This department describes the types of Systemwalker Desktop Keeper administrators and their roles.
There are several types of administrators differentiated below.
The system administrator defined in this product refers to the administrator who defines and manages policies such as the prohibition of client (CT) and smart device operation and the collection of operation logs, and takes charge of the security of the entire system. Apart from setting policies, the system administrator can also view and operate CT information, smart device (agent) information, user information, or log information of the entire system.
Differing from the system administrator, department administrators only have authority under a particular department. Department administrators are assigned with necessary rights depending on purpose, and they cannot view or operate information of departments for which they are not authorized. Department administrators can be set in each client (CT) group and user group.
The system administrator will be overloaded if he or she must always control the whole system.
By setting department administrators who only have authority under particular departments (CT groups) and assigning them with appropriate rights for managing information, the system administrator can reduce his or her own workload.
The department administrator settings can also be configured after the operation has been started. For details of functions that can be used by department administrator, refer to "Functions Available for Each Type of Administrator".
Differing from the system administrator and department administrator, USB device administrators are only authorized to register/modify/delete USB devices. They cannot perform policy settings, etc. By setting USB device administrators, the workload of the system administrator and department administrators can be reduced.
Collective Management based on System Administrator (Applied when Department Administrators are not configured)
This is a setting in which all policy settings and log viewings are performed by the system administrator. Policy setting and log viewing of all users and all clients (CTs) and smart devices (agents) can be performed and all functions can be used.
Distributed Management based on Multiple Administrators (Applied when Department Administrators are configured)
This is a setting in which a department administrator is set for every department to set policies and view logs within each department. Because policies can be modified and logs can be viewed by the Department Administrator, management of the system becomes easier under this configuration.
The system administrator can manage the security of the entire system under the Root directory, while department administrators only have authority for a particular department. For example, as shown in the image above, Department Administrator A can define policy for "Business Department" and view logs, but cannot define policy for "Development Department" or view logs there.
The functions that can be used primarily by department administrators are as follows. For detailed information about the function and scope of each operation window, refer to "Functions Available for Each Type of Administrator".
The client (CT) group that is set as department administrator has the following functions:
View management information of clients (CTs) and smart devices (agents)
Move (within department management group), delete clients (CTs) and smart devices (agents)
View, modify CT policy
Create, move (within department management group) and delete CT group
Search, view logs
CSV export of logs, view and save (restrict as well) attached data
The user group that is set as department administrator has the following functions:
Add, view and modify user information
Move (within department management group), delete user information
View, modify user policy
Create, move (within department management group) and delete user group
Search, view logs
CSV export of logs, view and save (restrict as well) attached data
Functions Available for Each Type of Administrator
This section describes the function differentiations under administrator mode and department management mode in the Management Console and the Log Viewer of Systemwalker Desktop Keeper.
This section describes the function differentiations between system administrator and department administrator in the Management Console.
Classification | Function | Allowed | |||||
|---|---|---|---|---|---|---|---|
System Administrator | Department Administrator | USB Device Administrator | Remarks | ||||
Menu Bar | File | Search CT/CT Group | Y | R | N | ||
Create CT Group | Y | R | N | *5 | |||
Delete CT Group | Y | R | N | *5 | |||
Set Department Administrator of CT Group | Y | N | N | ||||
Export CT Information in CSV Format | Y | R | N | *2 | |||
Export CT Group Information in CSV Format | Y | N | N | *2 | |||
Import Department Administrator of CT Group in CSV Format | Y | N | N | *1 | |||
Export Department Administrator of CT Group in CSV Format | Y | N | N | *2 | |||
Collect Remote Materials | Y | N | N | ||||
CT Debugging Trace | Y | Y | N | ||||
Output IP Address of Subordinate CT | Y | Y | N | ||||
Change Password | Y | Y | Y | ||||
Display | View/Set Terminal Information | Y | R | N | |||
Get/Control Service List | Y | R | N | ||||
Get/Control Process List | Y | R | N | ||||
Tree Settings | Refresh Tree (All Servers) | Y | Y | N | |||
Refresh Tree (Selected Servers) | Y | Y | N | ||||
Unfold All Trees | Y | Y | N | ||||
Fold All Trees | Y | Y | N | ||||
Do not Display Empty Group | Y | Y | N | ||||
Reflect CT Group Structure | Y | Y | N | ||||
Display Server | Y | Y | N | *3 | |||
Display "Deleted" Group | Y | N | N | ||||
List Settings | Settings of CT List Display Columns | Y | Y | N | |||
Operation Settings | Terminal Initial Settings | Y | N | N | |||
Terminal Operation Settings | N | N | |||||
USB Device Registration | Y | Y | Y | *6 | |||
Get Latest Information at Startup | Y | Y | N | ||||
Debugging Trace | Y | N | N | ||||
Management Console Trace | Y | Y | N | ||||
User Settings | User Policy Settings | Y | R | N | |||
Link with Other System | Link with Systemwalker Desktop Patrol | Import Configuration Information | Y | N | N | *1, *4 | |
Export Configuration information | Y | N | N | *2, *4 | |||
CT List window | Copy Policy | Y | R | N | |||
Paste Policy | Y | R | N | ||||
Delete CT | Y | R | N | *5 | |||
Collect Remote Material | Y | N | N | ||||
CT Debugging Trace | Y | Y | N | ||||
Policy List window | Set CT Group Policy | Y | R | N | |||
Set CT Policy | Y | R | N | ||||
Refresh Policy | Y | R | N | ||||
Update at Next Startup | Y | R | N | ||||
Update Immediately | Y | R | N | ||||
Drag-and-drop operation | Move CT Group | Y | R | N | *5 | ||
Move CT | Y | R | N | *5 | |||
Legend: Y=No restriction, N=Cannot be used, R=Restricted, can be used within the range managed by department administrator
*1: Authority to import CSV file is required
*2: Authority to save CSV file is required
*3: Configure the settings to always display the server during linkage with Active Directory.
