A Device Access Policy represents an ACL (Access Control List) that defines which permission set the device should follow.
1. Manage Device Access Level
VSA 10 offers three different levels of access privileges to mobile devices so that you can grant specific permission levels to every individual device. What this means is that if you decide to add a new mobile device to monitor your network you can grant it a specific level of access to systems of your choice. At any time you can change a devices level of access. Not to mention, if the device is ever lost it can be removed or blocked.
About Device Access Policies
The BYOD (Bring Your Own Device) solution for IT departments relies heavily on Device Access Policies. A Device Access Policy represents an ACL (Access Control List) that defines which permission set the device should follow. VSA 10 offers three permission sets:
I. Full Access – granting unrestricted access to the monitored system
II. Read Only Access – granting access to the monitored system but denies all commands
III. No Access – prevents all access to the monitored system (including its notifications and report data)
Furthermore, Device Access Policies are also divided into two types:
I. Explicit Policy – affecting only one device
II. Default Policy – affecting all devices that don't have an explicit policy
To get started with Device Access Policies open VSA 10 Manager (Windows agent configurator app) and click on the “Manage Devices” button at the bottom of the screen.
You will be presented with a list of all devices registered under your account and allowing you to create or modify Device Access Policies.
Select a device then click on the Device Access Policy button on the bottom of the screen to create an explicit policy.
Remember to set the default access level that will be used for monitored systems that will be added after this policy is created. The policy will automatically add them with the default access level you configured.
Note: In order to prevent unauthorized changes to your Device Access Policies it's recommended you enable Two Step Authentication mechanism for your VSAX Account.
2. Multiple User Accounts
Set up user accounts for other team members to access different parts of your monitored network. You can add new users and assign them systems, edit existing users and delete users. This gives the possibility of revoking access to certain systems from a centralized place while giving the employee a dedicated VSA 10 account.
A common scenario for VSA 10 is to assign all monitored systems into a single account and then share the monitored systems with the IT departments that are in charge of them.
Note: Multiple accounts and associated accounts are only supported by the VSA 10 Enterprise Server. (change url when article is deployed publicly)
Account associations (system sharing) can be configured via VSA 10 Manager or VSA 10 Admin (VSA 10 Enterprise Server management app)
In this blog post we'll be creating an associated account from VSA 10 Admin but one can create associated accounts from the VSA 10 Manager in the Account Details dialog.
From the Account Details screen, in the Associated Accounts tab you will see all active account associations. By clicking on Add you can create a new association:
Notifications from shared systems can be optionally turned off if needed.
Note: Audit logging can be enabled for security critical accounts to log all commands sent to the systems. Commands sent from associated accounts are also logged and the associated account will be reported as the command sender.
I don’t believe this is a feature anymore for the agent.
The closest feature to this would be found in Account > Devices.