7.1 Controlling Access to the Compliance Auditor

Roles can be used to restrict the Compliance Auditor options available to Framework users. For example, you might want users to be able to audit events, but not administer rules, ACLs, or reports.

To define roles for a user group to control use of the Compliance Auditor:

  1. Click Framework User Manager on the home page of the console.

  2. (Conditional) To add a new group, click Groups > Add Group, specify a name, then click Finish.

  3. To modify an existing group or configure the group you just created, select the group, then click Modify Group.

  4. Select the users you want to be members of this compliance auditing group.

  5. In the Roles option, click Add, then add the following roles

    Module

    Role

    Description

    secaudit

    console

    View the Compliance Auditor console.

    secaudit

    audit

    View and edit records.

    secaudit

    <audit role name>

    (Optional) Allows the users to access records generated by the rules configured to use this Audit Role.

    If you do not add the <audit role name> role, the users can only access records generated by rules with no Audit Role defined.

    audit

    read

    View a keystroke replay.

    Users belonging to this group can access the Compliance Auditor console, view and edit records, and review keystroke logs. If you do not add the <audit role name> role, the users can access all records. If you add the <audit role name> role, the users can access only the records generated by the rules configured to use this Audit Role.

    With these roles, the users cannot manage rules, reports, or ACLs. For the roles required for these additional tasks, see Compliance Auditor Roles.

  6. Click Finish.

  7. To continue setting up the Compliance Auditor, see Section 7.2.1, Adding or Modifying an Audit Rule.