*4: Cannot be used when linking with Active Directory
*5: Can be used only in Local group during linkage with Active Directory
*6: Authority to register/update/delete USB device is required
Classification | Function | Allowed | |||
|---|---|---|---|---|---|
System Administrator | Department Administrator | Remarks | |||
Menu Bar | File | Search User/User Group | Y | R | |
Create User Group | Y | R | *3 | ||
Delete user group | Y | R | *3 | ||
Set Department Administrator of User Group | Y | N | |||
Import Department Administrator of User Group in CSV Format | Y | N | *1, *3 | ||
Export Department Administrator of User Group in CSV Format | Y | N | *2 | ||
Tree Settings | Refresh Tree | Y | Y | ||
Unfold All Trees | Y | Y | |||
Fold All Trees | Y | Y | |||
Do not Display Empty Group | Y | Y | |||
Reflect User Group Structure | Y | Y | |||
Link with CSV | Import User Information in CSV Format | Y | R | *1, *3 | |
Export User Information in CSV Format | Y | R | *2 | ||
User List window | Copy Policy | Y | R | ||
Paste Policy | Y | R | |||
Delete User | Y | R | *3 | ||
User Properties window | Enter a New User | Y | R | *3 | |
Update User Information | Y | R | AD link items cannot be modified | ||
User Policy List window | Apply Group Policy | Y | R | ||
Do not Apply Group Policy | Y | R | |||
Set Terminal Initial Setting Value | Y | R | |||
Drag-and-drop operation | Move User Group | Y | R | *3 | |
Move User | Y | R | *3 | ||
Legend: Y=No restriction, N=Cannot be used, R=Restricted, can be used within the range managed by department administrator
*1: Authority to import CSV file is required
*2: Authority to save CSV file is required
*3: Can be used only in Local group during linkage with Active Directory.
This department describes the function differentiations between system administrator and department administrator in the Log Viewer.
Classification | Function | Allowed | |||
|---|---|---|---|---|---|
System Administrator | Department Administrator | Remarks | |||
Database | Operation Database | Y | R | ||
Log Viewing Database | Y | R | |||
CT Operation Log/ User operation log/Configuration Change Log *3 | Select Department | Y | R | ||
Refresh | Y | Y | |||
Search Conditions | Y | R | |||
List of logs | Y | R | |||
Display items settings | Display items settings | Y | R | ||
Department display settings | Y | N | |||
Violation CT display settings | Y | R | |||
CT/CT group search | Y | R | |||
CSV Export | Y | R | *2 | ||
CT Operation Log window | List of Problem PC(s) | Y | R | ||
File Trace | Y | R | |||
View/Save Additional Information | Y | R | *1,*4 | ||
Legend: Y=No restriction, N=Cannot be used, R=Restricted, can be used within the range managed by department administrator
*1=When viewing Additional information and executing Save File, "Authority to View/Save Additional Information" is required
*2="Authority to Save CSV File" is required
*3= When viewing the Configuration Change Log window, "Authority to View Configuration Change Log" is required"
*4=When viewing E-mail sending content through Additional information, "Authority to View E-mail Content" is required"
This section describes the function differentiations between system administrator and department administrator in the Status Window.
Classification | Function | Allowed | ||
|---|---|---|---|---|
System Administrator | Department Administrator | Remarks | ||
Status Window | View the status window | Y | R | |
Environment Setup Window | Set aggregation conditions | Y | N | |
Legend: Y=No restriction, N=Cannot be used, R=Restricted, can be used within the range managed by department administrator
This section describes the function differentiations between system administrator and department administrator in the Log Analyzer.
Classification | Function | Allowed | ||
|---|---|---|---|---|
System Administrator | Department Administrator | Remarks | ||
Information Disclosure Prevention Diagnosis window | Information Disclosure Prevention Diagnosis | Y | N | *1 |
Ranking | Y | N | *1 | |
Graph Display | Y | N | *1 | |
Aggregate by Objective window | Result List (Aggregation Result) | Y | N | *1 |
Result List (Detailed Result) | Y | N | *1 | |
CSV File | Y | N | *1 | |
Ranking Settings window | Set Ranking Display | Y | N | *1 |
Screening Condition Settings window | Register/Add/Delete Screening Conditions | Y | N | *1 |
Exclusion Condition Settings window | Set Exclusion Conditions | Y | N | *1 |
Operation Settings window | Set Violation and Eco Auditing | Y | N | *1 |
Select Server window | Select Log Analyzer Server | Y | N | *1 |
Legend: Y=No restriction, N=Cannot be used, R=Restricted, can be used within the range managed by department administrator
*1=In case of 3-level systems, only the system administrator of Master Management Server can use
This section describes the function differentiations between system administrator and department administrator in the Report Output Tool.
Classification | Function | Allowed | ||
|---|---|---|---|---|
System Administrator | Department Administrator | Remarks | ||
Comprehensive analysis report | Output comprehensive analysis report | Y | R | |
Information disclosure analysis report | Output information disclosure analysis report | Y | R | |
Terminal usage analysis report | Output terminal usage analysis report | Y | R | |
Violation operation analysis report | Output violation operation analysis report | Y | R | |
Printing volume auditing report | Output print volume auditing report | Y | R | |
Legend: Y=No restriction, N=Cannot be used, R=Restricted, can be used within the range managed by department administrator
