How do I configure user permissions for Server & Workload Protection

Procedure

1. In your Trend Vision One console, go to Administration → User Roles.
2. Add or edit a custom user role:
   • To add a new custom user role, click + Add Role.
   • To edit a custom user role, select the custom user role and click the Edit icon.

     Note To view only custom user roles, select Role Type: → Custom. You cannot add or edit a predefined role.

   The Custom Role Setting panel opens.
3. On the General information tab, specify the role name and description.
4. On the Permissions tab, select permissions to grant to the role.
   The follow steps are specifically for Server & Workload Protection. You can add additional permissions as needed for your users.
   1. Under Security Functions, locate Endpoint Security → Server & Workload Protection.
   2. Select an access level, or select individual items to customize access.
      Reference the table below for common scenarios and frequently asked configurations.

      Scenario	Description	Permissions
      View only	Allow users to only view Server & Workload Protection settings, but not edit	Select Read-Only for Server & Workload Protection
      Full access	Allow users complete control to view and edit settings	Select Full Access for Server & Workload Protection
      Manage spyware/grayware exclusion list	Allow users to manage the spyware/grayware exclusion list, including setting identified spyware to "allow" from the event logs screen	Must include the following permissions: Other Rights → System Settings (Global) select all permissions

5. On the Data and App Assets tab, select an asset visibility scope or create a new scope for each Trend Vision One app.

   Important Make sure the user role you are creating is assigned to an asset visibility scope that includes the Server & Workload Protection Manager instance you want the role to have access to manage. Users cannot manage assets if they do not have visibility.

6. Click Save.