Control Manager user accounts allow administrators to specify which products or directories other users can access.
When administrators specify which products a user can access, the administrator is also specifying what information a user can access from Control Manager. The following information is affected: component information, logs, product summary information, security information, and information available for reports and log queries.
Bob and Jane are OfficeScan administrators. Both have identical user role permissions (they have access to the same menu items in the web console). However, Jane oversees operations for all OfficeScan servers. Bob only oversees operations for OfficeScan servers protecting desktops for the Marketing department. The information that they can view in the web console will be very different. Bob logs on and only sees information that is applicable to the OfficeScan servers that his Control Manager user account allows (the OfficeScan servers for the Marketing department). When Jane logs on, she sees information for all OfficeScan servers, because her Control Manager user account grants her access to all OfficeScan servers registered to Control Manager.
Add user accounts to do the following:
Allow administrators to specify which products or directories other users can access
Allow other users to log on to the Control Manager web console
Allow administrators to specify the user on the recipient list for notifications
Allow the administrator to add the user to user groups.
Trend Micro suggests configuring user role and user account settings in the following order:
Specify which products/directories the user can access (step 4 of Editing a User Account).
Specify the user role for the user account (step 4 of Editing a User Account).
When adding a user account, you need to provide information to identify the user, assign a user role, and set folder access rights.
Active Directory users cannot have their accounts disabled from Control Manager. To disable an Active Directory user, you must disable the account from the Active Directory server.