Procedure

1. Navigate to Administration → User Roles.
2. Click Add. If the role you want to create has similar settings with an existing role, select the existing role and click Copy. A new screen appears.
3. Type a name for the role and optionally provide a description.
4. Define the client tree scope.
   1. Click Define Client Tree Scope. A new screen opens.
   2. Select the root domain icon (), or one or several domains in the client tree.
   3. Click Save.

   Note You will not be able to save a custom role if you do not define the client tree scope.

   Only the domains have been defined at this point. The level of access to the selected domains will be defined in step 6 and step 7.
5. Click the Global Menu Items tab.
6. Click Menu Items for Servers/Clients and specify the permission for each available menu item. For a list of available menu items, see Menu Items for Servers and Clients.
   The client tree scope you configured in step 3 determines the level of permission to the menu items and defines the targets for the permission. The client tree scope can either be the root domain (all clients) or specific client tree domains.

   Menu Items for Server/Clients and Client Tree Scope

   Criteria	Client Tree Scope
   	Root Domain	Specific Domains
   Menu item permission	Configure, View, or No Access	View or No Access
   Target	OfficeScan server and all clients For example, if you grant a role "Configure" permission to all menu items for servers/clients, the user can: Manage server settings, tasks, and data Deploy global client settings Initiate global client tasks Manage global client data	OfficeScan server and all clients For example, if you grant a role "Configure" permission to all menu items for servers/clients, the user can: View server settings, tasks, and data View global client settings, tasks, and data

   • Some menu items are not available to custom roles. For example, Plug-in Manager, User Roles, and User Accounts are only available to users with the built-in administrator role.
   • If you select the check box under Configure, the check box under View is automatically selected.
   • If you do not select any check box, the permission is "No Access".
7. Click Menu items for managed domains and specify the permission for each available menu item. For a list of available menu items, see .
   The client tree scope you configured in step 3 determines the level of permission to the menu items and defines the targets for the permission. The client tree scope can either be the root domain (all clients) or specific client tree domains.

   Menu Items for Managed Domains and Client Tree Scope

   Criteria	Client Tree Scope
   	Root Domain	Specific Domains
   Menu item permission	Configure, View, or No Access	Configure, View, or No Access
   Target	All or specific clients Examples: If a user deployed firewall policies, the policies will be deployed to all clients. The user can initiate manual client update on all or specific clients. A compliance report can include all or specific clients.	Clients in the selected domains Examples: If a user deployed firewall policies, the policies will only be deployed to clients in the selected domains. The user can initiate manual client update only on clients in the selected domains. A compliance report only includes clients in the selected domains.

   • If you select the check box under Configure, the check box under View is automatically selected.
   • If you do not select any check box, the permission is "No Access".
8. Click the Client Management Menu Items tab and then specify the permission for each available menu item. For a list of available menu items, see .
   The client tree scope you configured in step 3 determines the level of permission to the menu items and defines the targets for the permission. The client tree scope can either be the root domain (all clients) or specific client tree domains.

   Client Management Menu Items and Client Tree Scope

   Criteria	Client Tree Scope
   	Root Domain	Specific Domains
   Menu item permission	Configure, View, or No Access	Configure, View, or No Access
   Target	Root domain (all clients) or specific domains For example, you can grant a role "Configure" permission to the "Tasks" menu item in the client tree. If the target is the root domain, the user can initiate the tasks on all clients. If the targets are Domains A and B, the tasks can only be initiated on clients in Domains A and B.	Only the selected domains For example, you can grant a role "Configure" permission to the "Settings" menu item in the client tree. This means that the user can deploy the settings but only to the clients in the selected domains.
   	The client tree will only display if the permission to the "Client Management" menu item in "Menu Items for Servers/Clients" is "View".

   • If you select the check box under Configure, the check box under View is automatically selected.
   • If you do not select any check box, the permission is "No Access".
   • If you are configuring permissions for a specific domain, you can copy the permissions to other domains by clicking Copy settings of the selected domain to other domains.
9. Click Save. The new role displays on the User Roles list.