrator can also view and operate CT information, user information, or log information of the entire system.
Differing from the system administrator, department administrators only have authority under a particular department. Department administrators are assigned with necessary rights depending on purpose, and they cannot view or operate information of departments for which they are not authorized. Department administrators can be set in each CT group and user group.
The system administrator will be overloaded if he or she must always control the whole system.
Therefore, by setting department administrators who only have authority under particular departments (CT groups) and assigning them with appropriate rights for managing information, the system administrator can reduce his or her workload.
Department administrator can also be configured after the operation has been started. For details of functions that can be used by department administrator, please refer to “Functions Available for Each Type of Administrator ”.
Differing from the system administrator and department administrator, USB device administrators are only authorized to register/modify/delete USB devices. They cannot perform policy settings, etc. By setting USB device administrators, the workload of the system administrator and department administrators can be reduced.
Collective Management based on System Administrator (Applied when Department Administrators are not configured)
This is a setting in which all policy settings and log viewings are performed by the system administrator. Policy setting and log viewing of all users and all clients (CTs) can be performed and all functions can be used.
Distributed Management based on Multiple Administrators (Applied when Department Administrators are configured)
This is a setting in which a department administrator is set for every department to set policies and view logs within each department. Because policies can be modified and logs can be viewed by the Department Administrator, management of the system becomes easier under this configuration.
The system administrator can manage the security of the entire system under the Root directory, while department administrators only have authority for a particular department. For example, as shown in the image above, Department Administrator A can define policy for “Business Department” and view logs, but cannot define policy for “Development Department” or view logs there.
The functions that can be used primarily by department administrators are as follows. For more detailed information about the function and scope of each operation window, please refer to “Functions Available for Each Type of Administrator ”.
The CT group that is set as department administrator has the following functions:
View management information of client (CT)
Move (within department management group), delete client (CT)
View, modify CT policy
Create, move (within department management group) and delete CT group
Search, view logs
CSV export of logs, view and save (restrict as well) attached data
The user group that is set as department administrator has the following functions:
Add, view and modify user information
Move (within department management group), delete user information
View, modify user policy
Create, move (within department management group) and delete user group
Functions Available for Each Type of Administrator
This section describes the function differentiations under administrator mode and department management mode in the Management Console and the Log Viewer of Systemwalker Desktop Keeper.
This section describes the function differentiations between system administrator and department administrator in the Management Console.
Classification | Function | System Administrator | Department Admnistrator | USB Device Administrator | Remarks | ||
|---|---|---|---|---|---|---|---|
Menu Bar | [File] | [Search CT/CT Group] | ○ | ▲ | × |
| |
[Create CT Group] | ○ | ▲ | × | *5 | |||
[Delete CT Group] | ○ | ▲ | × | *5 | |||
[Set Department Administrator of CT Group] | ○ | × | × |
| |||
[Export CT Information in CSV Format] | ○ | ▲ | × | *2 | |||
[Export CT Group Information in CSV Format] | ○ | × | × | *2 | |||
