Global Rights Option Not Displayed When Easylock Role Is Assigned to Administrator
Symptom
When an Easylock administrator role is assigned to an administrator group, the Global rights option does not appear in the Device Control submenu.
Cause
This behavior is not a bug. It is the result of a feature request implemented in 2020 called Add department for EL. When an Easylock role is assigned to an administrator, the Global rights option is intentionally not displayed in the Device Control submenu.
For additional context, administrators assigned to one department can access and perform actions on USB devices that belong to another department within the Easylock module. This behavior is inconsistent with other modules, such as Report Logs or OTP, where department-based access restrictions are enforced.
Resolution
This is expected behavior by design. No action is required unless you want to change the current access model. If you need department-based access restrictions to be enforced in the Easylock module, contact Netwrix Support to submit a feature request.
Steps to Reproduce
- Log in to the Endpoint Protector console as the root administrator and use a client from your current department.
- Connect a USB device and manually deploy Easylock on it.
- Navigate to System Configuration > System Departments and create a new department.
- Go to System Configuration > System Administrators and create a new admin under the newly created department with no AD authentication, but with rights extended from the Easylock administration group.
- Log in to the Endpoint Protector console with the new admin.
- Navigate to Enforced Encryption > Easylock.
- Download a manually deployed Easylock from a device in your chosen department.
- Send a message to a connected device from your chosen department.
Expected Result
Access to devices and actions from other departments should be restricted unless explicitly extended, following the same behavior as in other modules (for example, Report Logs or OTP).