[Import Department Administrator of CT Group in CSV Format] | ○ | × | × | *1 | |||
[Export Department Administrator of CT Group in CSV Format] | ○ | × | × | *2 | |||
[Collect Remote Materials] | ○ | × | × |
| |||
[CT Debugging Trace] | ○ | ○ | × |
| |||
[Output IP Address of Subordinate CT] | ○ | ○ | × |
| |||
[Change Password] | ○ | ○ | ○ |
| |||
[Display] | [View/Set Terminal Information] | ○ | ▲ | × |
| ||
[Get/Control Service List] | ○ | ▲ | × |
| |||
[Get/Control Process List] | ○ | ▲ | × |
| |||
[Tree Settings] | [Refresh Tree (All Servers)] | ○ | ○ | × |
| ||
[Refresh Tree (Selected Servers)] | ○ | ○ | × |
| |||
[Unfold All Trees] | ○ | ○ | × |
| |||
[Fold All Trees] | ○ | ○ | × |
| |||
[Do not Display Empty Group] | ○ | ○ | × |
| |||
[Reflect CT Group Structure] | ○ | ○ | × |
| |||
[Display Server] | ○ | ○ | × | *3 | |||
[Display “Deleted” Group] | ○ | × | × |
| |||
[List Settings] | [Settings of CT List Display Columns] | ○ | ○ | × |
| ||
[Operation Settings] | [Terminal Initial Settings] | ○ | × | × |
| ||
[Terminal Operation Settings] | × | × |
| ||||
[USB Device Registration] | ○ | ○ | ○ | *6 | |||
[Get Latest Information at Startup] | ○ | ○ | × |
| |||
[Debugging Trace] | ○ | × | × |
| |||
[Management Console Trace] | ○ | ○ | × |
| |||
[User Settings] | [User Policy Settings] | ○ | ▲ | × |
| ||
[Link with Other System] | [Link with Systemwalker Desktop Patrol] | [Import Configuraiton Information] | ○ | × | × | *1, *4 | |
[Export Configuraiton information] | ○ | × | × | *2, *4 | |||
[CT List] window | [Copy Policy] | ○ | ▲ | × |
| ||
[Paste Policy] | ○ | ▲ | × |
| |||
[Delete CT] | ○ | ▲ | × | *5 | |||
[Collect Remote Material] | ○ | × | × |
| |||
[CT Debugging Trace] | ○ | ○ | × |
| |||
[Policy List] window | [Set CT Group Policy] | ○ | ▲ | × |
| ||
[Set CT Policy] | ○ | ▲ | × |
| |||
[Refresh Policy] | ○ | ▲ | × |
| |||
[Update at Next Startup] | ○ | ▲ | × |
| |||
[Update Immediately] | ○ | ▲ | × |
| |||
Drag&Drop Operation | [Move CT Group] | ○ | ▲ | × | *5 | ||
[Move CT] | ○ | ▲ | × | *5 | |||
Legend: ○=No function restriction, ×=Cannot be used, ▲=Can be used within the range managed by department administrator
*1: Authority to import CSV file is required
*2: Authority to save CSV file is required
*3: When linking with Active Directory, will change to the setting that always displays server (cannot be modified)
*4: Cannot be used when linking with Active Directory
*5: When linking with Active Directory, can be used in Local group
*6: Authority to register/update/delete USB device is required
Classification | Function | System Administrator | Department Admnistrator | Remarks | |
|---|---|---|---|---|---|
Menu Bar | [File] | [Search User/User Group] | ○ | ▲ |
|
[Create User Group] | ○ | ▲ | *5 | ||
[Delete user group] | ○ | ▲ | *5 | ||
[Set Department Administrator of User Group] | ○ | × |
| ||
[Import Department Administrator of User Group in CSV Format] | ○ | × | *1, *5 | ||
[Export Department Administrator of User Group in CSV Format] | ○ | × | *2 | ||
[Tree Settings] | [Refresh Tree] | ○ | ○ |
| |
[Unfold All Trees] | ○ | ○ |
| ||
[Fold All Trees] | ○ | ○ |
| ||
[Do not Display Empty Group] | ○ | ○ |
| ||
[Reflect User Group Structure] | ○ | ○ |
| ||
[Link with CSV] | [Import User Information in CSV Format] | ○ | ▲ | *1, *5 | |
[Export User Information in CSV Format] | ○ | ▲ | *2 | ||
[User List] window | [Copy Policy] | ○ | ▲ |
| |
[Paste Policy] | ○ | ▲ |
| ||
[Delete User] | ○ | ▲ | *5 | ||
[User Properties] window | [Enter a New User | ○ | ▲ | *5 | |
[Update User Information] | ○ | ▲ | AD link items cannot be modified | ||
[User Policy List] window | [Apply Group Policy] | ○ | ▲ |
| |
[Do not Apply Group Policy] | ○ | ▲ |
| ||
[Set Terminal Initial Setting Value] | ○ | ▲ |
| ||
Drag&Drop Operation | [Move User Group] | ○ | ▲ | *5 | |
[Move User] | ○ | ▲ | *5 | ||
Legend: ○=No function restriction, ×=Cannot be used, ▲=Can be used within the range managed by department administrator
*1: Authority to import CSV file is required
*2: Authority to save CSV file is required
*5: When linking with Active Directory, can be used in Local group
This department describes the function differentiations between system administrator and department administrator in the Log Viewer.
Classification | Function | System Administrator | Department Admnistrator | Remarks | |
|---|---|---|---|---|---|
Common in [CT Operation Log]/[Configuration Change Log] window *3 | Select Department | ○ | ▲ |
| |
Refresh | ○ | ○ |
| ||
Search Conditions | ○ | ▲ |
| ||
List of logs | ○ | ▲ |
| ||
Display items settings | Display items settings | ○ | ▲ |
| |
Department display settings | ○ | × |
| ||
Violation CT display settings | ○ | ▲ |
| ||
CT/CT group search | ○ | ▲ |
| ||
CSV Export | ○ | ▲ | *2 | ||
[CT Operation Log] window | List of Problem PC(s) | ○ | ▲ |
| |
File Trace | ○ | ▲ |
| ||
View/Save Additional Information | ○ | ▲ | *1,*4 | ||
Legend: ○=No function restriction, ×=Cannot be used, ▲=Can be used within the range managed by department administrator
*1=When viewing [Additional] information and executing [Save File], “Authority to View/Save Additional Information” is required
*2=“Authority to Save CSV File” is required
*3= When viewing the [Configuration Change Log] window, “Authority to View Configuration Change Log” is required”
*4=When viewing E-mail sending content through [Additional] information, “Authority to View E-mail Content” is required”
This section describes the function differentiations between system administrator and department administrator in the Status Window.
Classification | Function | System Administrator | Department Admnistrator | Remarks |
|---|---|---|---|---|
Status Window | View the status window | ○ | ▲ |
|
Environment Setup Window | Set aggregation conditions | ○ | × |
|
Legend: ○=No function restriction, ×=Cannot be used, ▲=Can be used within the range managed by department administrator
This section describes the function differentiations between system administrator and department administrator in the Log Analyzer.
Classification | Function | System Administrator | Department Admnistrator | Remarks |
|---|---|---|---|---|
[Information Disclosure Prevention Diagnosis] window | Information Disclosure Prevention Diagnosis | ○ | × | *1 |
Ranking | ○ | × | *1 | |
Graph Display | ○ | × | *1 | |
[Aggregate by Objective] window | Result List (Aggregation Result) | ○ | × | *1 |
Result List (Detailed Result) | ○ | × | *1 | |
CSV File | ○ | × | *1 | |
[Ranking Settings] window | Set Ranking Display | ○ | × | *1 |
[Screening Condition Settings] window | Register/Add/Delete Screening Conditions | ○ | × | *1 |
[Exclusion Condition Settings] window | Set Exclusion Conditions | ○ | × | *1 |
[Operation Settings] window | Set Violation and Eco Auditing | ○ | × | *1 |
[Select Server] window | Select Log Analyzer Server | ○ | × | *1 |
Legend: ○=No function restriction, ×=Cannot be used, ▲=Can be used within the range managed by department administrator
*1=In case of 3-level systems, only the system administrator of Master Management Server can use
This section describes the function differentiations between system administrator and department administrator in the Report Output Tool.
Classification | Function | System Administrator | Department Admnistrator | Remarks |
|---|---|---|---|---|
[Comprehensive analysis] report | Output comprehensive analysis report | ○ | ▲ | |
[Information disclosure analysis] report | Output information disclosure analysis report | ○ | ▲ | |
[Terminal usage analysis] report | Output terminal usage analysis report | ○ | ▲ | |
[Violation operation analysis] report | Output violation operation analysis report | ○ | ▲ | |
[Printing volume auditing] report | Output print volume auditing report | ○ | ▲ | |
[Paper usage of all-in-one PC/printer] report | Output paper usage report of all-in-one PC | ○ | × | This function is not available. |
Legend: ○=No function restriction, ×=Cannot be used, ▲=Can be used within the range managed by department administrator
